Difference between revisions of "Roadmap"
From K5Wiki
(→Current roadmap items: Trello is more up to date than JIRA) |
|||
(54 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | This is the outline of the '''development roadmap''' for MIT Kerberos. |
+ | This is the outline of the '''development roadmap''' for MIT Kerberos. A more comprehensive [[Projects | list of projects]] is also available; some individual projects have links below. |
== Timeline == |
== Timeline == |
||
− | Target |
+ | Target 12 month cycle. (plus/minus 2 months) |
− | ; krb5-1.8 |
||
+ | Releases will have a 2-year maintenance lifetime, subject to changes based on community input. |
||
− | : Branch Dec. 2009 |
||
+ | |||
− | :* consider shortening testing cycle to two months or less |
||
+ | ; [[Release_1.8|krb5-1.8]] |
||
+ | : Branch Jan. 2009 |
||
: Release early Mar. 2010 |
: Release early Mar. 2010 |
||
− | ; krb5-1.9 |
+ | ; [[Release_1.9|krb5-1.9]] |
− | : Branch |
+ | : Branch Oct. 2010 |
: Release Dec. 2010 |
: Release Dec. 2010 |
||
+ | |||
+ | ; [[Release_1.10|krb5-1.10]] |
||
+ | : Branch Oct. 2011 |
||
+ | : Release Dec. 2011 |
||
+ | |||
+ | ; [[Release_1.11|krb5-1.11]] |
||
+ | : Branch Oct. 2012 |
||
+ | : Release Dec. 2012 |
||
+ | |||
+ | ; [[Release_1.12|krb5-1.12]] |
||
+ | : Branch Oct. 2013 |
||
+ | : Release Dec. 2013 |
||
+ | |||
+ | ; [[Release_1.13|krb5-1.13]] |
||
+ | : Branch Aug. 2014 |
||
+ | : Release Oct. 2014 |
||
+ | |||
+ | ; [[Release_1.14|krb5-1.14]] |
||
+ | : Branch Sep. 2015 |
||
+ | : Release Nov. 2015 |
||
+ | |||
+ | ; [[Release_1.15|krb5-1.15]] |
||
+ | : Branch Aug. 2016 |
||
+ | : Release Oct. 2016 |
||
== Guiding principles == |
== Guiding principles == |
||
* Code quality |
* Code quality |
||
− | * Modularity |
||
+ | * Developer experience (including modularity) |
||
* End-user experience |
* End-user experience |
||
* Administrator experience |
* Administrator experience |
||
* Performance |
* Performance |
||
* Protocol evolution |
* Protocol evolution |
||
+ | |||
+ | == Current roadmap items == |
||
+ | |||
+ | This list will probably eventually be superseded by the [https://trello.com/b/maBtyclL/krbdev Trello board] (still migrating issues from the [https://ist-jira.atlassian.net/issues/?filter=16402 KRB JIRA backlog]). |
||
+ | Target releases for roadmap items are subject to change. |
||
+ | |||
+ | === krb5-1.15 === |
||
+ | |||
+ | * [[Projects/SPAKE_Preauthentication]] |
||
+ | * [[Projects/Reporting-friendly KDB dump format improvements]] |
||
+ | * [[Projects/NAPTR|URI discovery for KDC HTTP proxy]] |
||
+ | * Query to efficiently report when a principal is locked out due to password failures |
||
+ | |||
+ | === krb5-1.16 === |
||
+ | |||
+ | * Forward secrecy for AP-REQ/AP-REP exchange |
||
+ | * [[Projects/Graceful_recovery_after_destructive_service_rekey]] |
||
+ | |||
+ | == Long-term roadmap items == |
||
=== Code quality === |
=== Code quality === |
||
− | * [[Projects/Remove krb4|Remove krb4]] (1.7) |
||
* Move toward test-driven development |
* Move toward test-driven development |
||
* Increase conformance to coding style |
* Increase conformance to coding style |
||
− | ** "The Great Reindent"? |
||
** Selective refactoring |
** Selective refactoring |
||
− | * Use safer library functions (ongoing) |
||
+ | ** Continue formatting cleanup |
||
− | ** Avoids false positives |
||
+ | * Use cyclomatic complexity metrics to identify cleanup targets |
||
− | ** Avoids need to (probably manually) evaluate "unsafe" calls |
||
− | ** Stop using strcpy, strcat, sprintf, etc. |
||
− | *** Mostly done |
||
− | *** New internal APIs for complex operations |
||
− | * Reduce commitment to "difficult" platforms |
||
− | ** See [[supported platforms]] |
||
− | ** Focuses resources more effectively |
||
− | === |
+ | === Developer experience === |
− | * Crypto (1.8) |
||
+ | * Crypto modularity -- make sure PKCS#11 etc. work well |
||
− | ** Native (accelerated) crypto API support |
||
+ | * API documentation |
||
− | ** Performance optimizations (caching, etc.) |
||
+ | * Support readily building subsets |
||
− | ** New API design 1.7+ |
||
− | * Support readily building subsets (1.8) |
||
** "Lite" client |
** "Lite" client |
||
** "Lite" server |
** "Lite" server |
||
− | ** "GSS-API": separate context establishment from message protection functions, e.g. Solaris user/kernel space split |
||
+ | * KDC Database modularity (long-term) |
||
− | * GSS-API mechanism glue |
||
+ | ** SQLite back end |
||
− | ** At least rough form to enable NTLM support (1.7) |
||
− | ** Possible refinements later (1.8) |
||
− | * KDC Database (long-term) |
||
** Does the existing DAL make sense? |
** Does the existing DAL make sense? |
||
** Make data model less "blobby" |
** Make data model less "blobby" |
||
** Track IETF data model work |
** Track IETF data model work |
||
− | ** New API around 1.8 |
||
