CAS

CAS

1. Code Access Security. The security mechanism used in the Microsoft CLR. CAS works by assigning trust levels (i.e. permissions) to software code (rather than the traditional model of assigning permissions by user).

For more information see:

• http://msdn.microsoft.com/en-gb/magazine/cc301467.aspx - Security in .NET: Enforce Code Access Rights (CAS) with the Common Language Runtime (CLR).

2. Central Authentication Service. An open-source service providing single sign-on, this allows web applications to authenticate users against a trusted central server. This trusted central server is known as the CAS server and is responsible for authenticating users, providing the identities of authenticated users and for certifying the identities of authenticated uers.

A web application using CAS will redirect an unauthenticated visitor to the CAS server where the user will be authenticated (typically via a user-name and password login). Once this authentication step has been passed the user is redirected back to the original website together with a ticket, the web application then opens a secure connection to the CAS server to authenticate the ticket and retrieve the identity of the visitor.

For more information see:

• www.jasig.org/cas - CAS project home page.
• http://everything.explained.at/Central_Authentication_Service - CAS explained.