1.  What is the proposal being presented for review?

    This project adds a facility for creating new types of process
    groups where process group membership is tracked/inheritted through
    cred_t.  We call this Credentials Process Groups (CPG), and it is
    loosely based on a facility from the Andrew File System (AFS) called
    Process Authentication Group (PAG).

    This is an open, full case seeking Minor release binding.  The
    interfaces delivered will be: a) new system calls, kernel functions,
    and corresponding ucred_get(3C) and proc(1) extensions, b) changes
    to pam_unix_cred and pam_krb5 to make use of the new facility, c) a
    new service, svc:/system/cpg/krb5:default.

2.  Describe user interactions.

    There are no new required user interactions.  The new process
    grouping facility will be as an implementation detail to most users.
    Users will be able to manipulate process group membership for any
    process group types that allow it.  Manipulations and observability
    will be done through system calls and a new proc(1) tool or
    extensions to pcred(1).

    This facility is similar to AFS PAGs (see question #1).  Linux has a
    similar concept called "Linux keyrings".  There's a text document
    describing AFS PAGs (PAGs.txt) and another describing Linux keyrings
    Linux-keyrings.txt).  The Overview.txt document comapres CPGs to
    PAGs and keyrings.

    There are no install time changes.

3.  What are the exported (defined by your project) and imported (defined by
    another project that your project then references) interfaces or protocols
    and their respective stability levels?  See:
        http://www.opensolaris.org/os/community/arc/policies/interface-taxonomy/ 

    All new user-land interfaces will be Committed, and all new
    kernel-land interfaces will be some flavor of Contracted for now.
    The new facility is extensible.  No contracts are needed.

    Exported Interfaces:

	Interface				Stability
	---------				---------

	System Calls

	 cpg_type_reg(2)			Committed
	 cpg_type_unreg(2)			Committed
	 cpg_type_list(2)			Committed
	 cpg_reg_door(2)			Committed
	 cpg_change(2)				Committed
	 cpg_change_to(2)			Committed
	 cpg_getid(2)				Committed
	 cpg_owner(2)				Committed
	 cpg_owner_byid(2)			Committed
	 cpg_chown(2)				Committed
	 cpg_chown_byid(2)			Committed
	 cpg_getuserdata(2)			Committed
	 cpg_getuserdata_byid(2)		Committed
	 cpg_setuserdata(2)			Committed
	 cpg_setuserdata_byid(2)		Committed

	ucred functions

	 ucred_getcpgid(3C)			Committed
	 ucred_getcpgudata(3C)			Committed

	GSS-API functions

	 gss_acquire_cred_with_ucred(3GSS)	Committed
	 gss_add_cred_with_ucred(3GSS)		Committed

	proc(1) commands

	 new pcred(1) options or new command	Committed

	SMF services
	
	 svc:/system/cpg/krb5:default		Committed

	Kernel functions

	 crgetcpg()
	 crsetcpg()
	 cpg_hold()
	 cpg_rele()
	 cpg_getid()
	 cpg_getreg()
	 cpg_getowner()
	 cpg_setowner()
	 cpg_getudata()
	 cpg_setudata()
	 cpg_getkdata()
	 cpg_setkdata()
	 cpg_getdoor()
	 cpg_set_hook()

4.  Describe any dependencies on hardware (e.g. SPARC exclusive), and on
    other projects within Solaris.

    None.

5.  Projects need to be aware of the overall security of the system and how
    their components affect it. Which parts of this project are critical to
    the security of the system to avoid such unintended consequences such
    as unauthorized system entry, unauthorized access to or modification of
    data, elevation of privilege, denial of service, violation of labeled
    security, ...? Does this project require elevated privilege?

    This project adds a new process grouping facility that works through
    cred_t, as such it is inherently related to security.

    This new facility can be used for security purposes, and one initial
    use of it will be to help track references to Kerberos V user
    credentials (tickets and ticket session keys stored in "ccaches").

    In the future there may well be new security-related uses of CPGs.
    See examples listed in Overview.txt.

6.  Describe means of observing project functionality and performance, by
    an end user or by a system administrator.

    There will be a new proc(1) command or changes to pcred(1).

7.  How does the project deal with faults and interruptions? Initialization
    and restarting?

    N/A.

8.  How does the project interact with Solaris virtualization technologies
    (xVM, LDOMs, zones, Branded zones, SunCluster, etc.)? 

    CPGs are orthogonal to Solaris virtualization.

    (However, it might be useful to state that zone_enter() clears all
    CPGs of the process entering a zone.)

9.  Does this project require administration (i.e., configuration or
    management)? If so,

    This project does not require any administration, save, perhaps,
    enabling svc:/system/cpg/*.  It's not clear to the project team how
    such services should come to be enabled (advice?).

10. Have you reviewed the Policies and Best Practices? Are there any
    exceptions this project needs? See

    Yes to the first part, no to the second.