5 <meta http-equiv="Content-Language" content="en-us">
6 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
7 <title>Google Summer of Code Project Ideas</title>
8 <style type="text/css">
10 span.MsoFootnoteReference
11 {vertical-align:super;
19 <h1>OpenAFS, Network Identity Manager and Google Summer of Code</h1>
20 <p>The OpenAFS community participates in Google Summer of Code by sponsoring
21 students working on OpenAFS and related open source projects such as kAFS and
22 Network Identity Manager</p>
23 <a href="#accepted">Skip to the list of accepted projects for 2010</a>
24 <h2>What is OpenAFS?</h2>
25 <p>OpenAFS is a 100% open source globally distributed file system derived from
26 IBM AFS commercial offering as of 1 November 2000. Since IBM released the
27 source code OpenAFS has thrived adding support for new platforms while enhancing
28 its overall performance, scalability and usability. </p>
29 <p>OpenAFS has a large, mature codebase of over 800,000 lines of code. It is
30 used by large enterprises, universities, and research establishments
31 worldwide, and plays a part in fields from finance through space exploration
32 to quantum physics. Developing code for OpenAFS gives you the opportunity to
33 make a significant difference to a product that is in real-world large scale
34 production use, and to learn key development skills. We have a large,
35 supportive, community of developers who are keen to see new developers
36 enter our project, and happy to help out as you get up to speed.</p>
37 <h2>What is Network Identity Manager?</h2>
39 Network Identity Manager is a client-side
40 tool designed to simplify the acquisition and management of network
41 identities and the credentials used to provide
42 secure identification to network services on Microsoft Windows. In 2010,
43 students, faculty, and
44 researchers among others must be able to access services distributed around the world,
45 managed by different organizations, and deploying different network
46 authentication technologies.</p>
47 <p>As an example, a scientist at the U.S. Department of
48 Energy's Fermi National Labs must be able to access systems that require three
49 different forms of network credentials:</p>
51 <li>Kerberos v5 ticket granting and service tickets</li>
52 <li>Andrew File System (AFS)
54 <li>Short Lived Credential Services X.509 Public Key Certificates</li>
57 <p>Traditionally, the acquisition and renewal of each
58 credential type would be performed using distinct tools. The Kerberos v5 ticket granting ticket would be obtained and managed by a
59 Kerberos v5 Ticket Manager (MIT's Leash on Windows or Kerberos.app on MacOS X).
60 The AFS Tokens would be obtained by a tool provided by OpenAFS (aklog or
61 afscreds). The short lived X.509
62 certificate would be obtained by a tool designed to work with either a
63 Kerberized Certificate Authority (KCA) or the Globus MyProxy Credential
64 Management Service. With each new
65 credential source, the complexity for the end user is increased.</p>
67 <p>Network Identity Manager reduces this complexity by
68 implementing a Single Sign-On (SSO) framework that permits an initial
69 authentication to retrieve not just a single credential but all of the
70 derivative credentials necessary for the user to perform their task.
71 There have been many organization specific tools that have been developed
72 over the years to obtain mixed credentials
73 Unlike previous tools what makes NetIdMgr special is its modularity.
74 Its pluggable framework model does not require all of the technologies to
75 be integrated by the same organization.
76 Nor do all users have to be given access to the same combination of
77 identity and credential provider modules.</p>
81 <a href="http://socghop.appspot.com/document/show/gsoc_program/google/gsoc2010/faqs">
82 GSoC 2010 FAQ</a> is a worthwhile reading for anyone involved or considering involvement in the Google Summer of Code program.</p>
84 <p>OpenAFS is a challenging project to develop for. It is a large and complex
85 project that has developed over nearly 3 decades. The code must work across a
86 wide variety of different operating systems, and is heavily multi-threaded in
87 places. On Unix, the OpenAFS client runs within the machine's kernel, which
88 can significantly complicate the development process. As an enterprise
89 product, OpenAFS relies upon significant underlying infrastructure, which a
90 developer needs to get running before they can test any OpenAFS code. In
91 addition, OpenAFS is primarily written in C, with all of the attendant issues
92 of memory management and pointer manipulation.</p>
94 <p>These challenges mean that students who successfully complete a Summer of
95 Code are likely to leave with significant new skills. Real world experience of
96 developing for distributed systems, kernel programming, building test
97 infrastructures and developing thread safe code are key skills to develop, and
98 we're happy to help you to learn them. Please join us on #openafs on freenode,
99 in the Jabber conference openafs@conference.openafs.org, or on the
100 openafs-devel@openafs.org mailing list.
