river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Trasuk <tras...@stratuscom.com>
Subject Oh, no, the "vision" thing. Was: Re: Future plans
Date Mon, 01 Aug 2011 00:08:54 GMT

Inspired by Peter's post below, I've begun to elucidate some thoughts on
where I see Jini/River at http://wiki.apache.org/river/JavaBasedSOA

For some reaon it won't let me attach a graphic.  ("You are not allowed
to do AttachFile on this page").  Any ideas?


Greg Trasuk.

On Sun, 2011-07-31 at 04:43, Peter Firmstone wrote:
> Just thought I'd go over the ideas, thoughts and TODO's that come to 
> mind and get some feedback about what others are thinking and what tasks 
> they see as important.  There's plenty of work for those so inclined and 
> generous with time.
> Brief Summary:
>     * TaskManager - improve concurrency and remove the dependency on
>       Task.runAfter() in River code.
>     * The Surrogate Project.
>     * Providing Services over the Internet:
>           o NAT Traversal
>                 + UDT (UDP Based Data Transfer)
>                   http://udt.sourceforge.net/  - a NAT friendly
>                   alternative to TCP.
>                 + STUN, TURN, NAT-PMP, UPnP
>           o DNS-SRV LookupDiscovery (discovering lookup services in
>             internet domains using DNS).
>           o DGC (Distributed Garbage Collection) investigating use of
>             Secure Endpoints?
>           o StreamServiceRegistrar - delayed unmarshalling, client side
>             filtering and Javaspace MatchSet like result handling using
>             ResultStream, to address some of the long term criticisms of
>             ServiceRegistrar.
>     * SecurityManager and Policy
>           o River-323 ConcurrentDynamicPolicy - existing policy
>             implementations cause multi threading lock contention
>             (almost complete, just needs to be tested against the
>             current trunk and merged).
>                 + River-249 Added support for umbrella grant's.
>           o Permission Revocation (Framework implemented, requires
>             standardization).
>                 + Delegate's - use Li Gong's method guard pattern to
>                   encapsulate Socket's, Streams etc.
>                 + DelegatePermission - to encapsulate an existing
>                   permission that allows references to security
>                   sensitive objects to escape.
>                 + Requires support from the SecurityManager, to check
>                   all ProtectionDomain's in the AccessControlContext for
>                   a DelegatePermission or it's candidate (the Permission
>                   encapsulated by a DelegatePermission).
>                 + Requires support from a RevocablePolicy, to remove a
>                   DelegatePermission (or other existing Permission that
>                   doesn't let references escape) from the policy.
>           o InternetSecurityManager - support for caching repeated
>             permission for each AccessControlContext.
>           o SecurityPolicyService - Allow local Policy's to be updated
>             by subscribing to a Service using secure Endpoint's and
>             administrator Subject's, to simplify distributed policy
>             maintenance and replication.  This is in addition to policy
>             files and dynamic grant's to proxy's.
>                 + Requires support from the Policy implementation.
>                 + Utilized and improved Apache Harmony File Policy
>                   Parser implementation
>                 + This isn't for dynamic grant's to Proxy's, but may be
>                   used to modify who (Subject) can make a dynamic grant.
>                 + Utilizes existing policy file syntax.
>                 + Allows granting of DownloadPermission to Certificate[]
>                   signers to prevent proxy unmarshalling DOS attacks.
>     * River-32 Jini Lookup, Discovery and Join Test Kit - Get this
>       codebase working again.
>     * River-279 - Create a subproject called Jini (no longer
>       trademarked) to manage the Jini Specifications?
>     * Investigate conversion script for a Maven or Gradle build.
>     * Separate JVM for isolation of downloaded code, to sandbox
>       unauthenticated services.
> Cheers,
> Peter.

View raw message