Eventually this document may go away or hold README information for
the trust router. Right now, it serves as a to-do list for work that
needs to be done on the trust router code before various releases:
TO-DO FOR BETA RELEASE (May 2013)
DONE - GSS connection API (based on MIT example code)
DONE - DH implementation and test code (based on openssl)
DONE - TID server and client implementation (API & example code)
DONE - Add DH server-side code to TIDS
DONE - JSON encode/decode of TID requests/responses (jansson)
DONE - Eliminate bulk of info/debug messages (mostly from GSS code)
DONE - Generate a real random number for DH (in common/tr_dh.c)
DONE - Read TR portal/manual config from files at start-up (non-dynamic)
DONE - Look-up code to find correct AAA Server for a Comm/Realm
DONE - TR TID request & response handlers
DONE - TIDS integration with freeradius server
DONE - TIDC integration with freeradius proxy
DONE - Map a COI to an APC in TR (incl config & lookup code)
DONE - Resolve TBDs for error handling and deallocation
TO-DO FOR FULL PILOT VERSION (by July 1, 2013)
DONE Check rp_realm COI membership in TR
DONE Check idp_realm APC membership in TR
DONE Check gss_name on incoming TID request in TR (in TIDS, too?)
- Add Request ID to TID messages (req'd for mult simultaneous reqs)
- Handle per-request community configuration in AAA proxy
- Normalize/configure logging for info, warnings and errors (log4c)
- Clean-up gsscon API and messages
DONE Add accessors for all externally accessible data structures, etc.
DONE Formalize API for integration with RADIUS servers
DONE Figure out what to do about commented-out checks in gsscon_passive.c
- Handle IPv6 addresses in TID req/resp (use getaddrinfo())
DONE Implement rp_permitted filters (incl. general filtering mechanism)
DONE Add constraints to TID req in TR, store and use them in AAA Server
- Use valgrind to check for memory leaks, other issues
- Resolve remaining TBDs
DONE Full functional testing
TO-DO FOR PRODUCTION VERSION (expected in August 2013)
- Keep single connection open between AAA proxy & TR for TID requests
- Handle multiple simultaneous TID requests in AAA proxy
- Move to better tasking model for TR (for dyn cfg and TR protocol)
- Dynamically re-read TR configuration file at runtime
- Multiple Trust Router support including implementation of TR protocol
- Add TR support for multiple non-shared AAA servers in an IDP
- More fully integrate TIDS with AAA Server? (Tradeoffs?)
- Consider standard encoding of DH info (from jose WG)
- Algorithm agility in TID protocol?
- Handle more than one APC per COI? (How would this work?)