Hey Carl, You're absolutely correct: this could probably be done using Proxy Tickets, but we want to prevent the average user from being able to make high-level requests, and therefore lock the API down for most users.
Imagine that we have a webapp that needs to import a document into this storage solution -- we don't want users to be able to do that with their own credentials (since they could start poking around on their own and easily create a malformed request which sends bad data) so we would use this library to do it for them as another user who DOES have that privilege. Another scenario would be a desktop application or windows service that needs to contact this API -- this seems like the best way to get through the CAS barrier. Thanks, Eric -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
