...
In light of expected changes, Crowd-only accounts are likely to be deprecated. This poses risk the the CAS server currently used at SLAC, as well as the two instances of the Group Manager application relying on it, and all Java web applications relying on CAS through the LoginFilter.
A SLAC IAM system would be expected to export a SAML interface at a minimum, and possibly an OpenID Connect or OAuth 2.0 interface. An SDF IAM system that relies on it would similarly also export one or both of those protocols. In all cases, there are applications such as dex which can consume SAML, OAuth 2, OpenID Connect, crowd, and other interfaces, while exporting an OpenID Connect interface.
uid and gid numbers may be subject to change
...