CAS vs Auth
49 views
Skip to first unread message
DJ
Feb 21, 2009, 8:31:15 PM2/21/09
to web2py Web Framework
Hi there,
I have used CAS previously for single-sign and it worked well. Whats
recommended now? Auth or CAS?
I would like to have authentication to do record level edit/updates
and have the same user login for multiple apps? Can I do this in Auth?
Thanks,
Sebastian
I have used CAS previously for single-sign and it worked well. Whats
recommended now? Auth or CAS?
I would like to have authentication to do record level edit/updates
and have the same user login for multiple apps? Can I do this in Auth?
Thanks,
Sebastian
mdipierro
Feb 22, 2009, 12:16:56 AM2/22/09
to web2py Web Framework
Right now they serve two distinct purpose.
CAS does single sign on but no access control
Auth does basic authentication and group based access control.
It would be possible to implement authentication on CAS and/or
implement CAS using Auth.
A more ambitious goal is to extend CAS to support distributed group
based access control. The CAS protocol does not provide that
functionality so we either have to invent a new protocol or do some
literature search on the topic and look for existing standard.
Whatever we do if you need group based access control, you cannot do
that with CAS.
Massimo
CAS does single sign on but no access control
Auth does basic authentication and group based access control.
It would be possible to implement authentication on CAS and/or
implement CAS using Auth.
A more ambitious goal is to extend CAS to support distributed group
based access control. The CAS protocol does not provide that
functionality so we either have to invent a new protocol or do some
literature search on the topic and look for existing standard.
Whatever we do if you need group based access control, you cannot do
that with CAS.
Massimo
notabene
Feb 23, 2009, 8:06:37 AM2/23/09
to web2py Web Framework
Integrated Authentication and Authorization Infrastructure systems
tend to be very complex.
The standard I suppose is defined by OASIS in the "Security Assertion
Markup Language" (SAML http://en.wikipedia.org/wiki/SAML).
An easy demo of the User-experience is given here: http://www.switch.ch/aai/demo/easy.html
But the framework ("Shibboleth") is java and quite complex.
Here is a list of software supporting SAML 2.0:
http://docs.feide.no/fs-0048-1.3-en.html#txt-0078-SW-alternatives
tend to be very complex.
The standard I suppose is defined by OASIS in the "Security Assertion
Markup Language" (SAML http://en.wikipedia.org/wiki/SAML).
An easy demo of the User-experience is given here: http://www.switch.ch/aai/demo/easy.html
But the framework ("Shibboleth") is java and quite complex.
Here is a list of software supporting SAML 2.0:
http://docs.feide.no/fs-0048-1.3-en.html#txt-0078-SW-alternatives
mdipierro
Feb 23, 2009, 10:19:04 AM2/23/09
to web2py Web Framework
Thanks. I will look into that
On Feb 23, 7:06 am, notabene <niels...@gmail.com> wrote:
> Integrated Authentication and Authorization Infrastructure systems
> tend to be very complex.
>
> The standard I suppose is defined by OASIS in the "Security Assertion
> Markup Language" (SAMLhttp://en.wikipedia.org/wiki/SAML).
On Feb 23, 7:06 am, notabene <niels...@gmail.com> wrote:
> Integrated Authentication and Authorization Infrastructure systems
> tend to be very complex.
>
> The standard I suppose is defined by OASIS in the "Security Assertion
DJ
Feb 23, 2009, 2:58:22 PM2/23/09
to web2py Web Framework
Thank you both for the responses. I am beginning to use web2py for
corporate applications and having enterprise strength authentication
as a pluggable app will be very useful.
On Feb 23, 8:06 am, notabene <niels...@gmail.com> wrote:
> Integrated Authentication and Authorization Infrastructure systems
> tend to be very complex.
>
> The standard I suppose is defined by OASIS in the "Security Assertion
> Markup Language" (SAMLhttp://en.wikipedia.org/wiki/SAML).
corporate applications and having enterprise strength authentication
as a pluggable app will be very useful.
On Feb 23, 8:06 am, notabene <niels...@gmail.com> wrote:
> Integrated Authentication and Authorization Infrastructure systems
> tend to be very complex.
>
> The standard I suppose is defined by OASIS in the "Security Assertion
Reply all
Reply to author
Forward
0 new messages