Release 1.8.11

[openafs-web.git] / gsoc.html

<!DOCTYPE html>
<html>

<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Google Summer of Code Project Ideas</title>
<style type="text/css">

span.MsoFootnoteReference
        {vertical-align:super;
}
</style>
</head>

<body>


<h1>OpenAFS, Network Identity Manager and Google Summer of Code</h1>
<p>The OpenAFS community participates in Google Summer of Code by sponsoring 
students working on OpenAFS and related open source projects such as kAFS and 
Network Identity Manager</p>
<a href="#accepted">Skip to the list of accepted projects for 2010</a>
<h2>What is OpenAFS?</h2>
<p>OpenAFS is a 100% open source globally distributed file system derived from 
IBM AFS commercial offering as of 1 November 2000.&nbsp; Since IBM released the 
source code OpenAFS has thrived adding support for new platforms while enhancing 
its overall performance, scalability and usability.&nbsp; </p>
<p>OpenAFS has a large, mature codebase of over 800,000 lines of code. It is
used by large enterprises, universities, and research establishments
worldwide, and plays a part in fields from finance through space exploration
to quantum physics. Developing code for OpenAFS gives you the opportunity to
make a significant difference to a product that is in real-world large scale
production use, and to learn key development skills. We have a large,
supportive, community of developers who are keen to see new developers 
enter our project, and happy to help out as you get up to speed.</p>
<h2>What is Network Identity Manager?</h2>
<p>
Network Identity Manager is a client-side
tool designed to simplify the acquisition and management of network 
identities and the credentials used to provide
secure identification to network services on Microsoft Windows.&nbsp; In 2010, 
students, faculty, and 
researchers among others must be able to access services distributed around the world, 
managed by different organizations, and deploying different network 
authentication technologies.</p>
<p>As an example, a scientist at the U.S. Department of 
Energy's Fermi National Labs must be able to access systems that require three 
different forms of network credentials:</p>
<ul>
        <li>Kerberos v5 ticket granting and service tickets</li>
        <li>Andrew File System (AFS)
tokens</li>
        <li>Short Lived Credential Services X.509 Public Key Certificates</li>
</ul>

<p>Traditionally, the acquisition and renewal of each 
credential type would be performed using distinct tools.  The Kerberos v5 ticket granting ticket would be obtained and managed by a 
Kerberos v5 Ticket Manager (MIT's Leash on Windows or Kerberos.app on MacOS X).
The AFS Tokens would be obtained by a tool provided by OpenAFS (aklog or 
afscreds).  The short lived X.509 
certificate would be obtained by a tool designed to work with either a 
Kerberized Certificate Authority (KCA) or the Globus MyProxy Credential 
Management Service.  With each new 
credential source, the complexity for the end user is increased.</p>

<p>Network Identity Manager reduces this complexity by 
implementing a Single Sign-On (SSO) framework that permits an initial 
authentication to retrieve not just a single credential but all of the 
derivative credentials necessary for the user to perform their task.
There have been many organization specific tools that have been developed 
over the years to obtain mixed credentials
Unlike previous tools what makes NetIdMgr special is its modularity.
Its pluggable framework model does not require all of the technologies to 
be integrated by the same organization.  
Nor do all users have to be given access to the same combination of 
identity and credential provider modules.</p>
<h2>GSoC 2010</h2>

<p>As always, the 
<a href="http://socghop.appspot.com/document/show/gsoc_program/google/gsoc2010/faqs">
GSoC 2010 FAQ</a> is a worthwhile reading for anyone involved or considering involvement in the Google Summer of Code program.</p>

<p>OpenAFS is a challenging project to develop for. It is a large and complex
project that has developed over nearly 3 decades. The code must work across a
wide variety of different operating systems, and is heavily multi-threaded in
places. On Unix, the OpenAFS client runs within the machine's kernel, which
can significantly complicate the development process. As an enterprise
product, OpenAFS relies upon significant underlying infrastructure, which a
developer needs to get running before they can test any OpenAFS code. In
addition, OpenAFS is primarily written in C, with all of the attendant issues
of memory management and pointer manipulation.</p>

<p>These challenges mean that students who successfully complete a Summer of
Code are likely to leave with significant new skills. Real world experience of
developing for distributed systems, kernel programming, building test
infrastructures and developing thread safe code are key skills to develop, and
we're happy to help you to learn them. Please join us on #openafs on freenode,
in the Jabber conference openafs@conference.openafs.org, or on the
openafs-devel@openafs.org mailing list.
</p>

