I'd like to introduce you to another Relevance open source project, Castronaut. Attentive readers will have noticed our focus on security issues, from code audits to books to restful authentication to SSO and on. We've used lots of different centralized authentication systems in the past, and have really settled on two options: OpenID and CAS. OpenID is great for public sites where the user pool is self-expanding; CAS is great for closed sites where the user pool is despotically maintained. (The reasons to choose between an open, decentralized protocol and an internal, managed one are many; this is just one simple vector).
We couldn't get that combination with any of the existing projects, so we launched Castronaut into orbit. Here's some things you'll need to know.
h2. Built on Sinatra
We stuck with Ruby for the implementation. Duh. However, we wanted to implement it in something lighter than Rails (and Merb) but needed more than Camping provided. We also wanted a testable and well-tested solution. Camping failed the sniff test because it isn't well-tested, nor particularly testable. Sinatra, being a thin wrapper around Rack, is well tested, current and has lots of eyes on it.
h2. Uses standard adapter architecture
Like any good authentication application, we provide a standard adapter architecture for our authentication providers. Right now, we are shipping with:
We built this to solve particular needs. We fully expect it to grow over time, as our needs and, hopefully, the needs of other users dictate. It is specifically this need to grow and change that led us to create Castronaut in the first place.
h2. CAS 2.0 Spec compliance
We support all the major portions of the CAS 2.0 spec except proxy granting ticket IOUs. Which means we support ticket granting tickets, service tickets, proxy granting tickets and proxy tickets. Castronaut therefore allows for centralized authentication, single sign-on, and pass-through service authentication. We'll tackle the IOU problem the first time we have a real-world usage for it. Feel free to provide us one.
h2. Updated Small Things, Loosely Joined code samples
You can download a new set of the samples from my Small Things, Loosely Joined talk that use Castronaut. The only difference is the use of restful_authentication for the included apps and a small change to the rubycas-client configuration settings.
h2. So, what's next?
Installation is a snap, and well documented. You can install as a gem using:
> sudo gem install relevance-castronaut --source http://gems.github.com
Edit a config YAML file somewhere, and launch:
> castronaut -C [path-to-yml-file]
That's it. We hope people will use it and give us feedback at our Lighthouse page.