5 <title>OpenAFS Road Map / Development Wish List</title>
6 <link href="/openafs.css" rel="stylesheet" type="text/css">
19 <h1>Road Map / Development Wish List for OpenAFS</h1>
20 <p>In its fifteen-plus years as an open-source project, OpenAFS has made
21 great progress and proved to be a mature project, providing clients
22 and servers on all UNIX/Linux variants.</p>
24 <h1><a name="release_schedule"></a>Road Map</h1>
25 <p style="text-align:left">As an independent open-source project, OpenAFS has no paid staff or
26 full-time developers to maintain the software and add new features. The
27 contributions of volunteers drive the pace of progress, so there cannot be
28 fixed timelines for future plans. Regardless, there is still an overarching
29 plan for the desired trend of future development, with major features and
30 milestones to be reached. Please send inquiries, comments, and offers of support to
31 <a href="mailto:openafs-gatekeepers@openafs.org?subject=OpenAFS%20Roadmap%20Feedback">
32 openafs-gatekeepers@openafs.org</a>. Where external contributors have promised
33 contributions, they are included, as are timelines when those are provided.
34 The following release schedule is subject to change.</p>
37 <p>The next release in the stable series for Unix will bring additional incremental
38 improvements in line with previous stable branch releases. Most noteworthy,
39 it will include fixes that prevent cases where a database write could be lost
40 or an old version of the database be used instead of the latest version.</p>
41 <p>The 1.6 stable release series is nearing the end of its development lifecycle;
42 development resources are shifting to the forthcoming 1.8 release series.
43 Non-invasive bugfixes and OS support will continue to be merged to the 1.6
44 series, with OS support expected to drive the release schedule.</p>
45 <p>No firm end-of-life date is yet set, as that will depend on the timeline for
46 the 1.8 release to be available.</p>
49 <p>The 1.7.33 release is the latest release from the 1.7 series of stable
50 releases for Windows clients. No additional releases from this series
51 are currently planned.</p>
52 <p>Starting from the 1.7.32 release, 1.7-series releases are only distributed
53 from <a href="/">openafs.org</a> in source form. Pre-built installers are
54 available from third-party organzations.</p>
57 <p>Preparation for a new stable release series for Unix has begun.
58 This release will bring a wide variety of improvements and features that
59 have been developed on the master branch for the past several years.
60 In addition to the general code cleanup that has accumulated,
61 it will include support for pthreaded database servers, shared libraries
62 built with libtool, and use the crypto and roken libraries from Heimdal,
63 eliminating the broad reliance on libkrb5 for rxkad-k5 support. The
64 Rx protocol performance is improved, and private structures have been
65 removed from the public header files. The most recent status update
66 for this release was posted to openafs-devel is available
67 <a href="https://lists.openafs.org/pipermail/openafs-devel/2016-September/020355.html">here</a>.</p>
70 <p>The 1.9 series will be an experimental release series, producing
71 a rapidly updating set of releases to facilitate access to the features
72 being developed for the 2.0 release.
75 <p>One of the goals of the 1.8 release is to open up the tree for
76 more invasive (and more rewarding) feature development. One long-desired
77 feature that is expected to be in 2.0 is the rxgk Rx security class;
78 some preliminary changes toward that feature are in gerrit waiting
79 for review. Other desired features such as IPv6 support are listed
80 below, but as always, are contingent on the contributions of
81 volunteers and companies to make them happen.</p>
83 <h1>Development Wish List</h1>
85 <h2><a name="modernization"></a>Modernization of crypto and network support</h2>
86 <p>Over the years, the AFS protocol has not kept up with developments in
87 cryptography and network protocols, sticking with single-DES-grade encryption
88 and remaining an IPv4-only service. The 2013 security release moved
89 the long-term krb5 cell-wide keys off of single-DES, but wire encryption
90 remains unchanged since the original AFS release.</p>
93 <li><strong>rxgk</strong>
94 <p>rxgk is the long-established new security class that uses the GSSAPI
95 for authentication and RFC 3961 cryptography for wire encryption and
96 integrity checking. The use of the RFC 3961 framework allows for new
97 cryptographic methods to be introduced without additional protocol
99 <p>Work towards rxgk has already begun, but some major pieces remain
100 to be designed. In particular, the cache manager needs to be rearchitected
101 to support the separation of connections to database servers and
102 connections to fileservers; before connecting to a fileserver, the cache
103 manager must first connect to a vlserver and learn about the fileserver.
104 On the server side, a new vldb format must be designed to store the
105 extended fileserver information and track which fileservers are rxgk-capable;
106 the prdb should have mechanisms to store extended authentication names
107 from arbitrary GSS-API clients. A procedure must be developed
108 (and software to support it) for a seamless transition from an
109 existing deployment to using rxgk for server-to-server communication
110 and enable rxgk for client usage.</p>
112 <li><strong>IPv6</strong>
113 <p>At present, OpenAFS represents IP addresses as uint32. This
114 is fundamentally incompatible with IPv6, which is increasingly becoming
115 a necessary part of the Internet ecosystem. In order to remain
116 a fully viable solution, OpenAFS must develop support for at least
117 clients with IPv6 addresses, but also for servers with IPv6 addresses
119 <p>The path to proper IPv6 support in the client is fairly clear:
121 all variables that hold IP addresses to be a distince type specific
122 to IP addresses, then to convert that type to a structure containing
123 the IPv4 address and use accessor routines for all operations with it,
124 then adapt the accessors to be compatible with IPv6 addresses and
125 abstract away address-family specific knowledge from the code that
126 interacts with the accessors. On the server side, though,
127 additional database work is needed to support storing multiple types
128 of adderess, and RPCs developed to manage them.
129 No commitments have been made for contributions toward this goal.</p>
132 <div id="footer">
135 <webmaster@openafs.org></address>
137 Last modified: 2016/10/19 22:00:05 CDT</address>
139 <script type="text/javascript">
140 var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
141 document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
143 <script type="text/javascript">
144 var pageTracker = _gat._getTracker("UA-5995928-1");
145 pageTracker._trackPageview();