103 <h3>Background reading</h3>
104 If you are interested in working on OpenAFS this
105 Summer (and perhaps for the rest of your life) here are some things that we
106 recommend you do:<ol>
107 <li>If you are unfamiliar with programming in C, see if your
108 University has any resources available for assisting their students
109 who want to learn C. If that is not possible, get yourself a
110 good book and try your hand at it. "The "C Programming Language,
111 2nd edition" by Kernighan and Ritchie is widely considered to be
112 an excellent reference text.</li>
113 <li>If you have no idea what multi-threading is or what mutexes,
114 read/write locks, or critical sections are, go to the library and
115 find yourself a book. Preferably one that does not specialize
116 in Java, Win32 or Posix threads, but a good general multi-threading
119 <a href="http://docs.openafs.org">IBM AFS documentation/</a>. We are in
120 the process of rewriting this documentation to reflect the
121 functionality that is now available in OpenAFS - we
122 apologise that some of it is still out of date.
124 <li>Try your hand at building your own DNS, Kerberos and AFS
125 infrastructure.
126 <a href="http://tinyurl.com/cexwea">"Distributed Services with OpenAFS"</a>
127 is an excellent cookbook that walks though all of the steps necessary
128 to get all of the pieces up and running.</li>
131 <h3>Requirements</h3>
132 <p>If you apply to OpenAFS please be aware of the following:</p>
134 <li>You may not have a second job when working on OpenAFS GSoC. We
135 expect a minimum of 30 hours a week of dedicated work on your project.
136 It is likely that you will need to spend more time than that
137 when you include the time spent communicating with your
138 mentor(s), and on developing new skills necessary to complete your
140 <li>You must have excellent network connectivity on a regular basis.
141 It is extremely hard to develop for a distributed network file
142 system without access to the Internet. In particular, you need
143 to be able to access source code repositories, Kerberos KDCs for
144 authentication, and OpenAFS services. This will require that a
145 broad range of both tcp and udp ports be open for access to the
146 external world. If you are dependent upon your University's
147 network and they firewall access to the outside world, it may be very
148 difficult for you to work on OpenAFS.
149 Access to Jabber conference rooms and IRC for communication with your
150 mentors and the community are critical.</li>
151 <li>You must know how to compile a C program and use a debugger at a
152 rudimentary level. For Linux, gcc and gdb. For Windows, Visual
154 <li>The time that our mentors spend working with you on a GSoC project
155 is extremely valuable. The majority of our mentors are undertaking
156 that role in addition to full time employment. Please make the most
157 of their time. If you are having a problem, tell us about it as soon
158 as possible so that it can be addressed. If you
159 promise to deliver something, do so or warn your mentor as soon as
160 you know that you will miss the promised delivery date. If your
161 mentor is not available, ask on the IRC channel or the Jabber
162 conference room, and other members of the community will be happy to
163 help. We will do all we can to make GSoC a success for you, if
164 you put in the effort at the work and the communication, but we will
165 fail you if you're not putting that effort in.</li>
167 <h2>Communicating with the OpenAFS Community regarding GSoC</h2>
168 <p>You can speak to members of the OpenAFS Community using three forums:</p>
170 <li>Jabber Conference Room: openafs@conference.openafs.org</li>
171 <li>Internet Relay Chat: freenode.net #openafs channel</li>
172 <li>Mailing list: openafs-devel@openafs.org</li>
175 <h2>AFS & Kerberos Workshop</h2>
176 <p>This year's <a href="http://workshop.openafs.org/">AFS & Kerberos Workshop</a>
177 is being held at the University of Illinois at Urbana-Champaign the week of May 24 to 28. A
178 students working with OpenAFS for Summer of Code are given free admission to the
179 tutorials and workshop sessions. The workshop is an excellent
180 opportunity to meet the community and learn more about how OpenAFS works and how
183 <h2><a name="accepted"></a>Accepted Projects</h2>
185 <p>The following are a list of projects accepted for Summer of Code 2010 for
188 <h4><a name="kafs"></a>An alternate implementation of a userspace helper interface for Linux kafs</h4>
189 <h5>Student: Weylan (Wang) Lei</h5>
191 During last year's Google Summer of Code, an interface for allowing use of OpenAFS userspace programs with kafs was developed. This was found to not be acceptable to the Linux kernel core due to the pioctl ultiplexor system call. An alternate approach using [gs]etxattr(), add_key() and keyctl() and /proc with O_NODE was done; This year's project aims to extend upon that work.
