Authentication vs. Authorization

CAS is used for authentication. Authentication asserts that individuals presenting credentials are who the credentials say they are.  Anyone who is in the following categories can use CAS to authenicate for services:

  • Active employees and students
  • Admitted students
  • Affiliates
  • Collaboration Guests
  • Members of the Alumni Association
  • Any of the above after their affiliation has expired but while they are still in the grace period. Grace Periods vary depending on the affiliation(s) of the person.

If an application wishes to exclude any of these categories, it must include authorization as part of its processing.

Authorization asserts that the individual is allowed to access certain system or application resources.  This can done based on data found, for example, in the CalNet Directory using LDAP, or by using information stored locally for use by a particular application.