Bugzilla – Bug 4723
CAMPAIGN: CAS as Local Policy Decision Point
Last modified: 2006-10-13 17:19:15
You need to
before you can comment on or make changes to this bug.
Design and implement a local PDP interface for CAS server, so it can
be co-located with the authorization engine.
CAS is being proposed as a solution for managing policies for services
and resources in the GT container. These features should facilitate
using of a local CAS install and prevent network overheads involved in
using CAS as authorization service. This should help in adoption of
CAS as web services policy management.
1) Investigate design options for allowing CAS to be invoked as local PDP
2) Write a new PDP that interfaces with a local CAS server
3) Tests for new functionality
* Add interface that provides Java API to retrieve policy information for a
* No Java Administrative interface is provided in this campaign. Local
invocation can be used by colocated resource creators to set up policy.
* Add PDP that uses JNDI to access the CAS resource and retrieve the policy
information. Based on that return a Decision.
Added Java API in CasResource for retrieving CAS policy information and
LocalCasPDP class that uses CAS local interface to evaluate policy. Compeleted
a test service that uses LocalCasPDP. Need to write a test that exercises the
test service code.
Tests completed and code has been merged with trunk.
Documentation has been added to 4.2 drafts. Created new section for WS policy
and under that added example walk-through for using CAS as Local PDP:
All deliverables completed.