- Doc Structure
- A Globus Primer
- Globus Is Modular!
- Installing GT
- Platform Notes
- Migrating from GT2
- Migrating from GT3
- PDF version
- Best Practices
- Coding Guidelines
- API docs
- Public Interfaces
- Resource Properties
- Performance Studies
Table of Contents
CAS allows a virtual organization to express policy regarding resources distributed across a number of sites. A CAS server issues assertions to the virtual organization users, granting them fine-grained access rights to resources. Servers recognize and enforce the assertions. CAS is designed to be extensible to multiple services and is currently supported by the GridFTP server and web services.
Features new in GT 4.1.1:
- Support for OGSA-AuthZ Authorization Service interface
- Support for managing web services policy.
Other Supported Features
- File-level access control for GridFTP
- Issuance of SAML authorization decisions
The following changes have occurred for CAS since the last stable release, 4.0.4:
Added a implicit namespace casDefaultNS, which is treated as a special namspace with no base name and exact comparison algorithm.
Grant all access to created groups disables: The previous versions of CAS allowed granting newly created groups grantAll access to itself. This feature has been disabled so that recursive permission issues are prevented.
Update to OpenSAML 1.1: The service has been updated to use OpenSAML 1.1.
Command line client options: The command line client options have been changed to use options that are standard across the toolkit. Note that all features that were supported before are still supported, but some of the option names have changed.
- Bug 3259: Error parsing environment variables set for CAS clients.
- Bug 3371: CAS group delete fails if grant all permissions is made on newly created group.
- Bug 3648: CAS server not prepending ftp://<hostname> to the resource in the assertion
- Bug 3947: CAS Service must release all of its resources on deactivation
- Bug 4776: bundle making error in trunk
The following problems and limitations are known to exist for CAS at the time of the 4.1.1 release:
The CAS service depends on the following GT components:
- WS Authentication and Authorization
- Java WS Core
The CAS GridFTP authorization module depends on the following GT components:
- Pre-WS Authentication and Authorization
The CAS service depends on the following 3rd party software:
The CAS GridFTP authorization module depends on the following 3rd party software:
Tested Platforms for CAS
- Windows XP
- Linux (Red Hat 7.3)
Tested Containers for CAS
- Java WS Core container
- Tomcat 5.0.30
Associated standards for CAS:
Click here for more information about this component.