The OpenAFS community participates in Google Summer of Code by sponsoring students working on OpenAFS and related open source projects such as kAFS and Network Identity ManagerSkip to the list of accepted projects for 2010
OpenAFS is a 100% open source globally distributed file system derived from IBM AFS commercial offering as of 1 November 2000. Since IBM released the source code OpenAFS has thrived adding support for new platforms while enhancing its overall performance, scalability and usability.
OpenAFS has a large, mature codebase of over 800,000 lines of code. It is used by large enterprises, universities, and research establishments worldwide, and plays a part in fields from finance through space exploration to quantum physics. Developing code for OpenAFS gives you the opportunity to make a significant difference to a product that is in real-world large scale production use, and to learn key development skills. We have a large, supportive, community of developers who are keen to see new developers enter our project, and happy to help out as you get up to speed.
Network Identity Manager is a client-side tool designed to simplify the acquisition and management of network identities and the credentials used to provide secure identification to network services on Microsoft Windows. In 2010, students, faculty, and researchers among others must be able to access services distributed around the world, managed by different organizations, and deploying different network authentication technologies.
As an example, a scientist at the U.S. Department of Energy's Fermi National Labs must be able to access systems that require three different forms of network credentials:
Traditionally, the acquisition and renewal of each credential type would be performed using distinct tools. The Kerberos v5 ticket granting ticket would be obtained and managed by a Kerberos v5 Ticket Manager (MIT's Leash on Windows or Kerberos.app on MacOS X). The AFS Tokens would be obtained by a tool provided by OpenAFS (aklog or afscreds). The short lived X.509 certificate would be obtained by a tool designed to work with either a Kerberized Certificate Authority (KCA) or the Globus MyProxy Credential Management Service. With each new credential source, the complexity for the end user is increased.
Network Identity Manager reduces this complexity by implementing a Single Sign-On (SSO) framework that permits an initial authentication to retrieve not just a single credential but all of the derivative credentials necessary for the user to perform their task. There have been many organization specific tools that have been developed over the years to obtain mixed credentials Unlike previous tools what makes NetIdMgr special is its modularity. Its pluggable framework model does not require all of the technologies to be integrated by the same organization. Nor do all users have to be given access to the same combination of identity and credential provider modules.
As always, the GSoC 2010 FAQ is a worthwhile reading for anyone involved or considering involvement in the Google Summer of Code program.
OpenAFS is a challenging project to develop for. It is a large and complex project that has developed over nearly 3 decades. The code must work across a wide variety of different operating systems, and is heavily multi-threaded in places. On Unix, the OpenAFS client runs within the machine's kernel, which can significantly complicate the development process. As an enterprise product, OpenAFS relies upon significant underlying infrastructure, which a developer needs to get running before they can test any OpenAFS code. In addition, OpenAFS is primarily written in C, with all of the attendant issues of memory management and pointer manipulation.
These challenges mean that students who successfully complete a Summer of Code are likely to leave with significant new skills. Real world experience of developing for distributed systems, kernel programming, building test infrastructures and developing thread safe code are key skills to develop, and we're happy to help you to learn them. Please join us on #openafs on freenode, in the Jabber conference firstname.lastname@example.org, or on the email@example.com mailing list.
If you apply to OpenAFS please be aware of the following:
You can speak to members of the OpenAFS Community using three forums:
The following are a list of projects accepted for Summer of Code 2010 for OpenAFS.
During last year's Google Summer of Code, an interface for allowing use of OpenAFS userspace programs with kafs was developed. This was found to not be acceptable to the Linux kernel core due to the pioctl ultiplexor system call. An alternate approach using [gs]etxattr(), add_key() and keyctl() and /proc with O_NODE was done; This year's project aims to extend upon that work.
Around the same time the original Linux port of AFS was done, a port to NetBSD was also available. While NetBSD has evolved, the original AFS port did not keep pace. Since then, a port to NetBSD has been highly desired. This project will port the OpenAFS client to run on NetBSD.
The AFS protocol offers encryption for data transport from client to server. However, that data is stored on the server in cleartext, where it can potentially be read by the administrators of that server. This poses a real world problem for organisations who wish to outsource the provision of their file storage, whilst keeping their data confidential. This project would augment the existing AFS client to support encrypting data blocks before sending them to the file server. Additional enhancements would manage user and data keys in such a way that a user can share encrypted files with other AFS users of their choosing, and protect the names of files, in addition to their contents. This is a challenging project, during which the student will gain an in depth knowledge of kernel programming, distributed systems, and cryptography.
In order to store arbitrary metadata (aka attributes) with files or directories in file systems that do not have the necessary native support Apple developed the Apple DoubleFile format. AFS does not support arbitrary metadata and on Apple MacOS X systems, the operating system will create DoubleFiles without additional support from the AFS Cache Manager. This project is to implement native support for Apple DoubleFiles in one or more of the AFS Cache Managers exporting Posix Attributes on Unix/Linux platforms and Extended Attributes on Microsoft Windows. This will permit arbitrary metadata (for example, icons, thumbnail images, author, copyright info, gps tags, etc.) to be stored in AFS and shared across multiple operating systems without requiring changes to the AFS file servers.
Microsoft has developed a safe C String manipulation library (StrSafe.h). The advantages of the
Strsafe functions include:
It is the opinion of the OpenAFS Gatekeepers that the StrSafe.h functions are superior to anything currently available in all of the UNIX/Linux and Windows environments supported by OpenAFS. OpenAFS would like to be able to make use of the StrSafe.h functions on UNIX/Linux to improve the code quality of OpenAFS and further enhance the code sharing across Windows and UNIX/Linux.
This project is to implement from scratch a new implementation of the StrSafe.h functionality for use on non-Windows platforms based entirely upon the documentation provided by Microsoft: http://msdn.microsoft.com/en-us/library/ms647466(VS.85).aspx