Inspired by Peter's post below, I've begun to elucidate some thoughts on where I see Jini/River at http://wiki.apache.org/river/JavaBasedSOA
For some reaon it won't let me attach a graphic. ("You are not allowed to do AttachFile on this page"). Any ideas? Cheers, Greg Trasuk. On Sun, 2011-07-31 at 04:43, Peter Firmstone wrote: > Just thought I'd go over the ideas, thoughts and TODO's that come to > mind and get some feedback about what others are thinking and what tasks > they see as important. There's plenty of work for those so inclined and > generous with time. > > Brief Summary: > > * TaskManager - improve concurrency and remove the dependency on > Task.runAfter() in River code. > * The Surrogate Project. > * Providing Services over the Internet: > o NAT Traversal > + UDT (UDP Based Data Transfer) > http://udt.sourceforge.net/ - a NAT friendly > alternative to TCP. > + STUN, TURN, NAT-PMP, UPnP > o DNS-SRV LookupDiscovery (discovering lookup services in > internet domains using DNS). > o DGC (Distributed Garbage Collection) investigating use of > Secure Endpoints? > o StreamServiceRegistrar - delayed unmarshalling, client side > filtering and Javaspace MatchSet like result handling using > ResultStream, to address some of the long term criticisms of > ServiceRegistrar. > * SecurityManager and Policy > o River-323 ConcurrentDynamicPolicy - existing policy > implementations cause multi threading lock contention > (almost complete, just needs to be tested against the > current trunk and merged). > + River-249 Added support for umbrella grant's. > o Permission Revocation (Framework implemented, requires > standardization). > + Delegate's - use Li Gong's method guard pattern to > encapsulate Socket's, Streams etc. > + DelegatePermission - to encapsulate an existing > permission that allows references to security > sensitive objects to escape. > + Requires support from the SecurityManager, to check > all ProtectionDomain's in the AccessControlContext for > a DelegatePermission or it's candidate (the Permission > encapsulated by a DelegatePermission). > + Requires support from a RevocablePolicy, to remove a > DelegatePermission (or other existing Permission that > doesn't let references escape) from the policy. > o InternetSecurityManager - support for caching repeated > permission for each AccessControlContext. > o SecurityPolicyService - Allow local Policy's to be updated > by subscribing to a Service using secure Endpoint's and > administrator Subject's, to simplify distributed policy > maintenance and replication. This is in addition to policy > files and dynamic grant's to proxy's. > + Requires support from the Policy implementation. > + Utilized and improved Apache Harmony File Policy > Parser implementation > + This isn't for dynamic grant's to Proxy's, but may be > used to modify who (Subject) can make a dynamic grant. > + Utilizes existing policy file syntax. > + Allows granting of DownloadPermission to Certificate[] > signers to prevent proxy unmarshalling DOS attacks. > * River-32 Jini Lookup, Discovery and Join Test Kit - Get this > codebase working again. > * River-279 - Create a subproject called Jini (no longer > trademarked) to manage the Jini Specifications? > * Investigate conversion script for a Maven or Gradle build. > * Separate JVM for isolation of downloaded code, to sandbox > unauthenticated services. > > Cheers, > > Peter. >