CAS: Developer's Guide
This document is an overview of the CAS server and its functionality. It is intended to help you understand the features of the current implementation and throws light on permissions, assertion generation and querying capability in CAS.
The server basically has users, actions and objects and policies governing the access to the objects for the users to perform specific actions. To better serve the requirements of a VO, the server allows grouping of users, actions and objects. This also facilitates specifiying policies about them with ease. The CAS server can be thought of as the front-end to a database that maintains state about such community permissions. The effect of each CAS request is either to modify this state or query it.
The server has two additional characteristics,
- some query results are signed. Such signed results can be used for authorization
at resources and other policy enforcement points that acknowledge such credentials.
- the same database is used to maintain information to control authorization decision for the CAS server.