X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=README;h=5785f63a1f63fc34b40bf450eceadef5c5f94288;hb=1f9462a7ab9753929fd9b24043915515f2d77dd2;hp=c37ef21f9c0d4638086b805934ca5597f3994f0f;hpb=034dd6bf9676901909937671dcc40d6ace82bfb3;p=trust_router.git diff --git a/README b/README index c37ef21..5785f63 100644 --- a/README +++ b/README @@ -1,24 +1,52 @@ - Eventually this document may go away or hold README information for the trust router. Right now, it serves as a to-do list for work that needs to be done on the trust router code before various releases: -TO-DO FOR BETA -============== -- DH server-side code (in TIDRS) -- Generate a real random number for DH code (in common/tr_dh.c) -- Eliminate bulk of info/debug messages -- Read TR router configuration from a file at start-up -- Tree/look-up code to find correct AAA Server for a COI/Realm in TR -- TPQC and TIDRS integration with freeradius +TO-DO FOR BETA RELEASE (May 2013) +====================== +DONE - GSS connection API (based on MIT example code) +DONE - DH implementation and test code (based on openssl) +DONE - TID server and client implementation (API & example code) +DONE - Add DH server-side code to TIDS +DONE - JSON encode/decode of TID requests/responses (jansson) +DONE - Eliminate bulk of info/debug messages (mostly from GSS code) +DONE - Generate a real random number for DH (in common/tr_dh.c) +DONE - Read TR portal/manual config from files at start-up (non-dynamic) +DONE - Look-up code to find correct AAA Server for a Comm/Realm +DONE - TR TID request & response handlers +DONE - TIDS integration with freeradius server +DONE - TIDC integration with freeradius proxy +DONE - Map a COI to an APC in TR (incl config & lookup code) +DONE - Resolve TBDs for error handling and deallocation -TO-DO FOR PORTAL BETA -===================== -- Dynamically re-read TR configuration file at runtime -- Move to longer-term tasking model for TR +TO-DO FOR FULL PILOT VERSION (by July 1, 2013) +============================ +DONE Check rp_realm COI membership in TR +DONE Check idp_realm APC membership in TR +DONE Check gss_name on incoming TID request in TR (in TIDS, too?) +- Add Request ID to TID messages (req'd for mult simultaneous reqs) +- Handle per-request community configuration in AAA proxy +- Normalize/configure logging for info, warnings and errors (log4c) +- Clean-up gsscon API and messages +DONE Add accessors for all externally accessible data structures, etc. +DONE Formalize API for integration with RADIUS servers +DONE Figure out what to do about commented-out checks in gsscon_passive.c +- Handle IPv6 addresses in TID req/resp (use getaddrinfo()) +DONE Implement rp_permitted filters (incl. general filtering mechanism) +DONE Add constraints to TID req in TR, store and use them in AAA Server +- Use valgrind to check for memory leaks, other issues +- Resolve remaining TBDs +DONE Full functional testing -TO-DO FOR PILOT -=============== -- Trust Router protocol implementation -- Normalize/configure logging for info msgs, warnings and errors -- Clean-up gsscon API +TO-DO FOR PRODUCTION VERSION (expected in August 2013) +============================ +- Keep single connection open between AAA proxy & TR for TID requests +- Handle multiple simultaneous TID requests in AAA proxy +- Move to better tasking model for TR (for dyn cfg and TR protocol) +- Dynamically re-read TR configuration file at runtime +- Multiple Trust Router support including implementation of TR protocol +- Add TR support for multiple non-shared AAA servers in an IDP +- More fully integrate TIDS with AAA Server? (Tradeoffs?) +- Consider standard encoding of DH info (from jose WG) +- Algorithm agility in TID protocol? +- Handle more than one APC per COI? (How would this work?) \ No newline at end of file