-- CM
-* sfa_componet_config needs to define SFA_CM_SLICE_PREFIX
+- Stop invalid users
+* a recently disabled/deleted user may still have a valid cred. Keep a list of valid/invalid users on the aggregate and check callers against this list
+
+- GetTicket
+ * must verify_{site,slice,person,keys} on remote aggregate
+
+- Protogeni
+* agree on standard set of functon calls
+* agree on standard set of privs
+* on permission error, return priv needed to make call
+* cache slice resource states (if aggregate goes down, how do we know what
+ slices were on it and recreate them? do we make some sort of transaction log)
+
- Registry
* sfa.plc.api.SfaAPI.fill_record_pl_info() should add the sites PIs to a slice records researchers list
* api.update_membership() shoudl behave more like resolve when looking up records (attempt to resolve records at federated registeries) instead of only looking in the local registry
* support generic registry records (dont depend on postgres!)
-- sfa-clean-peer-records
-* instead of resolving each peer record one by one, use one reslove call to resolve a list of hrns (requires updated registry.resolve() method)
- Aggregate
* sfa.plc.slices.verify_site() should check if site['max_slices'] needs to be updated
- Component manager
* install the slice and node gid when the slice is created (create NM plugin to execute sfa_component_setup.py ?)
-
- SM call routing
* sfi -a option should send request to sm with an extra argument to