Team, I have started to think that maybe it's appropriate for the CAS server to include a basic and yet extensible API for role-based access control. This seems like a feature that is often requested, that we have a solid use case for and for the majority of cases, a simple implementation may just suffice. Unicon has an addon on Github [1] that accomplishes this on a per-service basis, has been deployed plenty of times and so for what it's worth, it's been through the test of time [2]. I would like to start with that foundation and build on top of it.
The existing addon refuses to grant STs to a service if a configured principal attribute fails to match a given value (or a set of values possibly). At the same time, there are authz-like flags built into the current service model that disable a service entirely, or disable it from participating in SSO. It might be appropriate to combine all 3 cases into an upper-level component that can also further be extended to cover more complicated cases. Relevant? Agreeable? Misagh [1] https://github.com/Unicon/cas-addons/wiki/Role-Based-Services-Authorizatio n [2] No references to Patti Austin. -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
