X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=README;h=5785f63a1f63fc34b40bf450eceadef5c5f94288;hb=3ce55e72152ec97044a2c0016f96090b1966c384;hp=d5a672af47746f0ce8f8f1178754d8eecc48bb2f;hpb=accaf11e85635a0237a6165bd1f4079241c163b4;p=trust_router.git diff --git a/README b/README index d5a672a..5785f63 100644 --- a/README +++ b/README @@ -1,33 +1,52 @@ - Eventually this document may go away or hold README information for the trust router. Right now, it serves as a to-do list for work that needs to be done on the trust router code before various releases: -TO-DO FOR BETA -============== -DONE - Eliminate bulk of info/debug messages -DONE - Java encode/decode of full requests/responses -DONE - Generate a real random number for DH code (in common/tr_dh.c) -DONE - DH server-side code (in TIDS) -IN PROGRESS - Read TR router config from file at start-up (non-dynamic) -IN PROGRESS - Look-up code to find correct AAA Server for a Comm/Realm -JUST STARTED - TIDC and TIDS integration with freeradius proxy and server -- Code to map a COI to an APC in TR -- Code to check rp_realm COI membership in TR -- Code to check gss_name in TR +TO-DO FOR BETA RELEASE (May 2013) +====================== +DONE - GSS connection API (based on MIT example code) +DONE - DH implementation and test code (based on openssl) +DONE - TID server and client implementation (API & example code) +DONE - Add DH server-side code to TIDS +DONE - JSON encode/decode of TID requests/responses (jansson) +DONE - Eliminate bulk of info/debug messages (mostly from GSS code) +DONE - Generate a real random number for DH (in common/tr_dh.c) +DONE - Read TR portal/manual config from files at start-up (non-dynamic) +DONE - Look-up code to find correct AAA Server for a Comm/Realm +DONE - TR TID request & response handlers +DONE - TIDS integration with freeradius server +DONE - TIDC integration with freeradius proxy +DONE - Map a COI to an APC in TR (incl config & lookup code) +DONE - Resolve TBDs for error handling and deallocation -TO-DO FOR PILOT -=============== -- Dynamically re-read TR configuration file at runtime -- Move to longer-term tasking model for TR -- Normalize/configure logging for info msgs, warnings and errors (log4c?) -- Clean-up gsscon API/messages -- Hand IPv6 addresses in TID req/resp -- Filtering and Constraints +TO-DO FOR FULL PILOT VERSION (by July 1, 2013) +============================ +DONE Check rp_realm COI membership in TR +DONE Check idp_realm APC membership in TR +DONE Check gss_name on incoming TID request in TR (in TIDS, too?) +- Add Request ID to TID messages (req'd for mult simultaneous reqs) +- Handle per-request community configuration in AAA proxy +- Normalize/configure logging for info, warnings and errors (log4c) +- Clean-up gsscon API and messages +DONE Add accessors for all externally accessible data structures, etc. +DONE Formalize API for integration with RADIUS servers +DONE Figure out what to do about commented-out checks in gsscon_passive.c +- Handle IPv6 addresses in TID req/resp (use getaddrinfo()) +DONE Implement rp_permitted filters (incl. general filtering mechanism) +DONE Add constraints to TID req in TR, store and use them in AAA Server +- Use valgrind to check for memory leaks, other issues +- Resolve remaining TBDs +DONE Full functional testing -TO-DO FOR PRODUCTION -==================== -- Multiple Trust Router support including TR protocol -- Consider standard encoding of DH info (from ?? WG) -- Update json parsers to use "format strings" for better error handling -- Algorithm agility in TID protocol? \ No newline at end of file +TO-DO FOR PRODUCTION VERSION (expected in August 2013) +============================ +- Keep single connection open between AAA proxy & TR for TID requests +- Handle multiple simultaneous TID requests in AAA proxy +- Move to better tasking model for TR (for dyn cfg and TR protocol) +- Dynamically re-read TR configuration file at runtime +- Multiple Trust Router support including implementation of TR protocol +- Add TR support for multiple non-shared AAA servers in an IDP +- More fully integrate TIDS with AAA Server? (Tradeoffs?) +- Consider standard encoding of DH info (from jose WG) +- Algorithm agility in TID protocol? +- Handle more than one APC per COI? (How would this work?) \ No newline at end of file