...
CAS is a trusted 3rd party that can provide Assertions to a Service concerning the authenticity of a Principal. The Service makes a local decisions decision about the authenticity of a Principal based on these Assertions and without direct access to primary Credentials.
...
A Service with delegated authority, in the form of a TicketGrantingTicket, can ask CAS, to grant a ServiceTicket for a particular target Service. The target Service can use the ServiceTicket to request proof that the prior Service has been given the authority to act on behalf of a Principal. Proof, in the form of an Assertion, is transfered when the target Service asks CAS to validate the ServiceTicket. The Assertion will provide a chain of Principals as proof of delegated authority. The Service will make a local decision based on the Assertion as to the authenticity of the delegated authority and of each Principal in the chain without having direct access to any Credentials.
...