Eventually this document may go away or hold README information for the trust router. Right now, it serves as a to-do list for work that needs to be done on the trust router code before various releases:

TO-DO FOR BETA RELEASE (May 2013)

DONE - GSS connection API (based on MIT example code) DONE - DH implementation and test code (based on openssl) DONE - TID server and client implementation (API & example code) DONE - Add DH server-side code to TIDS DONE - JSON encode/decode of TID requests/responses (jansson) DONE - Eliminate bulk of info/debug messages (mostly from GSS code) DONE - Generate a real random number for DH (in common/tr_dh.c) DONE - Read TR portal/manual config from files at start-up (non-dynamic) DONE - Look-up code to find correct AAA Server for a Comm/Realm DONE - TR TID request & response handlers DONE - TIDS integration with freeradius server DONE - TIDC integration with freeradius proxy DONE - Map a COI to an APC in TR (incl config & lookup code) DONE - Resolve TBDs for error handling and deallocation

TO-DO FOR FULL PILOT VERSION (by July 1, 2013)

DONE Check rp_realm COI membership in TR DONE Check idp_realm APC membership in TR DONE Check gss_name on incoming TID request in TR (in TIDS, too?)

• Add Request ID to TID messages (req'd for mult simultaneous reqs)
• Handle per-request community configuration in AAA proxy
• Normalize/configure logging for info, warnings and errors (log4c)
• Clean-up gsscon API and messages DONE Add accessors for all externally accessible data structures, etc. DONE Formalize API for integration with RADIUS servers DONE Figure out what to do about commented-out checks in gsscon_passive.c
• Handle IPv6 addresses in TID req/resp (use getaddrinfo()) DONE Implement rp_permitted filters (incl. general filtering mechanism) DONE Add constraints to TID req in TR, store and use them in AAA Server
• Use valgrind to check for memory leaks, other issues
• Resolve remaining TBDs DONE Full functional testing

TO-DO FOR PRODUCTION VERSION (expected in August 2013)

• Keep single connection open between AAA proxy & TR for TID requests
• Handle multiple simultaneous TID requests in AAA proxy
• Move to better tasking model for TR (for dyn cfg and TR protocol)
• Dynamically re-read TR configuration file at runtime
• Multiple Trust Router support including implementation of TR protocol
• Add TR support for multiple non-shared AAA servers in an IDP
• More fully integrate TIDS with AAA Server? (Tradeoffs?)
• Consider standard encoding of DH info (from jose WG)
• Algorithm agility in TID protocol?
• Handle more than one APC per COI? (How would this work?)