logo_kerberos.gif

Difference between revisions of "Roadmap"

From K5Wiki
Jump to: navigation, search
(Timeline)
(Current roadmap items: Trello is more up to date than JIRA)
 
(28 intermediate revisions by 2 users not shown)
Line 3: Line 3:
 
== Timeline ==
 
== Timeline ==
   
Target 6 to 12 month cycle. (9 months plus/minus 3)
+
Target 12 month cycle. (plus/minus 2 months)
   
Releases will have a 2-year maintenance lifetime, subject to changes based on sponsor or community input.
+
Releases will have a 2-year maintenance lifetime, subject to changes based on community input.
   
 
; [[Release_1.8|krb5-1.8]]
 
; [[Release_1.8|krb5-1.8]]
Line 12: Line 12:
   
 
; [[Release_1.9|krb5-1.9]]
 
; [[Release_1.9|krb5-1.9]]
: Branch Sep. 2010
+
: Branch Oct. 2010
 
: Release Dec. 2010
 
: Release Dec. 2010
   
; krb5-1.10
+
; [[Release_1.10|krb5-1.10]]
: Branch Jul. 2011
+
: Branch Oct. 2011
: Release Sep. 2011
+
: Release Dec. 2011
  +
  +
; [[Release_1.11|krb5-1.11]]
  +
: Branch Oct. 2012
  +
: Release Dec. 2012
  +
  +
; [[Release_1.12|krb5-1.12]]
  +
: Branch Oct. 2013
  +
: Release Dec. 2013
  +
  +
; [[Release_1.13|krb5-1.13]]
  +
: Branch Aug. 2014
  +
: Release Oct. 2014
  +
  +
; [[Release_1.14|krb5-1.14]]
  +
: Branch Sep. 2015
  +
: Release Nov. 2015
  +
  +
; [[Release_1.15|krb5-1.15]]
  +
: Branch Aug. 2016
  +
: Release Oct. 2016
   
 
== Guiding principles ==
 
== Guiding principles ==
Line 29: Line 29:
   
 
== Current roadmap items ==
 
== Current roadmap items ==
  +
  +
This list will probably eventually be superseded by the [https://trello.com/b/maBtyclL/krbdev Trello board] (still migrating issues from the [https://ist-jira.atlassian.net/issues/?filter=16402 KRB JIRA backlog]).
  +
Target releases for roadmap items are subject to change.
  +
 
=== krb5-1.15 ===
  +
  +
* [[Projects/SPAKE_Preauthentication]]
  +
* [[Projects/Reporting-friendly KDB dump format improvements]]
  +
* [[Projects/NAPTR|URI discovery for KDC HTTP proxy]]
  +
* Query to efficiently report when a principal is locked out due to password failures
  +
  +
=== krb5-1.16 ===
  +
  +
* Forward secrecy for AP-REQ/AP-REP exchange
  +
* [[Projects/Graceful_recovery_after_destructive_service_rekey]]
  +
  +
== Long-term roadmap items ==
   
 
=== Code quality ===
 
=== Code quality ===
   
 
* Move toward test-driven development
 
* Move toward test-driven development
** Python-based test framework (1.9)
 
 
* Increase conformance to coding style
 
* Increase conformance to coding style
 
** Selective refactoring
 
** Selective refactoring
*** KDC (1.9)
 
 
** Continue formatting cleanup
 
** Continue formatting cleanup
  +
* Use cyclomatic complexity metrics to identify cleanup targets
   
 
=== Developer experience ===
 
=== Developer experience ===
   
 
* Crypto modularity -- make sure PKCS#11 etc. work well
 
* Crypto modularity -- make sure PKCS#11 etc. work well
** NSS back end (1.9)
 
 
* API documentation
 
* API documentation
 
* Support readily building subsets
 
* Support readily building subsets
 
** "Lite" client
 
** "Lite" client
 
** "Lite" server
 
** "Lite" server
** GSS-API: separate context establishment from message protection functions, e.g. Solaris user/kernel space split
 
 
* KDC Database modularity (long-term)
 
* KDC Database modularity (long-term)
 
** SQLite back end
 
** SQLite back end
Line 54: Line 68:
 
** Track IETF data model work
 
** Track IETF data model work
 
* [[Projects/Plugin support improvements | Plugin support improvements]]
 
* [[Projects/Plugin support improvements | Plugin support improvements]]
** [[Projects/Alternative PRNG | PRNG]]
 
 
** GSS-API mechanism glue
 
** GSS-API mechanism glue
 
** DNS / host-to-realm mapping
 
** DNS / host-to-realm mapping
** Profile / configuration
 
 
* Secure co-processor ("would be nice")
 
