river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Firmstone <j...@zeus.net.au>
Subject Future plans
Date Sun, 31 Jul 2011 08:43:04 GMT
Just thought I'd go over the ideas, thoughts and TODO's that come to 
mind and get some feedback about what others are thinking and what tasks 
they see as important.  There's plenty of work for those so inclined and 
generous with time.

Brief Summary:

    * TaskManager - improve concurrency and remove the dependency on
      Task.runAfter() in River code.
    * The Surrogate Project.
    * Providing Services over the Internet:
          o NAT Traversal
                + UDT (UDP Based Data Transfer)
                  http://udt.sourceforge.net/  - a NAT friendly
                  alternative to TCP.
                + STUN, TURN, NAT-PMP, UPnP
          o DNS-SRV LookupDiscovery (discovering lookup services in
            internet domains using DNS).
          o DGC (Distributed Garbage Collection) investigating use of
            Secure Endpoints?
          o StreamServiceRegistrar - delayed unmarshalling, client side
            filtering and Javaspace MatchSet like result handling using
            ResultStream, to address some of the long term criticisms of
            ServiceRegistrar.
    * SecurityManager and Policy
          o River-323 ConcurrentDynamicPolicy - existing policy
            implementations cause multi threading lock contention
            (almost complete, just needs to be tested against the
            current trunk and merged).
                + River-249 Added support for umbrella grant's.
          o Permission Revocation (Framework implemented, requires
            standardization).
                + Delegate's - use Li Gong's method guard pattern to
                  encapsulate Socket's, Streams etc.
                + DelegatePermission - to encapsulate an existing
                  permission that allows references to security
                  sensitive objects to escape.
                + Requires support from the SecurityManager, to check
                  all ProtectionDomain's in the AccessControlContext for
                  a DelegatePermission or it's candidate (the Permission
                  encapsulated by a DelegatePermission).
                + Requires support from a RevocablePolicy, to remove a
                  DelegatePermission (or other existing Permission that
                  doesn't let references escape) from the policy.
          o InternetSecurityManager - support for caching repeated
            permission for each AccessControlContext.
          o SecurityPolicyService - Allow local Policy's to be updated
            by subscribing to a Service using secure Endpoint's and
            administrator Subject's, to simplify distributed policy
            maintenance and replication.  This is in addition to policy
            files and dynamic grant's to proxy's.
                + Requires support from the Policy implementation.
                + Utilized and improved Apache Harmony File Policy
                  Parser implementation
                + This isn't for dynamic grant's to Proxy's, but may be
                  used to modify who (Subject) can make a dynamic grant.
                + Utilizes existing policy file syntax.
                + Allows granting of DownloadPermission to Certificate[]
                  signers to prevent proxy unmarshalling DOS attacks.
    * River-32 Jini Lookup, Discovery and Join Test Kit - Get this
      codebase working again.
    * River-279 - Create a subproject called Jini (no longer
      trademarked) to manage the Jini Specifications?
    * Investigate conversion script for a Maven or Gradle build.
    * Separate JVM for isolation of downloaded code, to sandbox
      unauthenticated services.

Cheers,

Peter.



Mime
View raw message