<h3>Background reading</h3>
If you are interested in working on OpenAFS this 
Summer (and perhaps for the rest of your life) here are some things that we 
recommend you do:<ol>
        <li>If you are unfamiliar with programming in C, see if your
        University has any resources available for assisting their students
        who want to learn C.&nbsp; If that is not possible, get yourself a
        good book and try your hand at it. "The "C Programming Language, 
        2nd edition" by Kernighan and Ritchie is widely considered to be 
        an excellent reference text.</li>
        <li>If you have no idea what multi-threading is or what mutexes,
        read/write locks, or critical sections are, go to the library and
        find yourself a  book.&nbsp; Preferably one that does not specialize 
        in Java, Win32 or Posix threads, but a good general multi-threading
        text book.</li>
        <li>Read the
        <a href="http://docs.openafs.org">IBM AFS documentation/</a>. We are in
        the process of rewriting this documentation to reflect the
        functionality that is now available in OpenAFS - we 
        apologise that some of it is still out of date.
        
        <li>Try your hand at building your own DNS, Kerberos and AFS
            infrastructure.&nbsp;
        <a href="http://tinyurl.com/cexwea">&quot;Distributed Services with OpenAFS&quot;</a> 
        is an excellent cookbook that walks though all of the steps necessary
        to get all of the pieces up and running.</li>
</ol>

<h3>Requirements</h3>
<p>If you apply to OpenAFS please be aware of the following:</p>
<ol>
        <li>You may not have a second job when working on OpenAFS GSoC.&nbsp; We 
        expect a minimum of 30 hours a week of dedicated work on your project.&nbsp; 
        It is likely that you will need to spend more time than that 
        when you include the time spent communicating with your
        mentor(s), and on developing new skills necessary to complete your
        project.</li>
        <li>You must have excellent network connectivity on a regular basis.&nbsp; 
        It is extremely hard to develop for a distributed network file 
        system without access to the Internet.&nbsp; In particular, you need
        to be able to access source code repositories, Kerberos KDCs for 
        authentication, and OpenAFS services.&nbsp; This will require that a
        broad range of both tcp and udp ports be open for access to the
        external world.&nbsp; If you are dependent upon your University's
        network and they firewall access to the outside world, it may be very
        difficult for you to work on OpenAFS.&nbsp; 
        Access to Jabber conference rooms and IRC for communication with your 
        mentors and the community are critical.</li>
        <li>You must know how to compile a C program and use a debugger at a 
        rudimentary level.&nbsp; For Linux, gcc and gdb.&nbsp; For Windows, Visual 
        Studio 2005.</li>
        <li>The time that our mentors spend working with you on a GSoC project
        is extremely valuable. The majority of our mentors are undertaking
        that role in addition to full time employment. Please make the most
        of their time. If you are having a problem, tell us about it as soon
        as possible so that it can be addressed.&nbsp; If you 
        promise to deliver something, do so or warn your mentor as soon as
        you know that you will miss the promised delivery date.&nbsp; If your
        mentor is not available, ask on the IRC channel or the Jabber
        conference room, and other members of the community will be happy to
        help.&nbsp; We will do all we can to make GSoC a success for you, if
        you put in the effort at the work and the communication, but we will
        fail you if you're not putting that effort in.</li>
</ol>
<h2>Communicating with the OpenAFS Community regarding GSoC</h2>
<p>You can speak to members of the OpenAFS Community using three forums:</p>
<ol>
        <li>Jabber Conference Room: openafs@conference.openafs.org</li>
        <li>Internet Relay Chat: freenode.net #openafs channel</li>
        <li>Mailing list: openafs-devel@openafs.org</li>
</ol>
<!--
<h2>AFS &amp; Kerberos Workshop</h2>
<p>This year's <a href="http://workshop.openafs.org/">AFS &amp; Kerberos Workshop</a> 
is being held at the University of Illinois at Urbana-Champaign the week of May 24 to 28.&nbsp;&nbsp; A 
students working with OpenAFS for Summer of Code are given free admission to the 
tutorials and workshop sessions.&nbsp;&nbsp; The workshop is an excellent 
opportunity to meet the community and learn more about how OpenAFS works and how 
it is used.</p>
-->
<h2><a name="accepted"></a>Accepted Projects</h2>
<h3>OpenAFS</h3>
<p>The following are a list of projects accepted for Summer of Code 2010 for
OpenAFS.</p>

