Understanding Content Visibility and CAS Protection on YaleSites

YaleSites is for Public Data

YaleSites is fundamentally a platform for public information. When we say YaleSites is designed for “Low Risk data” in Yale’s Data Classification Policy, we’re really talking about data that can be made public without causing harm. This is the core principle that drives every design decision on the platform.

Understanding this helps clarify why YaleSites works the way it does. We’re not trying to create complex security systems or granular permissions because that’s not what the platform is for. YaleSites excels at helping you share public information with the world and, when useful, limiting some content to just the Yale community through CAS authentication.

All Files Are Public

Even if you link a file from a CAS-protected page, the file itself remains public. Anyone who knows or guesses the file’s URL can access it. This bright-line rule keeps the platform secure and maintainable by eliminating ambiguity about file permissions.

Why take such an absolute approach? Creating granular file permissions would require complex authentication layers and permission systems. Each additional layer would be another potential point of failure or misconfiguration. Instead, YaleSites maintains one simple rule that everyone can understand and follow.

What CAS Protection Actually Does

Making Your Content Discoverable

Since CAS-protected content can’t be searched, you can create public pages that describe what’s available behind authentication. These pages get indexed and help people find your resources, while actual access remains limited to the Yale community.

For example, a public page might describe a collection of Yale-only resources, explain who can access them, and provide contact information for questions. The page contains the keywords that make your content findable without revealing the protected information itself.

This approach works because it respects YaleSites’ nature as a public platform while allowing you to create Yale-only spaces. You’re not trying to hide content or create security through obscurity. You’re simply managing who can view public information that’s most relevant to the Yale community.

Think of it like a library catalog. Everyone can search the catalog to see what books exist, but some special collections require Yale credentials to access. The catalog entry is public; the collection requires authentication.

For truly confidential information – anything you wouldn’t want potentially exposed – use platforms designed for secure storage like Microsoft OneDrive or Teams. YaleSites excels at sharing information broadly. Other tools excel at keeping information confidential. Use the right tool for your content.

Why Public Supporting Pages Work

Creating public pages that describe your CAS-protected content solves the discovery problem while maintaining security. These pages act as a bridge between what needs to be searchable and what needs to be secure.

When you create a public page about your protected resources, you’re providing enough information for people to find what they need through search, understand if they should have access, and know how to request it. The public page contains the keywords and context that make your resources discoverable through YaleSites search and Beacon, while the actual sensitive content remains safely behind authentication.

This approach works because it separates the “what” from the “how.” The public can learn what resources exist and whether they’re relevant to their needs. Only authorized users with Yale authentication can access the actual content. Think of it like a library catalog – everyone can search the catalog to see what books exist, but some special collections require credentials to access.