Inspired by Peter's post below, I've begun to elucidate some thoughts on
where I see Jini/River at http://wiki.apache.org/river/JavaBasedSOA
For some reaon it won't let me attach a graphic. ("You are not allowed
to do AttachFile on this page"). Any ideas?
Cheers,
Greg Trasuk.
On Sun, 2011-07-31 at 04:43, Peter Firmstone wrote:
> Just thought I'd go over the ideas, thoughts and TODO's that come to
> mind and get some feedback about what others are thinking and what tasks
> they see as important. There's plenty of work for those so inclined and
> generous with time.
>
> Brief Summary:
>
> * TaskManager - improve concurrency and remove the dependency on
> Task.runAfter() in River code.
> * The Surrogate Project.
> * Providing Services over the Internet:
> o NAT Traversal
> + UDT (UDP Based Data Transfer)
> http://udt.sourceforge.net/ - a NAT friendly
> alternative to TCP.
> + STUN, TURN, NAT-PMP, UPnP
> o DNS-SRV LookupDiscovery (discovering lookup services in
> internet domains using DNS).
> o DGC (Distributed Garbage Collection) investigating use of
> Secure Endpoints?
> o StreamServiceRegistrar - delayed unmarshalling, client side
> filtering and Javaspace MatchSet like result handling using
> ResultStream, to address some of the long term criticisms of
> ServiceRegistrar.
> * SecurityManager and Policy
> o River-323 ConcurrentDynamicPolicy - existing policy
> implementations cause multi threading lock contention
> (almost complete, just needs to be tested against the
> current trunk and merged).
> + River-249 Added support for umbrella grant's.
> o Permission Revocation (Framework implemented, requires
> standardization).
> + Delegate's - use Li Gong's method guard pattern to
> encapsulate Socket's, Streams etc.
> + DelegatePermission - to encapsulate an existing
> permission that allows references to security
> sensitive objects to escape.
> + Requires support from the SecurityManager, to check
> all ProtectionDomain's in the AccessControlContext for
> a DelegatePermission or it's candidate (the Permission
> encapsulated by a DelegatePermission).
> + Requires support from a RevocablePolicy, to remove a
> DelegatePermission (or other existing Permission that
> doesn't let references escape) from the policy.
> o InternetSecurityManager - support for caching repeated
> permission for each AccessControlContext.
> o SecurityPolicyService - Allow local Policy's to be updated
> by subscribing to a Service using secure Endpoint's and
> administrator Subject's, to simplify distributed policy
> maintenance and replication. This is in addition to policy
> files and dynamic grant's to proxy's.
> + Requires support from the Policy implementation.
> + Utilized and improved Apache Harmony File Policy
> Parser implementation
> + This isn't for dynamic grant's to Proxy's, but may be
> used to modify who (Subject) can make a dynamic grant.
> + Utilizes existing policy file syntax.
> + Allows granting of DownloadPermission to Certificate[]
> signers to prevent proxy unmarshalling DOS attacks.
> * River-32 Jini Lookup, Discovery and Join Test Kit - Get this
> codebase working again.
> * River-279 - Create a subproject called Jini (no longer
> trademarked) to manage the Jini Specifications?
> * Investigate conversion script for a Maven or Gradle build.
> * Separate JVM for isolation of downloaded code, to sandbox
> unauthenticated services.
>
> Cheers,
>
> Peter.
>