+ | * [[Projects/Plugin support improvements | Plugin support improvements]] |
||
− | ** New implementation around 1.9 |
||
+ | ** GSS-API mechanism glue |
||
+ | ** DNS / host-to-realm mapping |
||
* Secure co-processor ("would be nice") |
* Secure co-processor ("would be nice") |
||
+ | * GSS proxy |
||
+ | * interposition capability for GSS mechs (useful for GSS proxy) -- external for 1.11 |
||
+ | * Use default keytab for gss_init_sec_context |
||
+ | * gss_export_cred (useful for async GSS proxy) |
||
+ | * Improve ASN.1 support code (better support for plugins that need to encode/decode their own ASN.1 types) |
||
=== End-user experience === |
=== End-user experience === |
||
− | * Enhanced error messages for GSS-API (done) |
||
+ | * Improve credential management |
||
− | * Referrals (1.7) |
||
− | ** DNS independence via referrals |
||
− | * Localization of static error strings (1.7+) |
||
− | * Credential management |
||
− | ** KIM API (done) |
||
− | ** Cross-platform CCAPI |
||
− | *** Done for Mac & Windows |
||
− | *** UNIX implementation (1.7+) |
||
=== Administrator Experience === |
=== Administrator Experience === |
||
− | * Incremental propagation (1.7) |
||
+ | * Plugin for kadmin authorizations |
||
− | ** Integrated; needs cleanup |
||
+ | * Move more realm-global configuration into KDB |
||
+ | * Add interface to purge old keys (1.8 patch?) |
||
+ | * Add interface to delete keys of specific enctypes (1.8 patch?) |
||
+ | * Disable enctypes at compile time (1.8 patch?) |
||
+ | * Improve IPv6 support |
||
* Improve key rollover |
* Improve key rollover |
||
− | ** Master key (1.7) |
||
+ | ** Application service keys |
||
− | ** Application service keys (1.8) |
||
* Decrease DNS-related fragility |
* Decrease DNS-related fragility |
||
− | ** Investigate LHA/Apple proposal to store config information in ccache to signal when a realm supports referrals and thus the option to eschew reverse DNS resolution |
||
+ | * Plugins for login failure lockout |
||
− | * Audit support (log all ticket requests) (1.7+) |
||
+ | * Plugins for audit support |
||
− | * Disable DES by default (1.8) |
||
+ | * Plugins for ticket issuance access control |
||
− | ** Investigate doing this for 1.7 and removing single-DES completely by 1.8 |
||
+ | * Plugins for domain-realm mapping |
||
− | ** Add more versatile facilities for configuring cryptosystems |
||
+ | * Friendlier smart card support |
||
+ | * FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens) |
||
+ | * Multiple logging levels for trace logging |
||
=== Performance === |
=== Performance === |
||
− | * Decrease DNS traffic |
+ | * Decrease DNS traffic |
− | + | * Client resolution of KDC (etc.) addresses can be very slow. Decouple address resolution from initiation of KDC communications. (requires some redesign of internal interfaces) |
|
* Replay cache ("rcache") |
* Replay cache ("rcache") |
||
− | ** Disable on KDC (1.7) |
||
+ | ** Improve implementation |
||
− | *** Avoids known false-positive issues |
||
+ | ** Support disabling by service type name |
||
− | ** Collision avoidance (1.7+) |
||
+ | * Enhancements to improve concurrency |
||
− | ** Improve implementation (1.7+) |
||
+ | ** Explicit state |
||
− | ** Support disabling by service type name (1.7+) |
||
+ | ** Reduce mutex contention |
||
− | * New crypto API (1.8) facilitates optimizations |
||
+ | ** Support asynchronous APIs and frameworks such as Apple's Grand Central Dispatch; begin refactoring code to make this easier |
||
− | * Concurrency |
||
=== Protocol evolution === |
=== Protocol evolution === |
||
− | * Encryption algorithm negotiation (1.7) |
||
+ | * International strings in protocol (need IETF feedback) |
||
− | * Microsoft Kerberos extensions (1.7) |
||
+ | ** Principal names |
||
− | * Improved PKINIT support (1.7) |
||
+ | ** Error strings, etc. (need language tag negotiation) |
||
− | * Anonymous PKINIT (1.8) |
||
+ | * Timestamp-independence |
||
− | * FAST (done in 1.7 for a subset; IETF) |
||
+ | * Replay-proofing protocols |
||
− | * International strings in protocol (1.8+; IETF) |
||
+ | * Encryption algorithm updates (SHA-2, SHA-3, CCM, GCM) |
||
− | * Timestamp-independence (1.8, 1.9) |
||
+ | * PKU2U |
||
− | * Replay-proofing protocols (1.8, 1.9) |
||
+ | * One time password support |
||
+ | * Multiply-authenticated authorization data container |
||
+ | * POSIX IDs in authorization data |
||
+ | * Level of Assurance in authorization data |
||
+ | * Site-defined string-keyed claims in authorization data |
||
+ | * X.509 attributes in authorization data |
||
+ | * FAST preauth sets (e.g. OTP + long-term password) |
||
+ | |||
+ | == Completed roadmap items == |
||
+ | |||
+ | See [[Roadmap (completed items)]]. |
Latest revision as of 17:06, 3 January 2017
This is the outline of the development roadmap for MIT Kerberos. A more comprehensive list of projects is also available; some individual projects have links below.
