Introduction to the Central Authorisation Service

The Central Authorisation Service is a network accessible directory of information relating to individuals and services within the university that can be used to decide whether someone should get access to an IT service.

What information does it contain?

The directory contains information about individuals that is gathered from various sources such as Student Records, HR records and visitor registrations. This is combined with organisational structure information about college and school affiliation. There is also a mechanism to provide for ad hoc group memberships.

What is it used for?

IT services may lookup information in the authorisation service using the Lightweight Directory Access Protocol (LDAP), and based on the result, decide whether someone should be able to access the resource or not. Such services include:

  • the eJournals service using eZproxy in the Library
  • staffmail
  • Student Mail Service
  • some school desktop systems
  • Shibboleth federated access to remote services