Brief Features Overview
=======================

Would like to support the following methods of security / authorization /
validation:

SSL (Secure Sockets)
MD5 Checksums for Agents
Encrypt agent data over regular (insecure) sockets
Encrypt agents and add checksum
Allow simultaneous secure and insecure sockets
Specify what hosts are allowed to connect to a Daemon and what setup to use


Modes of Operation
==================

=> Plain Sockets
   +/- Remote ClassLoading
   +/- Checksumming
   +/- Agent Encryption
=> Secure Sockets
   +/- Remote ClassLoading
   +/- Checksumming
   +/- Agent Encryption


Security Level Examples
=======================

1) For a private LAN with no security worries
   => Plain Sockets
      + Remote ClassLoading
      - Checksumming
      - Agent Encryption

2) For minimal security (agent validation only)
   => Plain Sockets
     - Remote ClassLoading
     + Checksumming
     - Agent Encryption

3) Medium security (hide agent data only)
   => Plain Sockets
      - Remote ClassLoading
      - Checksumming
      + Agent Encryption

4) Medium+ security (hide agent data and validation)
   => Plain Sockets
      - Remote ClassLoading
      + Checksumming
      + Agent Encryption

5) High security
   => Secure Sockets
      - Remote ClassLoading
      - Checksumming
      - Agent Encryption

6) Highest security
   => Secure Sockets
      - Remote ClassLoading
      + Checksumming
      + Agent Encryption


Connection Logic
================

Plain vs. Secure Sockets:
   => Incoming - Daemon will check to see what type of connection is allowed
                 from a remote Daemon and will reject if not allowed.
   => Outgoing - Daemon will check to see what type of connections are allowed.
                 If Plain Sockets are allowed, then they will be attempted
                 first.  If they are not allowed or fail, a Secure Socket will
                 will be attempted.

Checksumming:
   Each Daemon will initially exchange their checksumming flag.  Each will then
   perform a logical 'or' on their flag and the remote Daemon flag to determine
   whether or not to enable it.  If an agent is received that is not
   checksummed and the Daemon has checksumming enabled, it will be rejected.
   Optionally, if an Agent wishes to be checksummed, it will always be.  This
   will most likely be by implemented a "Checksummable" interface or something
   to that effect.

Agent Encryption:
   The logic follows exactly like the checksumming flag.
   

Remote ClassLoading:
   Remote ClassLoading will be on a per-node (and in the future maybe
   per-connection) basis.  The Daemons do not have to agree on the
   Remote ClassLoading flag.
   
   Upon receiving an unrecognized agent type (without RCL):
   - Optionally close the connection to the source Daemon
   - Optionally "return to sender" - send the agent back
   - Optionally save any data about the agent that can be gleaned from the
     agent and the source Daemon to identify abusers


Connection Permissions
======================

In brief, something analgous to hosts.allow and hosts.deny.  Probably extend
it to show what security measures should be taken for each.  I'd like to be
able to support a mix of permissions on a single Daemon.  I plan on drawing up
some diagrams to better illustrate this.


Java Security Policy
====================

Need to put together a java.policy file and code in some "doPrivileged"
wrappers where appropriate.


Logging
=======

Need to provide a method to give different levels of logging of agent activity
to support speed, security, and accountablility.