KFW releases off the trunk will become harder as 1.7 features start getting used

Asanka Herath asanka at secure-endpoints.com
Mon Nov 26 11:54:58 EST 2007 

Jeffrey Altman wrote:
> I am attaching a document that describes the work that has been
> performed on NIM 2.0 and that partially describes what remains to be
> accomplished.   The redesign work on the NIM API in order to maintain
> backward compatibility with existing credential providers shipped by
> third parties and to anticipate future needs has obviously taken longer
> than expected.
>
> Asanka will follow up next week with a more detailed description of the
> remaining pieces that must be developed.

The proposed changes for NIM 2.0 do not involve changing the way NIM
or the Kerberos v5 plug-in interacts with the Kerberos core.  The
changes only involve the way identity provider plug-ins interact with
NIM and the UI changes associated with allowing more than one identity
provider to be active at one time.

> 9.  Status
>
>     9.1  Completed Work
>
>     The work mentioned in sections 1..4 have been completed.  More
>     testing needs to be done to make sure the back-end code is working
>     properly.
>
>     In section 5, the dialog templates and the associated code for
>     instantiating the templates and laying out the individual dialogs
>     is in place.  The wizard workflow has been outlined, but only
>     partially implemented.
>
>     9.2  To-do
>
>     The work in sections 6, 7 and 8 remains to be done.

The work described in section 5 is nearing completion as are parts of
section 7.  Configuration space name conflicts and menu action name
conflicts mentioned in section 7 were resolved using a backwards
compatible naming convention.  The workflow code for section 5 needs
to be tested again once the work in section 6 is completed.

Section 6 described the changes that have to be made in the Kerberos
v5 identity provider plug-in.  These modifications are not as invasive
as in other sections.  The changes to the API require only superficial
changes on part of the plug-in.  The only substantial work involves
custom resource acquisition (described in 2.1) and the identity
selection panel.

We plan on completing the remaining work on sections 5 and 6 over the
remainder of this week and part of next week.

The remaining work in section 7 involves the extension of the identity
configuration panel to support multiple identity providers and the
template code mentioned in section 8.  Since the identity
configuration panels are an extension of the Advanced view of the new
credentials dialog, most of the back end code should already be in
place.  Updating the credentials provider template will involve some
superficial changes to switch to newer APIs and support for resource
acquisition, similar to what was done for the Kerberos v5 plug-in.
The identity provider template will be a modified skeleton of the
Kerberos v5 identity provider.  This work is expected to be completed
by the second week of December.

Asanka Herath

More information about the kfwdev mailing list