Eric Pierce

Owned by ScottS
Last updated: Aug 12, 2008Version comment
1 min read

I'd like to throw my hat in the ring for the CAS steering committee. I started working with it about a year ago and implemented it here at USF for our GoogleApps roll-out back in January. I've been a UNIX admin here for over 10 years, but I've recently been put in charge of the Identity Management group. One of my major goals is to implement CAS across all systems at USF which is going along very well. Everyone has been really impressed with CAS, but I think it can improve in 3 key areas:

Audit/Compliance

  • Enforcement of password policies & support for displaying alerts for passwords that will soon expire
  • An auditing interface for displaying when/where a user logged in from and what services they accessed (this is really for Inspektr, not strictly CAS)
  • Support for role-based credentials policies (i.e. identities with role "admin" require two-factor authentication)

Service Management

  • Role-based authorization (i.e. identities with role of "student" are not allowed to access this service)
  • Service-based credential policies (i.e. service X requires two-factor authentication)

Federation

  • Support for SAML2 as an IdP and SP – We're in the process of joining InCommon, so I'm already running a Shibboleth IdP, but doing
    everything in CAS would be simpler.

I'm really excited about the future of CAS and whether I'm on the steering committee or not, I'll help in any way that I can. CAS is now the official SSO solution for USF, so you can count on our support going forward.