--GetTicket
-* sm, am only
-* sm calls getticket on am and merges resulting tickets into 1 ticket
-
-- sfa-clean-peer-records
-* modify resolve to support a list of hrns
-* resolve a list of peer hrns instead of each hrn individally
-
-- sfi remove, if removing a site, remove any record that site is an an authority for
-
-- routing sm calls
+- test rpms: build/install
+
+- Stop invalid users
+* a recently disabled/deleted user may still have a valid cred. Keep a list of valid/invalid users on the aggregate and check callers against this list
+
+- Component manager
+ * GetTicket - must verify_{site,slice,person,keys} on remote aggregate
+ * Redeem ticket - RedeemTicket/AdminTicket not working. Why?
+ * install the slice and node gid when the slice is created (create NM plugin to execute sfa_component_setup.py ?)
+
+- Protogeni
+* agree on standard set of functon calls
+* agree on standard set of privs
+* on permission error, return priv needed to make call
+* cache slice resource states (if aggregate goes down, how do we know what
+ slices were on it and recreate them? do we make some sort of transaction log)
+
+- Registry
+* sign peer gids
+* update call should attempt to push updates to federated peers if
+ the peer has a record for an object that is updated locally
+* api.update_membership() shoudl behave more like resolve when looking up records (attempt to resolve records at federated registeries) instead of only looking in the local registry
+* move db tables into db with less overhead (tokyocabinet?)
+* make resolve, fill_record_info more fault tolerent. Skip records with failures
+
+- Auth Service
+ * develop a simple service where users auth using username/passord and
+ receive their cred
+ * service manages users key/cert,creds
+
+- GUI
+ * requires user's cred (depends on Auth Service above)
+
+- SM call routing