Table of Contents
The Community Authorization Service (CAS) allows a virtual organization to express policy regarding resources distributed across a number of sites. A CAS server issues assertions to the virtual organization users, granting them fine-grained access rights to resources. Servers recognize and enforce the assertions. CAS is designed to be extensible to multiple services and is currently supported by the GridFTP server and web services.
Features new in GT 4.2.1:
- Support for OGSA-AuthZ Authorization Service interface
- Support for managing web services policy.
Other Supported Features
- File-level access control for GridFTP
- Issuance of SAML authorization decisions
Deprecated Features
- None
- Bug 6249: Upgrade Derby version
The following problems and limitations are known to exist for CAS at the time of the 4.2.1 release:
The CAS service depends on the following GT components:
- WS Authentication and Authorization
- Java WS Core
The CAS GridFTP authorization module depends on the following GT components:
- Non-WS Authentication and Authorization
The CAS service depends on the following 3rd party software:
- OpenSAML
The CAS GridFTP authorization module depends on the following 3rd party software:
- libxml
Tested Platforms for CAS
- Windows XP
- Linux (Red Hat 7.3)
Tested Containers for CAS
- Java WS Core container
- Tomcat 5.0.30
CAS has been updated to use the latest version of Java WS Core, which now supports the final version of WSRF/WSN specification.. This service is not compatible with the previous stable versions, GT 4.0.x
Fixed SAML assertions embedded in proxy to comply with RFC 3820 requirements. CAS assertions generated by default in GT 4.0.x will not be consumed by GT 4.2.x services that use assertions.
Associated standards for CAS:
Click here for more information about this component.