Prev Part . GT 4.1.1: Community Authorization Service (CAS) Next

GT 4.1.1 CAS Release Notes

Table of Contents

1. Component Overview
2. Feature Summary
3. Changes Summary
4. Internationalization
5. Bug Fixes
6. Known Problems
6.1. Limitations
6.2. Known Bugs
7. Technology Dependencies
8. Tested Platforms
9. Backward Compatibility Summary
10. Associated Standards
11. For More Information

1. Component Overview

CAS allows a virtual organization to express policy regarding resources distributed across a number of sites. A CAS server issues assertions to the virtual organization users, granting them fine-grained access rights to resources. Servers recognize and enforce the assertions. CAS is designed to be extensible to multiple services and is currently supported by the GridFTP server and web services.

2. Feature Summary

Features new in GT 4.1.1:

  • Support for OGSA-AuthZ Authorization Service interface
  • Support for managing web services policy.

Other Supported Features

  • File-level access control for GridFTP
  • Issuance of SAML authorization decisions

Deprecated Features

  • None

3. Changes Summary

The following changes have occurred for CAS since the last stable release, 4.0.4:

  • Added a implicit namespace casDefaultNS, which is treated as a special namspace with no base name and exact comparison algorithm.

  • Grant all access to created groups disables: The previous versions of CAS allowed granting newly created groups grantAll access to itself. This feature has been disabled so that recursive permission issues are prevented.

  • Update to OpenSAML 1.1: The service has been updated to use OpenSAML 1.1.

  • Command line client options: The command line client options have been changed to use options that are standard across the toolkit. Note that all features that were supported before are still supported, but some of the option names have changed.

  • Allow both a push from the client and a pull from the server model for the CAS deployment

  • CAS as Local Policy Decision Point

4. Internationalization

The CAS service code has been internationalized.

5. Bug Fixes

  • Bug 3259: Error parsing environment variables set for CAS clients.
  • Bug 3371: CAS group delete fails if grant all permissions is made on newly created group.
  • Bug 3648: CAS server not prepending ftp://<hostname> to the resource in the assertion
  • Bug 3947: CAS Service must release all of its resources on deactivation
  • Bug 4776: bundle making error in trunk

6. Known Problems

The following problems and limitations are known to exist for CAS at the time of the 4.1.1 release:

6.1. Limitations

No known limitations

6.2. Known Bugs

7. Technology Dependencies

The CAS service depends on the following GT components:

  • WS Authentication and Authorization
  • Java WS Core

The CAS GridFTP authorization module depends on the following GT components:

  • Pre-WS Authentication and Authorization

The CAS service depends on the following 3rd party software:

  • OpenSAML

The CAS GridFTP authorization module depends on the following 3rd party software:

  • libxml

8. Tested Platforms

Tested Platforms for CAS

  • Windows XP
  • Linux (Red Hat 7.3)

Tested Containers for CAS

  • Java WS Core container
  • Tomcat 5.0.30

9. Backward Compatibility Summary

This section is not applicable for development releases.

10. Associated Standards

Associated standards for CAS:

11. For More Information

Click here for more information about this component.

Prev Up Next
Part . GT 4.1.1: Community Authorization Service (CAS) Home GT 4.1.1 CAS Admin Guide