* Secure co-processor ("would be nice")
  +
* GSS proxy
  +
* interposition capability for GSS mechs (useful for GSS proxy) -- external for 1.11
  +
* Use default keytab for gss_init_sec_context
  +
* gss_export_cred (useful for async GSS proxy)
  +
* Improve ASN.1 support code (better support for plugins that need to encode/decode their own ASN.1 types)
   
 
=== End-user experience ===
 
=== End-user experience ===
   
* Localization
 
 
* Improve credential management
* Credential management
 
** KIM API (done)
 
** Cross-platform CCAPI
 
*** Done for Mac & Windows
 
*** UNIX implementation
 
   
 
=== Administrator Experience ===
 
=== Administrator Experience ===
   
  +
* Plugin for kadmin authorizations
  +
* Move more realm-global configuration into KDB
 
* Add interface to purge old keys (1.8 patch?)
 
* Add interface to purge old keys (1.8 patch?)
 
* Add interface to delete keys of specific enctypes (1.8 patch?)
 
* Add interface to delete keys of specific enctypes (1.8 patch?)
 
* Disable enctypes at compile time (1.8 patch?)
 
* Disable enctypes at compile time (1.8 patch?)
* [[Projects/Trace logging|Trace logging]] for easier troubleshooting (1.9)
 
* Plugins for password quality checks (1.9)
 
* Print enctypes using the "input form" string
 
 
* Improve IPv6 support
 
* Improve IPv6 support
 
* Improve key rollover
 
* Improve key rollover
Line 83: Line 94:
 
* Plugins for login failure lockout
 
* Plugins for login failure lockout
 
* Plugins for audit support
 
* Plugins for audit support
* Plugins for password synchronization
 
 
* Plugins for ticket issuance access control
 
* Plugins for ticket issuance access control
  +
* Plugins for domain-realm mapping
 
* Friendlier smart card support
 
* Friendlier smart card support
  +
* FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens)
  +
* Multiple logging levels for trace logging
   
 
=== Performance ===
 
=== Performance ===
Line 92: Line 105:
 
* Client resolution of KDC (etc.) addresses can be very slow. Decouple address resolution from initiation of KDC communications. (requires some redesign of internal interfaces)
 
* Client resolution of KDC (etc.) addresses can be very slow. Decouple address resolution from initiation of KDC communications. (requires some redesign of internal interfaces)
 
* Replay cache ("rcache")
 
* Replay cache ("rcache")
** Disable on KDC
 
*** Avoids known false-positive issues
 
 
** Improve implementation
 
** Improve implementation
 
** Support disabling by service type name
 
** Support disabling by service type name
Line 103: Line 114:
 
=== Protocol evolution ===
 
=== Protocol evolution ===
   
* IAKERB (1.9)
 
* Camellia (1.9)
 
 
* International strings in protocol (need IETF feedback)
 
* International strings in protocol (need IETF feedback)
 
** Principal names
 
** Principal names
Line 113: Line 122:
 
* PKU2U
 
* PKU2U
 
* One time password support
 
* One time password support
  +
* Multiply-authenticated authorization data container
  +
* POSIX IDs in authorization data
  +
* Level of Assurance in authorization data
  +
* Site-defined string-keyed claims in authorization data
  +
* X.509 attributes in authorization data
  +
* FAST preauth sets (e.g. OTP + long-term password)
   
 
== Completed roadmap items ==
 
== Completed roadmap items ==
   
=== Code quality ===
 
  +
See [[Roadmap (completed items)]].
 
* [[Projects/Remove krb4|Remove krb4]] (1.7)
 
* Move applications to separate distribution (1.8)
 
* Use safer library functions
 
** Avoids false positives
 
** Avoids need to (probably manually) evaluate "unsafe" calls
 
** Stop using strcpy, strcat, sprintf, etc.
 
*** Mostly done
 
*** New internal APIs for complex operations
 
* Reduce commitment to "difficult" platforms
 
** See [[supported platforms]]
 
** Focuses resources more effectively
 
 
=== Developer experience ===
 
 
* GSS-API mechglue changes to enable NTLM support (1.7)
 
* Crypto modularity (1.8)
 
** Native (accelerated) crypto API support
 
** Performance optimizations (caching, etc.)
 
** New API design for [[Projects/Encryption performance|encryption performance]] (1.8)
 
* "The Great Reindent" (1.8)
 
 
=== End-user experience ===
 
 
* Referrals (1.7)
 
 
=== Administrator experience ===
 
 
* Incremental propagation (1.7)
 
* Master key rollover (1.7)
 
* Auditing support (log all ticket requests) (1.7)
 
* Disable DES by default (1.8)
 
** Add more versatile facilities for [[Projects/Enctype_config_enhancements|configuring cryptosystems]] (1.8)
 
* [[Projects/Lockout|Lockout]] for repeated login failures (1.8)
 