193 <h4><a name="NetBSD_port"></a>A port of OpenAFS to NetBSD</h4>
194 <h5>Student: Matt Smith</h5>
196 Around the same time the original Linux port of AFS was done, a port to NetBSD was also available. While NetBSD has evolved, the original AFS port did not keep pace. Since then, a port to NetBSD has been highly desired. This project will port the OpenAFS client to run on NetBSD.
198 <h4><a name="Encrypted_storage"></a> Encrypted storage </h4>
199 <h5>Student: Sanket Agarwal</h5>
201 The AFS protocol offers encryption for data transport from client to server.
202 However, that data is stored on the server in cleartext, where it can
203 potentially be read by the administrators of that server. This poses a real
204 world problem for organisations who wish to outsource the provision of their
205 file storage, whilst keeping their data confidential. This project would
206 augment the existing AFS client to support encrypting data blocks before
207 sending them to the file server. Additional enhancements would manage user and
208 data keys in such a way that a user can share encrypted files with other AFS
209 users of their choosing, and protect the names of files, in addition to their
210 contents. This is a challenging project, during which the student will gain
211 an in depth knowledge of kernel programming, distributed systems, and
214 <h4>Unix or Windows Cache Manager support for Apple Doublefiles (Extended /
215 Posix Attributes)</h4>
216 <h5>Student: Kelli Ireland</h5>
217 <p>In order to store arbitrary metadata (aka attributes) with files or
218 directories in file systems that do not have the necessary native support Apple
220 <a href="http://users.phg-online.de/tk/netatalk/doc/Apple/v2/AppleSingle_AppleDouble.pdf">
221 Apple DoubleFile</a> format. AFS does not support arbitrary metadata
222 and on Apple MacOS X systems, the operating system will create DoubleFiles
223 without additional support from the AFS Cache Manager. This project is to
224 implement native support for Apple DoubleFiles in one or more of the AFS Cache
225 Managers exporting Posix Attributes on Unix/Linux platforms and Extended
226 Attributes on Microsoft Windows. This will permit arbitrary metadata (for
227 example, icons, thumbnail images, author, copyright info, gps tags, etc.) to be
228 stored in AFS and shared across multiple operating systems without requiring
229 changes to the AFS file servers.</p>
230 <h4>Implementing Microsoft's Safe String (StrSafe.h) Library for UNIX/Linux</h4>
231 <h5>Student: Jonas Sundberg</h5>
232 <p>Microsoft has developed a safe C String manipulation library (StrSafe.h).
233 The advantages of the
234 <code>Strsafe</code> functions include:</p>
236 <li>The size of the destination buffer is always provided to the function to
237 ensure that the function does not write past the end of the buffer. </li>
238 <li>Buffers are guaranteed to be null-terminated, even if the operation
239 truncates the intended result. </li>
240 <li>All functions return an HRESULT, with only one possible success code
242 <li>Each function is available in a corresponding character count (cch) or
243 byte count (cb) version. </li>
244 <li>Most functions have an extended ("Ex") version available for advanced
247 <p>It is the opinion of the OpenAFS Gatekeepers that the StrSafe.h functions are
248 superior to anything currently available in all of the UNIX/Linux and Windows
249 environments supported by OpenAFS. OpenAFS would like to be able to make
250 use of the StrSafe.h functions on UNIX/Linux to improve the code quality of
251 OpenAFS and further enhance the code sharing across Windows and UNIX/Linux.</p>
252 <p>This project is to implement from scratch a new implementation of the
253 StrSafe.h functionality for use on non-Windows platforms based entirely upon the
254 documentation provided by Microsoft:
255 http://msdn.microsoft.com/en-us/library/ms647466(VS.85).aspx</p>
256 <h2>Previous Years</h2>
257 OpenAFS previously participated in the <a href="gsoc/2008final.html">2008</a>
258 and <a href="gsoc/2009final.html">2009</a>Summers of Code.
260 <script type="text/javascript">
261 var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
262 document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
264 <script type="text/javascript">
265 var pageTracker = _gat._getTracker("UA-5995928-1");
266 pageTracker._trackPageview();