Updated README and TODO files to reflect the current state of the
project.
This commit is contained in:
Juan Carlos Luciani
@@ -82,26 +82,15 @@ The auth_token client/service protocol allows for the authentication of the clie
|
||||
auth_token relies in the server authentication mechanisms of SSL to verify the identity
|
||||
of the ATS.
|
||||
|
||||
IMPLEMENTATION STRATEGY AND CURRENT STATUS
|
||||
|
||||
auth_token is currently under development and is not ready to be used in production.
|
||||
The implementation strategy has been to first complete the framework with all of its
|
||||
modules, APIs, and packaging to allow application writters to start developing to it.
|
||||
Once this is done, then the implementation focus will switch to completing the plumbing.
|
||||
|
||||
As of this time, a lot of the framework has been completed and there are sample
|
||||
applications that can be utilized to exercise it. For a more complete picture of where
|
||||
we are, look at the various TODO lists present in the child folders.
|
||||
|
||||
The schedule for completing auth_token is agressive.
|
||||
|
||||
REQUIREMENTS FOR BUILDING THE SOFTWARE PACKAGE ON WINDOWS
|
||||
|
||||
- Install Visual Studio .NET 2003
|
||||
- Install Windows Platform SDK for Windows Server 2003 SP1
|
||||
- Register the platform sdk with VS - Start/All Programs/Windows Platform SDK for Windows Server 2003 SP1/Visual Studio Registration/Register PSDK Directories with Visual Studio
|
||||
- Install Visual Studio 2005.
|
||||
- Install Windows Platform SDK for Windows Server 2003 SP1.
|
||||
- Register the platform sdk with VS - Start/All Programs/Windows Platform SDK for
|
||||
Windows Server 2003 SP1/Visual Studio Registration/Register PSDK Directories with
|
||||
Visual Studio.
|
||||
- Install Cygwin - See instructions below.
|
||||
- Extract Expat-2.0.0.zip in casa source directory parent
|
||||
- Extract Expat-2.0.0.zip in casa source directory parent.
|
||||
- Install Casa
|
||||
|
||||
Download and start cygwin install:
|
||||
@@ -179,9 +168,8 @@ bash --login -i
|
||||
|
||||
REQUIREMENTS FOR BUILDING THE SOFTWARE PACKAGE ON LINUX
|
||||
|
||||
Install latest mono and mono-devel RPM - Obtain RPMs from
|
||||
www.go-mono.org.
|
||||
|
||||
Install needed RPMs. Look at BuildRequires line in CASA_auth_token_server.spec.in file
|
||||
in package/linux folder to see a list of RPM build dependencies.
|
||||
|
||||
BUILDING THE SOFTWARE PACKAGE
|
||||
|
||||
@@ -222,7 +210,7 @@ source distribution (configure, Makefile.in files, and other distributed
|
||||
autotools files are not removed)
|
||||
|
||||
make maintainer-clean - removes files to return state back to same as
|
||||
the CVS checkout (you will need to run ./autogen.sh again before running
|
||||
the SVN checkout (you will need to run ./autogen.sh again before running
|
||||
make again)
|
||||
|
||||
SECURITY CONSIDERATIONS
|
||||
@@ -231,6 +219,15 @@ CASA Authentication Tokens when compromised can be used to either impersonate
|
||||
a user or to obtain identity information about the user. Because of this it is
|
||||
important that the tokens be secured by applications making use of them. It is
|
||||
recommended that the tokens be transmitted using SSL.
|
||||
|
||||
Currently, the Authentication Token Client defaults to allow the setup of SSL
|
||||
connections with an ATS even if the Certificate presented by the ATS is considered
|
||||
invalid. In this mode, it is possible for a malicious user to set up a server which
|
||||
impersonates an ATS for the purpose of acquiring user credentials. This default
|
||||
will be modified once we implement a mechanism to give the user the option of either
|
||||
approving or rejecting a certificate. If this behavior is un-acceptable to you then
|
||||
you can configure the client to not allow SSL connections to be setup with invalid
|
||||
server certificates by modifying the settings present in the client.conf file.
|
||||
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user