From b3a1dcd634e8088a60c7e3f671716f54e6013e70 Mon Sep 17 00:00:00 2001
From: anjalitelang <49958114+anjaltelang@users.noreply.github.com>
Date: Thu, 21 Oct 2021 10:10:19 -0400
Subject: [PATCH 1/2] Update ROADMAP.md

Updated roadmap to reflect current focus of Pinniped project
---
 ROADMAP.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/ROADMAP.md b/ROADMAP.md
index 12922864..b406e56f 100644
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -38,6 +38,21 @@ Last Updated: Sept 2021
 |--|--|--|
 |Improving Security Posture|Supervisor token refresh fails when the upstream refresh token no longer works for OIDC |Oct 2021|
 |Improving Security Posture|Supervisor token refresh fails when the upstream refresh token no longer works for LDAP/AD |Nov 2021|
+|Improving Security Posture|Set stricter default TLS versions and Ciphers |Nov 2021|
+|Improving Security Posture|Support FIPS compliant Boring crypto libraries |Dec 2021|
+|Improving Security Posture|Support Audit logging of security events related to Authentication |Jan 2022|
+|Improving Security Posture|mTLS for Supervisor sessions |Exploring/Ongoing|
+|Improving Security Posture|Key management/rotation for Pinniped components with minimal downtime |Exploring/Ongoing|
+|Improving Security Posture|Support for Session Logout |Exploring/Ongoing|
+|Improving Security Posture|Support for Idle Session/ Inactivity timeout|Exploring/Ongoing|
+|Improving Security Posture|Support for Max Concurrent Sessions|Exploring/Ongoing|
+|Improving Security Posture|Support for configurable Session Length |Exploring/Ongoing|
+|Improving Security Posture|Reject use of username and groups with system: prefix  |Exploring/Ongoing|
+|Improving Security Posture|Support for using external KMS for Supervisor signing keys |Exploring/Ongoing|
+|Improving Security Posture|Client side use of Secure Enclaves for Session data |Exploring/Ongoing|
+|Improving Security Posture|Enforce the use of HTTP Strict Transport (HSTS) |Exploring/Ongoing|
+|Improving Security Posture|Assert that Pinniped runs under the restricted PSP version2 levels  |Exploring/Ongoing|
+|Improving Security Posture|mTLS for Supervisor sessions |Exploring/Ongoing|
 |Multiple IDP support|Support multiple IDPs configured on a single Supervisor|Exploring/Ongoing|
 |Wider Concierge cluster support|Support for OpenShift cluster types in the Concierge|Exploring/Ongoing|
 |Identity transforms|Support prefixing, filtering, or performing coarse-grained checks on upstream users and groups|Exploring/Ongoing|

From be6c335bb820c1846ef568c6da4064c1eaf7df41 Mon Sep 17 00:00:00 2001
From: anjalitelang <49958114+anjaltelang@users.noreply.github.com>
Date: Thu, 21 Oct 2021 10:16:54 -0400
Subject: [PATCH 2/2] Update ROADMAP.md

Minor changes
---
 ROADMAP.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ROADMAP.md b/ROADMAP.md
index b406e56f..882838c4 100644
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -37,7 +37,7 @@ Last Updated: Sept 2021
 |Theme|Description|Timeline|
 |--|--|--|
 |Improving Security Posture|Supervisor token refresh fails when the upstream refresh token no longer works for OIDC |Oct 2021|
-|Improving Security Posture|Supervisor token refresh fails when the upstream refresh token no longer works for LDAP/AD |Nov 2021|
+|Improving Security Posture|Supervisor token refresh fails when the upstream user is in an invalid state for LDAP/AD |Nov 2021|
 |Improving Security Posture|Set stricter default TLS versions and Ciphers |Nov 2021|
 |Improving Security Posture|Support FIPS compliant Boring crypto libraries |Dec 2021|
 |Improving Security Posture|Support Audit logging of security events related to Authentication |Jan 2022|
@@ -52,7 +52,6 @@ Last Updated: Sept 2021
 |Improving Security Posture|Client side use of Secure Enclaves for Session data |Exploring/Ongoing|
 |Improving Security Posture|Enforce the use of HTTP Strict Transport (HSTS) |Exploring/Ongoing|
 |Improving Security Posture|Assert that Pinniped runs under the restricted PSP version2 levels  |Exploring/Ongoing|
-|Improving Security Posture|mTLS for Supervisor sessions |Exploring/Ongoing|
 |Multiple IDP support|Support multiple IDPs configured on a single Supervisor|Exploring/Ongoing|
 |Wider Concierge cluster support|Support for OpenShift cluster types in the Concierge|Exploring/Ongoing|
 |Identity transforms|Support prefixing, filtering, or performing coarse-grained checks on upstream users and groups|Exploring/Ongoing|