...
We consider the future of CAS to include support for SAML. To ensure this, the AuthenticationResult object needs to represent all information which might be needed for SAML assertions about authentication such as time and context.
Example
*In CAS 2 a service can request "renew=true" as part of the redirect to CAS and can ensure that in the process of acquiring a valid ticket the user was required to supply primary credentials.
*In CAS 3 the function can be greatly expanded to allow the service to request a type of authentication. For example imagine an aplication which only trusts user with client certificates not just those who know their password. In CAS3 the service would have the means through redirect and validate to ensure that its service ticket is derived from an authentication which included a valid client certificate.