microtan / nhin-d Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/nhin-d
Automatically exported from code.google.com/p/nhin-d
Please write in the wiki a quick HOWTO guide for the admin tools (cmd line and
UI), and I'll clean it up and write a manual from it.
Original issue reported on code.google.com by [email protected]
on 30 Aug 2010 at 3:11
create for use when web ui not desired or installed
Original issue reported on code.google.com by [email protected]
on 18 Aug 2010 at 2:39
currently cert management is under "details" for addresses but under its own
link "certificates" for domains ... these should match up.
Maybe we could actually use almost the same page for both?
Original issue reported on code.google.com by [email protected]
on 31 Aug 2010 at 6:52
A MessageEnvelope shouldn't know what domain it is being processed at, and
indeed the MessageEnvelope class doesn't have a Domain property.
The DomainRecipients/OtherRecipients property doesn't want to be in this class,
IMHO.
Original issue reported on code.google.com by [email protected]
on 19 Aug 2010 at 10:44
It doesn't enforce a trust model -- I would expect enforce to be something like
an assert, and throw an exception.
Instead, it works by side effect, marking recipient trust, so I would expect it
to be named something like:
MarkRecipientTrust
If you agree, assign back to me, and I'll fix.
Original issue reported on code.google.com by [email protected]
on 20 Aug 2010 at 3:13
Spec compliant is to never send an MDN in response to an MDN.
Original issue reported on code.google.com by [email protected]
on 2 Sep 2010 at 3:19
Unit Testing for the XD Service.
Original issue reported on code.google.com by [email protected]
on 29 Aug 2010 at 6:13
With the new ACK model, we don't need postmasters, which significantly
simplifies the config ... pull it out from all the various places we have it
now.
Original issue reported on code.google.com by [email protected]
on 31 Aug 2010 at 6:53
Need additional unit testing on the XD project. Current test is more at an
integration level.
Individual classes and utility methods need tested to ensure proper functioning
with normal and boundary/outlier inputs.
Original issue reported on code.google.com by [email protected]
on 23 Aug 2010 at 5:42
Need to develop support for stepping-up from SMTP / XDM to XDR.
A code base exists from the IHE implementation from which to begin:
http://code.google.com/p/nhin-d-ihe/
POC: Vince Lewis
Original issue reported on code.google.com by [email protected]
on 30 Aug 2010 at 7:48
General cleanup of the Java baseline to remove compiler and IDE warnings.
Most errors are due to missing collection types (generics) and unused variables.
Original issue reported on code.google.com by [email protected]
on 23 Aug 2010 at 5:33
I had three unit tests fail due to non-admin privs, but xunit reports 8 errors.
What's up?
Original issue reported on code.google.com by [email protected]
on 2 Sep 2010 at 5:59
Generating message bounces presents some issues, including getting into
infinite loops.
The proposal is to instead do ACKs, using a cleaned up variation of MDN - RFC
2298.
Arien has thought through the details of MDN for the REST impl during the
bakeoff. We should leverage that work and update the Agent Spec.
Original issue reported on code.google.com by [email protected]
on 24 Aug 2010 at 6:18
Need an MSI to install the solution
Original issue reported on code.google.com by [email protected]
on 18 Aug 2010 at 2:30
Why would I want one cert across all adressees?
Original issue reported on code.google.com by [email protected]
on 19 Aug 2010 at 11:33
Need to create documentation for James and the Agent/Gateway components, which
includes (but not limited to) deployment and configuration details.
POC: Greg
Original issue reported on code.google.com by [email protected]
on 30 Aug 2010 at 7:51
There are three tests now that fail due to access denied if you run them other
than as admin.
Is there any way to:
1) Test for admin privs before running the test?
OR
2) Catch the access denied exception and issue a warning rather than a failure?
Original issue reported on code.google.com by [email protected]
on 2 Sep 2010 at 5:58
DnsResolverTests.BasicResolverTests.TestCert("nhind.hsgincubator.com")
C:\source\nhin-d\csharp\build.xml(50,3): error :
DnsResolverTests.BasicResolverTests.Test
"): CERT:redmond.hsgincubator.com
C:\source\nhin-d\csharp\build.xml(50,3): error : at
DnsResolverTests.BasicResolverTest
in c:\source\nhin-d\csharp\unittests\dns\BasicResolverTests.cs:line 88
C:\source\nhin-d\csharp\build.xml(50,3): error : at
DnsResolverTests.BasicResolverTest
:\source\nhin-d\csharp\unittests\dns\BasicResolverTests.cs:line 62
Original issue reported on code.google.com by [email protected]
on 18 Aug 2010 at 8:05
I would expect the first ctor to read:
this(keyTag,
Convert.FromBase64String(this.NormalizeInputCertString(certificate)))
Original issue reported on code.google.com by [email protected]
on 18 Aug 2010 at 6:48
Need to cache DNS entries in the resolver. Be sure to respect TTL.
