Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Corrected links that should have been relative instead of absolute.

I'd like to throw my hat in the ring for the CAS steering committee.
I started working with it about a year ago and implemented it here at
USF for our GoogleApps roll-out back in January. I've been a UNIX
admin here for over 10 years, but I've recently been put in charge of
the Identity Management group. One of my major goals is to implement
CAS across all systems at USF which is going along very well.
Everyone has been really impressed with CAS, but I think it can
improve in 3 key areas:

Audit/Compliance

  • Enforcement of password policies & support for displaying alerts for
    passwords that will soon expire
  • An auditing interface for displaying when/where a user logged in
    from and what services they accessed (this is really for Inspektr, not
    strictly CAS)
  • Support for role-based credentials policies (i.e. identities with
    role "admin" require two-factor authentication)

Service Management

  • Role-based authorization (i.e. identities with role of "student" are
    not allowed to access this service)
  • Service-based credential policies (i.e. service X requires
    two-factor authentication)

Federation

  • Support for SAML2 as an IdP and SP – We're in the process of
    joining InCommon, so I'm already running a Shibboleth IdP, but doing
    everything in CAS would be simpler.

I'm really excited about the future of CAS and whether I'm on the
steering committee or not, I'll help in any way that I can. CAS is
now the official SSO solution for USF, so you can count on our support
going forward.