Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

I. Introduction

This document is the head document of all specifications and discussions regarding levels of assurance (LOA) in CAS clients and server.

The LOA is the confidence the CAS server has in the given credentials to say who the principal is.

 

II. Roadmap

The implementation of the LOA in CAS server / client is a huge job, which will be done in two major steps.

A. Step 1

1) Minimal mechanism of LOA in CAS server and LOA requested by clients

LOA policy definition, handlers definition, update of the service ticket validation response

2) LOA definition in CAS services

UI evolution, LOA mechanism enhancement in CAS server

3) Credentials gathering and user interaction

User / system credentials gathering and user interaction (ex : login page), LOA mechanism enhancement in CAS server

4) Returning LOA information on regular CAS service ticket validation (/serviceValidate url)

To do with the CAS protocol revision

B. Step 2

1) Generalization of LPPE feature as "interrupt screens"

2) Returning SAML information to clients (/samlValidate url)

3) Support of SAML authentication requests as input to request LOA

 

III. Specifications - Discussions

A. First step

First LOA spec : first proposal with many chats / discussions inside : First Level Of Assurance Specification - Discussions

LOA examples : many LOA use cases : Example LOA Use Cases

Second LOA spec : second proposal based on the first proposal ("same ideas but different implementations") : Second Level Of Assurance Specification

B. Second step

TODO

 

  • No labels