Smith, Matt wrote: > UConn is inverting what you describe -- instead of using CAS for webdav, > etc, use a mechanism (Kerberos/LDAP) better suited for those non > browser-based services, and then use CAS to easily extend those > mechanisms to the browser environment.
Yes, that would be my preference as well rather than having to bend so many things to integrate with CAS. Out of curiosity, how do you structure your LDAP ? Typically I use Acegi for access control of resources within webapp through the basic acl modules (will switch on later to the new acl modules once I get a grip of it and if it is worth it). I'm using AOP to control access to domain objects and check if the user has the appropriate acls So ideally (but not necessarily) would need to store those acls into ldap and of course have other systems able to interpret those acls(which are application specific, as resources depend on applications) I guess I'm opening a whole can of worms here since it acls are probably the hardest part to get right/maintain, assuming there is a general 'get it right' for this :) -- stephane _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
