I. Introduction
This document is the head document of all specifications and discussions regarding levels of assurance (LOA) in CAS clients and server.
The LOA is the confidence the CAS server has in the given credentials to say who the principal is.
II. Roadmap
The implementation of the LOA in CAS server / client is a huge job, which will be done in two major steps.
A. Step 1
1) Minimal mechanism of LOA in CAS server and LOA requested by clients
LOA policy definition, handlers definition, update of the service ticket validation response
2) LOA definition in CAS services
UI evolution, LOA mechanism enhancement in CAS server
3) Credentials gathering and user interaction
User / system credentials gathering and user interaction (ex : login page), LOA mechanism enhancement in CAS server
B. Step 2
1) Generalization of LPPE feature as "interrupt screens"
2) Returning SAML information to clients
3) Support of SAML authentication requests as input to request LOA
III. Specifications - Discussions
A. First step
First LOA spec : first proposal with many chats / discussions inside : First Level Of Assurance Specification - Discussions
LOA examples : many LOA use cases : Example LOA Use Cases
Second LOA spec : second proposal based on the first proposal ("same ideas but different implementations") : Second Level Of Assurance Specification
B. Second step
TODO