** Implement LHA/Apple proposal to store config information in ccache to signal when a realm supports referrals and thus the future capability to eschew reverse DNS resolution (1.8)
 
 
=== Performance ===
 
 
* New crypto API (1.8) facilitates optimizations
 
* Replay cache ("rcache")
 
** Collision avoidance (1.7)
 
 
=== Protocol evolution ===
 
 
* Encryption algorithm negotiation (1.7)
 
* Microsoft Kerberos extensions (1.7)
 
* Improved PKINIT support (1.7)
 
* Anonymous PKINIT (1.8)
 
* FAST (done in 1.7 for a subset; IETF)
 
* FAST negotiation (1.8)
 

Latest revision as of 18:06, 3 January 2017

This is the outline of the development roadmap for MIT Kerberos. A more comprehensive list of projects is also available; some individual projects have links below.

Timeline

Target 12 month cycle. (plus/minus 2 months)

Releases will have a 2-year maintenance lifetime, subject to changes based on community input.

krb5-1.8
Branch Jan. 2009
Release early Mar. 2010
krb5-1.9
Branch Oct. 2010
Release Dec. 2010
krb5-1.10
Branch Oct. 2011
Release Dec. 2011
krb5-1.11
Branch Oct. 2012
Release Dec. 2012
krb5-1.12
Branch Oct. 2013
Release Dec. 2013
krb5-1.13
Branch Aug. 2014
Release Oct. 2014
krb5-1.14
Branch Sep. 2015
Release Nov. 2015
krb5-1.15
Branch Aug. 2016
Release Oct. 2016

Guiding principles

  • Code quality
  • Developer experience (including modularity)
  • End-user experience
  • Administrator experience
  • Performance
  • Protocol evolution

Current roadmap items

This list will probably eventually be superseded by the Trello board (still migrating issues from the KRB JIRA backlog). Target releases for roadmap items are subject to change.

krb5-1.15

krb5-1.16

Long-term roadmap items

Code quality

  • Move toward test-driven development
  • Increase conformance to coding style
    • Selective refactoring
    • Continue formatting cleanup
  • Use cyclomatic complexity metrics to identify cleanup targets

Developer experience

  • Crypto modularity -- make sure PKCS#11 etc. work well
  • API documentation
  • Support readily building subsets
    • "Lite" client
    • "Lite" server
  • KDC Database modularity (long-term)
    • SQLite back end
    • Does the existing DAL make sense?
    • Make data model less "blobby"
    • Track IETF data model work
  • Plugin support improvements
    • GSS-API mechanism glue
    • DNS / host-to-realm mapping
  • Secure co-processor ("would be nice")
  • GSS proxy
  • interposition capability for GSS mechs (useful for GSS proxy) -- external for 1.11
  • Use default keytab for gss_init_sec_context
  • gss_export_cred (useful for async GSS proxy)
  • Improve ASN.1 support code (better support for plugins that need to encode/decode their own ASN.1 types)

End-user experience

  • Improve credential management

Administrator Experience

  • Plugin for kadmin authorizations
  • Move more realm-global configuration into KDB
  • Add interface to purge old keys (1.8 patch?)
  • Add interface to delete keys of specific enctypes (1.8 patch?)
  • Disable enctypes at compile time (1.8 patch?)
  • Improve IPv6 support
  • Improve key rollover
    • Application service keys
  • Decrease DNS-related fragility
  • Plugins for login failure lockout
  • Plugins for audit support
  • Plugins for ticket issuance access control
  • Plugins for domain-realm mapping
  • Friendlier smart card support
  • FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens)
  • Multiple logging levels for trace logging

Performance

  • Decrease DNS traffic
  • Client resolution of KDC (etc.) addresses can be very slow. Decouple address resolution from initiation of KDC communications. (requires some redesign of internal interfaces)
  • Replay cache ("rcache")
    • Improve implementation
    • Support disabling by service type name
  • Enhancements to improve concurrency
    • Explicit state
    • Reduce mutex contention
    • Support asynchronous APIs and frameworks such as Apple's Grand Central Dispatch; begin refactoring code to make this easier

Protocol evolution

  • International strings in protocol (need IETF feedback)
    • Principal names
    • Error strings, etc. (need language tag negotiation)
  • Timestamp-independence
  • Replay-proofing protocols
  • Encryption algorithm updates (SHA-2, SHA-3, CCM, GCM)
  • PKU2U
  • One time password support
  • Multiply-authenticated authorization data container
  • POSIX IDs in authorization data
  • Level of Assurance in authorization data
  • Site-defined string-keyed claims in authorization data
  • X.509 attributes in authorization data
  • FAST preauth sets (e.g. OTP + long-term password)

Completed roadmap items

See Roadmap (completed items).