Integrated Authentication and Authorization Infrastructure systems tend to be very complex.
The standard I suppose is defined by OASIS in the "Security Assertion Markup Language" (SAML http://en.wikipedia.org/wiki/SAML). An easy demo of the User-experience is given here: http://www.switch.ch/aai/demo/easy.html But the framework ("Shibboleth") is java and quite complex. Here is a list of software supporting SAML 2.0: http://docs.feide.no/fs-0048-1.3-en.html#txt-0078-SW-alternatives On Feb 22, 6:16 am, mdipierro <mdipie...@cs.depaul.edu> wrote: > Right now they serve two distinct purpose. > > CAS does single sign on but no access control > > Auth does basic authentication and group based access control. > > It would be possible to implement authentication on CAS and/or > implement CAS using Auth. > > A more ambitious goal is to extend CAS to support distributed group > based access control. The CAS protocol does not provide that > functionality so we either have to invent a new protocol or do some > literature search on the topic and look for existing standard. > Whatever we do if you need group based access control, you cannot do > that with CAS. > > Massimo > > On Feb 21, 7:31 pm, DJ <sebastianjaya...@gmail.com> wrote: > > > Hi there, > > > I have used CAS previously for single-sign and it worked well. Whats > > recommended now? Auth or CAS? > > > I would like to have authentication to do record level edit/updates > > and have the same user login for multiple apps? Can I do this in Auth? > > > Thanks, > > Sebastian --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
