Bug 4723 - CAMPAIGN: CAS as Local Policy Decision Point
: CAMPAIGN: CAS as Local Policy Decision Point
Status: RESOLVED FIXED
: CAS/SAML utilities
Campaign
: development
: PC Windows XP
: P3 normal
: 4.2
Assigned To:
:
:
:
: 4069
  Show dependency treegraph
 
Reported: 2006-09-21 09:30 by
Modified: 2006-10-13 17:19 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2006-09-21 09:30:13
Definition: 

Design and implement a local PDP interface for CAS server, so it can
be co-located with the authorization engine.

Benefits:

CAS is being proposed as a solution for managing policies for services
and resources in the GT container. These features should facilitate
using of a local CAS install and prevent network overheads involved in
using CAS as authorization service. This should help in adoption of
CAS as web services policy management.

Deliverables:

1) Investigate design options for allowing CAS to be invoked as local PDP
2) Write a new PDP that interfaces with a local CAS server
3) Tests for new functionality
4) Documentation
------- Comment #1 From 2006-09-21 16:14:12 -------
* Add interface that provides Java API to retrieve policy information for a
specific query.
* No Java Administrative interface is provided in this campaign. Local
 invocation can be used by colocated resource creators to set up policy.
* Add PDP that uses JNDI to access the CAS resource and retrieve the policy
information. Based on that return a Decision.
------- Comment #2 From 2006-10-02 09:38:44 -------
Added Java API in CasResource for retrieving CAS policy information and
LocalCasPDP class that uses CAS local interface to evaluate policy. Compeleted
a test service that uses LocalCasPDP. Need to write a test that exercises the
test service code.
------- Comment #3 From 2006-10-13 17:19:15 -------
Tests completed and code has been merged with trunk. 

Documentation has been added to 4.2 drafts. Created new section for WS policy
management 
http://www.globus.org/toolkit/docs/development/4.2-drafts/security/cas/admin/index.html#cas-admin-example-ws-policy
and under that added example walk-through for using CAS as Local PDP:
http://www.globus.org/toolkit/docs/development/4.2-drafts/security/cas/admin/index.html#cas-admin-example-localPdp

All deliverables completed.