The global design of the system:
There are 3 main components:
The main properties of these components.
1) The Database is only accessed from the backend server (currently, using JDBC connections).
2) The backend is accessible only through the API of web-services.
3) The frontends talk with the backend also using the web-services (SOAP).
4) Some web-services of the backend could (and will) be made public (like skynode web-services) and in that case the frontend will just forward everything to the backend (through the virtual directory of the web-server (e.g SOAP requests to http://xxx.xxx/services/.. will be proxied to backend machine))
In principle, other VO web-services need not to be seat on the same backend server as CAS backend and can talk with it also using SOAP. (this could be implemented, but for me now it seems probably too complex)
Our system should be ready to handle multiuser situation. Why? Our general goal is to create the system of query executions in some sense (to allow to different users to create their own small tables, cross-match them with ours, retrieve them). So certainly such a system should use the authentification.