Level Of Assurance - Head document

Owned by Jérôme LELEU
Last updated: Oct 03, 2012
1 min read

I. Introduction

This document is the head document of all specifications and discussions regarding levels of assurance (LOA) in CAS clients and server.

The LOA is the confidence the CAS server has in the given credentials to say who the principal is.

 

II. Roadmap

The implementation of the LOA in CAS server / client is a huge job, which will be done in two major steps.

A. Step 1

1) Minimal mechanism of LOA in CAS server and LOA requested by clients

LOA policy definition, handlers definition, update of the service ticket validation response

2) LOA definition in CAS services

UI evolution, LOA mechanism enhancement in CAS server

3) Credentials gathering and user interaction

User / system credentials gathering and user interaction (ex : login page), LOA mechanism enhancement in CAS server

4) Returning LOA information on regular CAS service ticket validation (/serviceValidate url)

To do with the CAS protocol revision

5) Upgrading CAS clients

Start by CAS client to make it able to send loa requests then upgrade Spring Security & Shiro clients

B. Step 2

1) Generalization of LPPE feature as "interrupt screens"

2) Returning SAML information to clients (/samlValidate url)

3) Support of SAML authentication requests as input to request LOA

 

III. Specifications - Discussions

A. First step

First LOA spec : first proposal with many chats / discussions inside : First Level Of Assurance Specification - Discussions

LOA examples : many LOA use cases : Example LOA Use Cases

Second LOA spec : second proposal based on the first proposal ("same ideas but different implementations") : Second Level Of Assurance Specification

B. Second step

TODO