Previous versions of CAS used a Form into which the user typed a userid and password. CAS 3 should support the addition of plugins that support other forms of authentication. This is a discussion of each method of authentication, a processing model, the information returned about the user, and any error conditions expected.
Real authentication methods that might be used now:
Client Certificate over SSL
NTLM
Bad authentication methods that are obvious:
Cookie
Match IP address from a table
Future possible methods to be considered in the design but not coded:
IPSEC
Kerberos
XML Signature