The global design of the system:
There are 3 main components:
The main properties of those components. 1) The Database is only accessed from the backend server (currently this will be the JDBC connections). 2) The main property of the backend is to that it is accessible only through the API of web-services. 3) The frontends talks with the backend also using the web-services (SOAP). 4) Some web-services of the backend can (and will) be made public (like skynode web-services) and in that case the frontend will just forward everything to the backend (through the virtual directory of the web-server (e.g SOAP requests to http://xxx.xxx/services/.. will be hiddenly forwarded to backend machine)) (I don't know how that forwarding is named, so correct if you can say better).
Also I should say that in principal other VO web-services need not to seat on the same backend server as CAS backend and can talk with it also using SOAP. (this could be implemented, but for me now it seems probably too complex)
Authentification notes:
Our system should be ready to handle multiuser situation. Why? Our general goal is to create the system of query executions in some sense (to allow to different users to create their own small tables, cross-match them with ours, retrieve them). So certainly such a system should use the authentification.
KS