Difference between revisions of "Release 1.11"
From K5Wiki
Line 39: | Line 39: | ||
== Protocol evolution == |
== Protocol evolution == |
||
− | |||
− | * Authorization data -- conditional on IETF consensus |
||
− | ** Authorization data container with multiple verifiers (CAMMAC) |
||
− | ** POSIX directory info in authorization data (PAD) |
||
− | ** Level of Assurance in authorization data |
||
− | ** Site-defined string-keyed claims in authorization data |
||
− | ** X.509 attributes in authorization data |
||
− | * FAST preauth sets (e.g. OTP + long-term password) |
Revision as of 14:41, 26 October 2012
Contents
Timeline
This is only an approximate timeline. Dates are subject to change.
- Oct. 2012 -- make release branch
- Dec. 2012 -- final release
Code quality
- Improve ASN.1 support code, making it table-driven for decoding as well as encoding (done)
- Refactor parts of KDC, to better support libKDC and Projects/Trust KDC-local name resolution
Developer experience
- Projects/APIs_for_keytab_and_cccol_content
- Projects/Keytab_initiation -- Use default keytab for gss_init_sec_context when available (done)
- Projects/Export_import_cred -- Importing and exporting of GSS creds (useful for async GSS proxy) (done)
- Projects/Interposer_Mechanism
- Projects/Responder
- Projects/Password_response_item
- Documentation consolidation
End-user experience
- Documentation consolidation
- Projects/Credential_Store_extensions -- Store metadata in the ccache about how a credential was acquired, to improve the user's experience when reacquiring (expecting contribution)
- Projects/Extensible_Policy
- Support distinct client time offsets per realm (expecting contribution)
Administrator experience
- Projects/Keytab_ccache_name_parameters
- FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens)
- Documentation consolidation
Performance
- Improve (or eliminate) KDC lookaside cache (done)