Hi Folks, I hope this is an appropriate post for this list. My apologies if it is not.
The Identity Management team at Cornell University is in the midst of some strategy discussions having to do with the future of our AuthN infrastructure. We've assembled a brief list of questions about the CAS experience and would be much obliged if anyone cares to provide some answers for us from the vantage point of another institution. Background: we are planning to do a re-write of our current webauth software but have been asked to contact peer institutions who are using CAS (instead of, say, Stanford WebAuth, CoSine, pubcookie, other...) and learn a little more about experiences with CAS when applied to other environments. Disclaimer: Hip-shot answers and first impressions in-line are fine; this is not intended to be an essay test; it will not be published; you will not be quoted directly beyond our immediate development team, feel free to skip any questions which you find uninteresting or which do not apply to your situation. Regards, Tom Parker Project Manager IT Security Office, Identity Management, Cornell University [EMAIL PROTECTED] (607) 255-7521 (desk) (607) 227-6696 (mobile) ---begin brief-ish list--- 1.) What were the key factors in your decision to use CAS? 2.) How many services are using CAS? 3.) Are you aware of anyone planning to deploy CAS who has changed course or has decided to replaced it? 4.) What authentication db are you using? 5.) How many active users does it contain? 6.) Were any modifications to CAS required for use in your environment? 7.) What was your deployment experience like? -Approx. time for deployment of central infrastructure? -Approx. time per service for deployment? -Approx. FTEs for deployment of central infrastructure? -Approx. FTEs per service? 8.) What has been your experience with ongoing support and maintenance? -Approx. FTEs for maintenance of central infrastructure? -Approx. FTEs for maintenance per service? 9.) What mechanisms do you use for authorization on your campus? 10.) What are you doing to control access to static web content on your campus? 11.) Were any technologies or systems particularly hard or easy to integrate with CAS? 12.) Have you been able to adapt CAS use for any vendor applications and, if so, how many (and/or which)? 13.) In your environment, is CAS used for application-to-application authentication and in particular for multi-tier applications/systems? 14.) Have you integrated CAS with Apache servers that serve content other than JSP apps? 15.) POST data support: How have you dealt with web applications that need to authenticate via CAS on http POST transactions? 16.) What sort of average and peak load does your authentication service experience? 17.) What has been your experience with the performance of CAS? 18.) How many servers are you currently using to run CAS at your institution? 19.) What server hardware are you using? 20.) Does your central authentication system protect: -Financial data? -Student records? -data protected by HIPPA? -data protected by FERPA? 21.) We’re also interested in your experience with the CAS community. More specifically, has the CAS community met your expectations in the following areas? -support -feature requests -contributions ---end list--- _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
