Skip to content
This repository has been archived by the owner on Nov 29, 2021. It is now read-only.

RoadMap

Jump to bottom
Jose C edited this page Nov 20, 2017 · 19 revisions

Below is our general roadmap:

Last updated Nov 19, 2017:

Upcoming Feature Overview (this may change with slightly smaller releases to accommodate milestones in http4s, cats and related projects which tsec depends on)

  • Improving tsec-http4s api.
  • TSec-libsodium
  • Asymmetric Ciphers

Upcoming Feature overview for 0.0.1-M6:

Revised:

  • - [ ] OAuth2-based authentication This will be part of http4s (will PR myself)
  • Rate limiting Fabio's upperbound will focus on this.

Upcoming Feature overview for 0.0.1-M5:

  • Authenticator moved to AuthenticatorService
  • General Authenticator interface
  • expiration duration changed to expiry.
  • CSRF BugFixes
  • JWTMac Fix Base64URL to conform to RFC7515
  • Compose authenticator endpoints.

Upcoming Feature overview for 0.0.1-M4:

  • Credentials-based authentication
  • CSRF
  • Improved Documentation
  • Bearer Token Authenticator
  • SecureRandomId generation

File hashing helpers Covered by fs2 already.

Feature overview for 0.0.1-M3:

  • Updated version to Cats RC1, circe 0.9.0-M2 and Http4s 0.18-M5.

Feature overview for 0.0.1-M2:

  • Http4s Authentication, Authorization and tests. This includes JWT(stateless and with backing store), signed cookie, encrypted cookie (Stateless and with backing store)

Feature overview for 0.0.1-M1:

General:

  • Sensible defaults.

JCA:

  • MessageDigests
  • MessageDigests Testing
  • Symmetric ciphers (Missing PBE, blowfish and ARCFOUR)
  • Symmetric Cipher tests
  • KeyGenerators for ciphers and macs
  • KeyGenerator for mac
  • KeySpec
  • Mac
  • Mac tests
  • Signatures (Relies on bouncy castle)
  • Signature Tests

Password Hashing:

  • BCrypt (jBCrypt)
  • SCrypt (wg/scrypt)
  • Password hasher tests

Server-side app goodies

  • JWS/JWT implementation (WIP)
  • JWT testing(Mac)
  • JWT testing(Signatures)

Nice to haves(future, with no immediate plans to tackle):

JCA

  • Asymmetric Ciphers (WIP by robert)
  • Asymmetric Cipher tests
  • AlgorithmParameters nailed down for every possible asymm algorithm, where useful
  • SSL related stuff (backburner, low uses cases). The only people that ever need this are using it for server frameworks.

Sphlib

BouncyCastle:

  • SSL related stuff (backburner, low uses cases)

Will probably no longer tackle

Password hashing:

  • PBKDF2 (wg)
  • Pure Scala BCrypt
  • Pure Scala SCrypt

Reason: Don't need to reinvent the wheel, what we have is good enough

Looking for contributors:

(mostly because the majority of people already contributing to this project don't use these): Server-side:

  • Akka-http authentication
  • Play-http authentication (Optional, play already has silhouette)

Other things on the list:

  • Articles and education. There are so many different use cases: File integrity management, Token encryption, passwords (everyone and their mom is still on bcrypt and it's 2017 if anything we improve in our community it's getting rid of this).. so on and so forth. Tutorials on some of this stuff would be nice.
  • Implementing some of these in pure scala, particularly the passwordhashers.
Clone this wiki locally