I'd like to throw my hat in the ring for the CAS steering committee.
I started working with it about a year ago and implemented it here at
USF for our GoogleApps roll-out back in January. I've been a UNIX
admin here for over 10 years, but I've recently been put in charge of
the Identity Management group. One of my major goals is to implement
CAS across all systems at USF which is going along very well.
Everyone has been really impressed with CAS, but I think it can
improve in 3 key areas:
Audit/Compliance
- Enforcement of password policies & support for displaying alerts for
passwords that will soon expire - An auditing interface for displaying when/where a user logged in
from and what services they accessed (this is really for Inspektr, not
strictly CAS) - Support for role-based credentials policies (i.e. identities with
role "admin" require two-factor authentication)
Service Management
- Role-based authorization (i.e. identities with role of "student" are
not allowed to access this service) - Service-based credential policies (i.e. service X requires
two-factor authentication)
Federation
- Support for SAML2 as an IdP and SP – We're in the process of
joining InCommon, so I'm already running a Shibboleth IdP, but doing
everything in CAS would be simpler.
...