- This topic has 2 replies, 3 voices, and was last updated 8 years, 8 months ago by bpietrewicz.
-
AuthorPosts
-
-
March 24, 2016 at 8:39 am #571recooperParticipant
Identity management has a very broad scope with two major components 1. Identity and access management (accounts) 2. Systems integration. The CAS SLA is meant to address the one of the many possible systems integration components. Additional services are available to address the systems integration component such as Active Directory.
- This topic was modified 8 years, 9 months ago by recooper.
Attachments:
-
April 1, 2016 at 9:56 am #675elishaParticipant
CAS is definitely an Authorization service. I’m not sure it qualifies as an Identity Management service.
Given the increased adoption of AD, what is the long term plan for CAS? Is there a convergence between the two services planned? If CAS is to continue, is there a documented way that we can address the secondary authorization question for sites and services using CAS using group membership?
Where does LDAP fit into the service boundaries of CAS and AD?
-
April 1, 2016 at 2:51 pm #684bpietrewiczKeymaster
The answers to these questions are complicated but I will attempt to simplify:
Q: CAS is definitely an Authorization service. I’m not sure it qualifies as an Identity Management service.
A: Agreed. CAS is actually not authorization. It is authentication. CAS is listed as IDM because it is one of the tools that can be used to integrated systems to be able to use NetID. If you have an application that you would like to authenticate using NetID, CAS of one of the tools available to do that.
Q: Given the increased adoption of AD, what is the long term plan for CAS? Is there a convergence between the two services planned? If CAS is to continue, is there a documented way that we can address the secondary authorization question for sites and services using CAS using group membership?
A: CAS is a pass through mechanism for Authenticating NetID’s. Currently it points at LDAP but it can be pointed of AD as well. AD and LDAP are synchronized so either will handle authentication for NetID’s. CAS only does authentication. It does not do authorization. Therefore it does not take advantage of groups. If you have an application that needs external authorization (groups), it would need to be integrated with AD or LDAP.
Q: Where does LDAP fit into the service boundaries of CAS and AD?
A: CAS is tied to the NetID SLA in terms of boundaries in that it authenticates NetID’s.
I realize the answers to these questions are confusing/complicated. If you have additional questions regarding how to authenticate or authorize an application or system using NetID, please put in a service request and we will walk you through the options.
-
-
AuthorPosts
- The topic ‘Identity Management – Central Authentication Service (CAS)’ is closed to new replies.