Original issue reported on code.google.com by [email protected]
on 18 Aug 2010 at 2:00
The XD implementation currently uses a hardcoded email/pass and Google SMTP
server.
This is okay for test, but actual implementation will need to use the proper
SMTP instance.
Original issue reported on code.google.com by [email protected]
on 23 Aug 2010 at 5:38
Need a plan and code for identifying revoked certs
Original issue reported on code.google.com by [email protected]
on 18 Aug 2010 at 2:26
The current implementation of the Java XD project writes the XDM attachment as
"xdm.zip". This will cause exceptions if two threads are attempting to
read/write the file simultaneously. It also has the possibility of attaching
the incorrect file on outgoing messages.
Suggest using the unique message ID as part of the file name to prevent this
from happening. This will also assist in the task of keeping an outgoing
message queue, in the event that the SMTP server is currently unavailable.
Original issue reported on code.google.com by [email protected]
on 23 Aug 2010 at 5:51
Want to have client libraries that can abstract away the difference between
MIME / XDM / XDR messages.
Original issue reported on code.google.com by [email protected]
on 18 Aug 2010 at 2:29
Need pluggable logging and auditing methods. I have typically combined these
using severity levels to differentiate between verbose, debug, info, audit,
warning, error --- but am open to other ways of doing this.
John suggested using log4net for at least the logging part of this ... ok with
that assuming all the source can be incorporated into our source tree. Would
like to avoid dependent installs that have to be managed in setup or manually
by developers or administrators.
Original issue reported on code.google.com by [email protected]
on 18 Aug 2010 at 2:36
Our code is BSD licensed --- as we look to reuse other open source components,
we need to be very clear about what if any other licenses are acceptable for
inclusion in the reference implementation.
Sean to understand what Microsoft requirements are, as a first proxy for "big
company requirements".
Original issue reported on code.google.com by [email protected]
on 18 Aug 2010 at 1:58
The Java XD implementation currently has no use of security.
Deterime and implement what, if any, security is needed for this
implementation.
Original issue reported on code.google.com by [email protected]
on 23 Aug 2010 at 5:36
Need to create web site for administration.
Original issue reported on code.google.com by [email protected]
on 18 Aug 2010 at 2:05
Install an official (non-trial) Clover license for the Java side.
Ensure that clover reports are generated for components as part of the API
publishing.
Original issue reported on code.google.com by [email protected]
on 1 Sep 2010 at 4:38
All tables (certs, anchors, settings, administrators) should be able to be
keyed with a full address or a domain (or a special top-level string for system
settings).
Original issue reported on code.google.com by [email protected]
on 31 Aug 2010 at 1:14
Need to finalize details of the XDD service; working plan assumes a file drop
mechanism to interact with the gateway.
Original issue reported on code.google.com by [email protected]
on 18 Aug 2010 at 2:06
just need to do it.
Original issue reported on code.google.com by [email protected]
on 31 Aug 2010 at 6:54
I would expect something named Copy to clone the input, but the code just adds
a reference.
Why not just call it AddUpdate? The filter argument makes it clear what the
semantics are....
If you agree, assign back to me and I'll update...
Original issue reported on code.google.com by [email protected]
on 25 Aug 2010 at 9:53
Put together a webapp to be used for configuration.
Some of the operations are below:
# HISP administration
* management of crypto keys for the HISP and health domains
* choice of root certificates/trust circles
* adding/deleting endpoint organizations.
# health domain administrators
* uploading keys for a health domain and for specific endpoints
* add/remove endpoint addresses (or allow for globs, e.g. "xray-*" for pattern matching)
* allow additional root certificates/trust circles/self-signed certs.
Original issue reported on code.google.com by [email protected]
on 23 Aug 2010 at 2:40
Shouldn't we be using IEnumerable<T> by preference?
e.g., X509Certificate2Collection (although there's a good excuse for that, in
that the system libraries use collections), NHINDAddressCollection,
DnsResourceRecordCollection, MessageSignatureCollection...
There's so much goodness built into the IEnumerable<T> collections, including
LINQ and all the fun extension methods....
Original issue reported on code.google.com by [email protected]
on 21 Aug 2010 at 8:34
I think an empty collection should be untrusted. Will fix, feel free to
rollback if you disagree, or close if you agree.
