Software Links
Getting Started
- Doc Structure
- A Globus Primer
- Globus Is Modular!
- Quickstart
- Installing GT
- Platform Notes
- GT Developer's Guide
- GT User's Guide (coming soon)
- Migrating from GT2
- Migrating from GT3
Reference
- Best Practices
- Coding Guidelines
- API docs
- Public Interfaces (coming soon)
- Resource Properties
- Samples
- Glossary
- Performance Studies (coming soon)
Manuals
Common Runtime
Security
- Non-WS (General) Security
- WS Java Security
- Message-level
- Authz Framework
- CAS
- Delegation Service
- MyProxy
- GSI-OpenSSH
- SimpleCA
- SGAS
Data Mgt
MDS4
Execution Mgt
Table of Contents
CAS allows a virtual organization to express policy regarding resources distributed across a number of sites. A CAS server issues assertions to the virtual organization users, granting them fine-grained access rights to resources. Servers recognize and enforce the assertions. CAS is designed to be extensible to multiple services and is currently supported by the GridFTP server and web services.
Features new in GT 4.1.3:
- Support for OGSA-AuthZ Authorization Service interface
- Support for managing web services policy.
Other Supported Features
- File-level access control for GridFTP
- Issuance of SAML authorization decisions
Deprecated Features
- None
The following changes have occurred for CAS since the last stable release, 4.0.5:
Added a implicit namespace casDefaultNS, which is treated as a special namspace with no base name and exact comparison algorithm.
Grant all access to created groups disables: The previous versions of CAS allowed granting newly created groups grantAll access to itself. This feature has been disabled so that recursive permission issues are prevented.
Update to OpenSAML 1.1: The service has been updated to use OpenSAML 1.1.
Command line client options: The command line client options have been changed to use options that are standard across the toolkit. Note that all features that were supported before are still supported, but some of the option names have changed.
Allow both a push from the client and a pull from the server model for the CAS deployment
The CAS service code has been internationalized.[why can't this go under change summary?]
- Bug 3259: Error parsing environment variables set for CAS clients.
- Bug 3371: CAS group delete fails if grant all permissions is made on newly created group.
- Bug 3648: CAS server not prepending ftp://<hostname> to the resource in the assertion
- Bug 3947: CAS Service must release all of its resources on deactivation
- Bug 4776: bundle making error in trunk
The following problems and limitations are known to exist for CAS at the time of the 4.1.3 release:
The CAS service depends on the following GT components:
- WS Authentication and Authorization
- Java WS Core
The CAS GridFTP authorization module depends on the following GT components:
- Pre-WS Authentication and Authorization
The CAS service depends on the following 3rd party software:
- OpenSAML
The CAS GridFTP authorization module depends on the following 3rd party software:
- libxml
Tested Platforms for CAS
- Windows XP
- Linux (Red Hat 7.3)
Tested Containers for CAS
- Java WS Core container
- Tomcat 5.0.30
Associated standards for CAS:
Click here for more information about this component.