Contents
Timeline
Target 12 month cycle. (plus/minus 2 months)
Releases will have a 2-year maintenance lifetime, subject to changes based on community input.
- krb5-1.8
- Branch Jan. 2009
- Release early Mar. 2010
- krb5-1.9
- Branch Oct. 2010
- Release Dec. 2010
- krb5-1.10
- Branch Oct. 2011
- Release Dec. 2011
- krb5-1.11
- Branch Oct. 2012
- Release Dec. 2012
- krb5-1.12
- Branch Oct. 2013
- Release Dec. 2013
- krb5-1.13
- Branch Aug. 2014
- Release Oct. 2014
- krb5-1.14
- Branch Sep. 2015
- Release Nov. 2015
- krb5-1.15
- Branch Aug. 2016
- Release Oct. 2016
Guiding principles
- Code quality
- Developer experience (including modularity)
- End-user experience
- Administrator experience
- Performance
- Protocol evolution
Current roadmap items
This list will probably eventually be superseded by the Trello board (still migrating issues from the KRB JIRA backlog). Target releases for roadmap items are subject to change.
krb5-1.15
- Projects/SPAKE_Preauthentication
- Projects/Reporting-friendly KDB dump format improvements
- URI discovery for KDC HTTP proxy
- Query to efficiently report when a principal is locked out due to password failures
krb5-1.16
- Forward secrecy for AP-REQ/AP-REP exchange
- Projects/Graceful_recovery_after_destructive_service_rekey
Long-term roadmap items
Code quality
- Move toward test-driven development
- Increase conformance to coding style
- Selective refactoring
- Continue formatting cleanup
- Use cyclomatic complexity metrics to identify cleanup targets
Developer experience
- Crypto modularity -- make sure PKCS#11 etc. work well
- API documentation
- Support readily building subsets
- "Lite" client
- "Lite" server
- KDC Database modularity (long-term)
- SQLite back end
- Does the existing DAL make sense?
- Make data model less "blobby"
- Track IETF data model work
- Plugin support improvements
- GSS-API mechanism glue
- DNS / host-to-realm mapping
- Secure co-processor ("would be nice")
- GSS proxy
- interposition capability for GSS mechs (useful for GSS proxy) -- external for 1.11
- Use default keytab for gss_init_sec_context
- gss_export_cred (useful for async GSS proxy)
- Improve ASN.1 support code (better support for plugins that need to encode/decode their own ASN.1 types)
End-user experience
- Improve credential management
Administrator Experience
- Plugin for kadmin authorizations
- Move more realm-global configuration into KDB
- Add interface to purge old keys (1.8 patch?)
- Add interface to delete keys of specific enctypes (1.8 patch?)
- Disable enctypes at compile time (1.8 patch?)
- Improve IPv6 support
- Improve key rollover
- Application service keys
- Decrease DNS-related fragility
- Plugins for login failure lockout
- Plugins for audit support
- Plugins for ticket issuance access control
- Plugins for domain-realm mapping
- Friendlier smart card support
- FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens)
- Multiple logging levels for trace logging
Performance
- Decrease DNS traffic
- Client resolution of KDC (etc.) addresses can be very slow. Decouple address resolution from initiation of KDC communications. (requires some redesign of internal interfaces)
- Replay cache ("rcache")
- Improve implementation
- Support disabling by service type name
- Enhancements to improve concurrency
- Explicit state
- Reduce mutex contention
- Support asynchronous APIs and frameworks such as Apple's Grand Central Dispatch; begin refactoring code to make this easier
Protocol evolution
- International strings in protocol (need IETF feedback)
- Principal names
- Error strings, etc. (need language tag negotiation)
- Timestamp-independence
- Replay-proofing protocols
- Encryption algorithm updates (SHA-2, SHA-3, CCM, GCM)
- PKU2U
- One time password support
- Multiply-authenticated authorization data container
- POSIX IDs in authorization data
- Level of Assurance in authorization data
- Site-defined string-keyed claims in authorization data
- X.509 attributes in authorization data
- FAST preauth sets (e.g. OTP + long-term password)