Original issue reported on code.google.com by [email protected]
on 23 Aug 2010 at 9:41
VS Express doesn't appear to like our Solution files containing Solution
Folders. MSBuild does not mind.
Please investigate to see if VS Express as min-bar dev tool can continue to be
supported.
Original issue reported on code.google.com by [email protected]
on 19 Aug 2010 at 4:34
Need to create a DNS responder that will return MX and CERT records based on
entires in the configuration database.
Taking this approach rather than writing zone files because of logistics of
having to maintain zillions of individual zone files with identical content
thanks to weird wildcard support in DNS.
Original issue reported on code.google.com by [email protected]
on 18 Aug 2010 at 2:02
The name indicates that it should.
Original issue reported on code.google.com by [email protected]
on 2 Sep 2010 at 11:39
Need to include the output from a code-coverage tool to the API website
(http://api.nhindirect.org/).
Suggestion is the use of Clover. There is currently an inquiry for an
open-source license.
Original issue reported on code.google.com by [email protected]
on 30 Aug 2010 at 7:53
This may actually be fixed already but need to ensure we can build the projects
for both 64 and 32 bit ... we were having issues at the codathon this afternoon.
Original issue reported on code.google.com by [email protected]
on 18 Aug 2010 at 2:32
Implement an LDAP certificate store/resolver for the Java implementation.
Initial scope will be private certificate and trust anchors, public
certificates will be added in a future task.
See the following link for discussion:
http://nhindirect.org/message/view/Agent+Development+Team/26306637
Original issue reported on code.google.com by [email protected]
on 24 Aug 2010 at 1:53
Need to do it.
Original issue reported on code.google.com by [email protected]
on 18 Aug 2010 at 2:38
Identify what mechanism will be used to distinguish an XD relay (send to
another endpoint) vs. xdm.zip packaging for SMTP transfer.
Original issue reported on code.google.com by [email protected]
on 23 Aug 2010 at 5:29
Develop a strategy for automated installation/deployment of external jar
dependencies. This will be needed to accomplish a 'HISP in a box' model.
Currently the Agent requires the following files to be manually overwritten in
JAVA_HOME\jre\lib\security
- local_policy.jar
- US_export_policy.jar
Currently the XD implementation requires the following files to be manually
placed into JAVA_HOME\jre\lib\ext
- mailapi.jar
- smtp.jar
Original issue reported on code.google.com by [email protected]
on 23 Aug 2010 at 8:21
Currently when we validate the chain, all certificates up to the anchor must be
in the local store. If an intermediate cert is not available, it should be
fetched using DNS just like leaves.
Of course, this cannot happen for anchors --- which must be managed manually.
Original issue reported on code.google.com by [email protected]
on 18 Aug 2010 at 2:25
The method widens the segment to the widest span that incorporates both
segments.
I would expect something called Union to bomb if the segments don't overlap.
I don't know what to call this method: WidenSpanTo(otherSegment)?
Include(otherSegment)?
Or perhaps the intent is Union and the currently implementation has a bug?
I'll check in a a test case that documents the current behavior.
Original issue reported on code.google.com by [email protected]
on 25 Aug 2010 at 1:26
Old school, should use foreach in accordance with C# style.
I'm happy to fix if you agree and assign back to me.
Original issue reported on code.google.com by [email protected]
on 20 Aug 2010 at 3:11
What steps will reproduce the problem?
1. var crt = new DNSCert(x509cert);
2. var keyTag = crt.KeyTag;
What is the expected output? What do you see instead?
Based on code review, this will bomb due to access of an uninitialized variable.
RFC states:
"The key tag field is the 16 bit value computed for the key embedded
in the certificate as specified in the DNSSEC Standard [RFC 2535].
This field is used as an efficiency measure to pick which CERT RRs
may be applicable to a particular key. The key tag can be calculated
for the key in question and then only CERT RRs with the same key tag
need be examined. However, the key must always be transformed to the
format it would have as the public key portion of a KEY RR before the
key tag is computed. This is only possible if the key is applicable
to an algorithm (and limits such as key size limits) defined for DNS
security. If it is not, the algorithm field MUST BE zero and the tag
field is meaningless and SHOULD BE zero."
I think this implies that key tag should be computed in all cases, in which
case the other two ctors are incorrect, and should call the X509Certificate2
specific ctor, which should calculate the key tag.
RFC 2535 provides details about how to construct.
Original issue reported on code.google.com by [email protected]
on 18 Aug 2010 at 6:29
We should adopt a standard for the namespaces across all of the projects. Right
now each new dev is likely going to start out their own conventions.
Original issue reported on code.google.com by [email protected]
on 20 Aug 2010 at 5:16
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.