Re-implement CASino 3.0 API

[pencil]

Using the new grape-based API.

[pencil]

Will not happen

Applications are users?

Roughly, the useful intent of this capability is to model applications themselves as users, programmatically acquiring service tickets to authenticate to other applications, because those other applications found it expedient to use a CAS client library to accept Service Tickets rather than to rely upon some other technology for application-to-application authentication of requests (such as SSL certificates).

Of course, technically, this feature can be used to present end-user username and password pairs to CAS. There are some serious issues to consider in enabling that, not least of which is that naively implemented the REST endpoint becomes a tremendously convenient target for brute force dictionary attacks on your CAS server. (Note that the threat of brute-force attacks can be somewhat mitigated by throttling login attempts in your underlying authentication mechanism. Spring interceptor-based throttling (Throttling Login Attempts) is not applicable to restlets. -is this correct? )

https://wiki.jasig.org/display/CASUM/RESTful+API