<h4><a name="kafs"></a>An alternate implementation of a userspace helper interface for Linux kafs</h4>
<h5>Student: Weylan (Wang) Lei</h5>
<p>
During last year's Google Summer of Code, an interface for allowing use of OpenAFS userspace programs with kafs was developed. This was found to not be acceptable to the Linux kernel core due to the pioctl ultiplexor system call. An alternate approach using [gs]etxattr(), add_key() and keyctl() and /proc with O_NODE was done; This year's project aims to extend upon that work.
</p>
<h4><a name="NetBSD_port"></a>A port of OpenAFS to NetBSD</h4>
<h5>Student: Matt Smith</h5>
<p>
Around the same time the original Linux port of AFS was done, a port to NetBSD was also available. While NetBSD has evolved, the original AFS port did not keep pace. Since then, a port to NetBSD has been highly desired. This project will port the OpenAFS client to run on NetBSD.
</p>
<h4><a name="Encrypted_storage"></a> Encrypted storage </h4>
<h5>Student: Sanket Agarwal</h5>
<p>
The AFS protocol offers encryption for data transport from client to server.
However, that data is stored on the server in cleartext, where it can
potentially be read by the administrators of that server. This poses a real
world problem for organisations who wish to outsource the provision of their
file storage, whilst keeping their data confidential. This project would
augment the existing AFS client to support encrypting data blocks before
sending them to the file server. Additional enhancements would manage user and
data keys in such a way that a user can share encrypted files with other AFS
users of their choosing, and protect the names of files, in addition to their
contents. This is a challenging project, during which the student will gain
an in depth knowledge of kernel programming, distributed systems, and
cryptography.
</p>
<h4>Unix or Windows Cache Manager support for Apple Doublefiles (Extended / 
Posix Attributes)</h4>
<h5>Student: Kelli Ireland</h5>
<p>In order to store arbitrary metadata (aka attributes) with files or 
directories in file systems that do not have the necessary native support Apple 
developed the
<a href="http://users.phg-online.de/tk/netatalk/doc/Apple/v2/AppleSingle_AppleDouble.pdf">
Apple DoubleFile</a> format.&nbsp;&nbsp; AFS does not support arbitrary metadata 
and on Apple MacOS X systems, the operating system will create DoubleFiles 
without additional support from the AFS Cache Manager.&nbsp; This project is to 
implement native support for Apple DoubleFiles in one or more of the AFS Cache 
Managers exporting Posix Attributes on Unix/Linux platforms and Extended 
Attributes on Microsoft Windows.&nbsp; This will permit arbitrary metadata (for 
example, icons, thumbnail images, author, copyright info, gps tags, etc.) to be 
stored in AFS and shared across multiple operating systems without requiring 
changes to the AFS file servers.</p>
<h4>Implementing Microsoft's Safe String (StrSafe.h) Library for UNIX/Linux</h4>
<h5>Student: Jonas Sundberg</h5>
<p>Microsoft has developed a safe C String manipulation library (StrSafe.h).&nbsp; 
The advantages of the
<code>Strsafe</code> functions include:</p>
<ul>
        <li>The size of the destination buffer is always provided to the function to 
        ensure that the function does not write past the end of the buffer. </li>
        <li>Buffers are guaranteed to be null-terminated, even if the operation 
        truncates the intended result. </li>
        <li>All functions return an HRESULT, with only one possible success code 
        (S_OK). </li>
        <li>Each function is available in a corresponding character count (cch) or 
        byte count (cb) version. </li>
        <li>Most functions have an extended (&quot;Ex&quot;) version available for advanced 
        functionality.</li>
</ul>
<p>It is the opinion of the OpenAFS Gatekeepers that the StrSafe.h functions are 
superior to anything currently available in all of the UNIX/Linux and Windows 
environments supported by OpenAFS.&nbsp; OpenAFS would like to be able to make 
use of the StrSafe.h functions on UNIX/Linux to improve the code quality of 
OpenAFS and further enhance the code sharing across Windows and UNIX/Linux.</p>
<p>This project is to implement from scratch a new implementation of the 
StrSafe.h functionality for use on non-Windows platforms based entirely upon the 
documentation provided by Microsoft: 
http://msdn.microsoft.com/en-us/library/ms647466(VS.85).aspx</p>
<h2>Previous Years</h2>
OpenAFS previously participated in the <a href="gsoc/2008final.html">2008</a>
and <a href="gsoc/2009final.html">2009</a>Summers of Code. 

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-5995928-1");
pageTracker._trackPageview();
</script>
</body>

</html>