GitHub - janetuk/trust_router: The trust router provides a mechanism for discovering the topology of trust graphs in a topology and establishing temporary identities between them.

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 887 Commits
common		common
debian		debian
doc		doc
gsscon		gsscon
include		include
m4		m4
mon		mon
redhat		redhat
tests		tests
tid		tid
tr		tr
trp		trp
.gitignore		.gitignore
.gitlab-ci.yml		.gitlab-ci.yml
APKBUILD.in		APKBUILD.in
LICENSE		LICENSE
Makefile.am		Makefile.am
README		README
configure.ac		configure.ac
schema.sql		schema.sql
tids.confd		tids.confd
tids.initd		tids.initd
tids.service		tids.service
trust_router.initd		trust_router.initd
trust_router.post-install		trust_router.post-install
trust_router.pre-install		trust_router.pre-install
trust_router.service		trust_router.service
trust_router.spec.in		trust_router.spec.in

Repository files navigation

Eventually this document may go away or hold README information for
the trust router.  Right now, it serves as a to-do list for work that
needs to be done on the trust router code before various releases:

TO-DO FOR BETA RELEASE (May 2013)
======================
DONE - GSS connection API (based on MIT example code)
DONE - DH implementation and test code (based on openssl)
DONE - TID server and client implementation (API & example code)
DONE - Add DH server-side code to TIDS
DONE - JSON encode/decode of TID requests/responses (jansson)
DONE - Eliminate bulk of info/debug messages (mostly from GSS code)
DONE - Generate a real random number for DH (in common/tr_dh.c)
DONE - Read TR portal/manual config from files at start-up (non-dynamic)
DONE - Look-up code to find correct AAA Server for a Comm/Realm
DONE - TR TID request & response handlers
DONE - TIDS integration with freeradius server 
DONE - TIDC integration with freeradius proxy 
DONE - Map a COI to an APC in TR (incl config & lookup code)
DONE - Resolve TBDs for error handling and deallocation

TO-DO FOR FULL PILOT VERSION (by July 1, 2013)
============================
DONE Check rp_realm COI membership in TR 
DONE Check idp_realm APC membership in TR 
DONE Check gss_name on incoming TID request in TR (in TIDS, too?)
- Add Request ID to TID messages (req'd for mult simultaneous reqs)
- Handle per-request community configuration in AAA proxy
- Normalize/configure logging for info, warnings and errors (log4c)
- Clean-up gsscon API and messages
DONE Add accessors for all externally accessible data structures, etc.
DONE Formalize API for integration with RADIUS servers
DONE Figure out what to do about commented-out checks in gsscon_passive.c
- Handle IPv6 addresses in TID req/resp (use getaddrinfo())
DONE Implement rp_permitted filters (incl. general filtering mechanism)
DONE Add constraints to TID req in TR, store and use them in AAA Server
- Use valgrind to check for memory leaks, other issues
- Resolve remaining TBDs
DONE Full functional testing

TO-DO FOR PRODUCTION VERSION (expected in August 2013)
============================
- Keep single connection open between AAA proxy & TR for TID requests
- Handle multiple simultaneous TID requests in AAA proxy 
- Move to better tasking model for TR (for dyn cfg and TR protocol)
- Dynamically re-read TR configuration file at runtime
- Multiple Trust Router support including implementation of TR protocol
- Add TR support for multiple non-shared AAA servers in an IDP
- More fully integrate TIDS with AAA Server? (Tradeoffs?)
- Consider standard encoding of DH info (from jose WG)
- Algorithm agility in TID protocol?
- Handle more than one APC per COI? (How would this work?)