Release Meeting Minutes/2011-08-23

Will Fiveash, Carlos Garay, Thomas Hardjono, Greg Hudson, Simo Sorce, Zhanna Tsitkova, Tom Yu

Proxy GSS

Carlos: Proxy GSS in Java for Android. Privilege separation happens e.g. one Unix UID per application.
Tom: Proxy [...] need to do some privilege checking that kernel otherwise does for you.
Simo: A few key things: (1) How to handle permissions. How to know whether to give an application access to use a keytab.
Greg: Have to have a policy...
Greg: Almost all platforms can give you the UID of an IPC peer.
Simo: Not necessarily wanting to rely on UID.
Greg: Or use Unix file permissions.
Simo: e.g. different subdirectory per keytab.
Simo: (2) What do we want to proxy? Could proxy every mech or only individual mechs?
Greg: Doing individual message stuff in-process? [...] might be some mech that needs access to long-term private creds for the process to use an imported context.
Simo: Flag mech as proxiable?
Greg: What about SPNEGO? What if some mechs are proxiable, while some are not? Maybe all-or-nothing?
Simo: Could proxy, send actual secret in export to app.
Greg: Inband renegotiation complications [ ... probably borrowing trouble as doing this tunneled over wrap tokens depends on application properties ] Could start simple: proxy everything. Then work on options to export back to the app.
Tom: Proxy at mechglue layer, or at individual mechs? [ mechglue ]
Simo: How to transport stuff through IPC [ encoding etc. ]

We talk about TIRPC and complications thereof; best currently BSD-licensed version is probably from Linux NFS project.

libev is probably the best back end to bundle.

It turns out libev has a number of support things that might make embedding it easier anyway.