Author Archive

Key Accomplishments - Part 2

Friday, September 11th, 2009 by sbuckley

2. Knowing the customer

One of the problems associated with MIT Kerberos in particular, is our license is so permissive that organizations can download and use our code, and we never have to know who they are or how they are using it.  Some might see this as a “feature”, but I see it as a bug.  I want to know who our customers are!  Otherwise, how can we ask what they need in terms of new features or functionality in order to make our product more useful?

Of course, we knew many of the major players already.  We have had close working relationships with Apple, Debian, Red Hat and Sun for many years.  What was surprising, was how many other interesting uses people were finding for MIT Kerberos.

When the buzz about the launch of the Consortium got into the press, lots of organizations started identifying themselves as using our code in their products.  Centrify and TeamF1 were two of the first organizations to step forward and join the Consortium.  Centrify uses MIT Kerberos to integrate most platforms around Active Directory.  Team F1 puts Kerberos on embedded devices for OEMs.

Many of our other customers were discovered by what I’ll call “benevolent stalking”.  I always thought it was interesting that lots of the same people were answering very sophisticated questions on the krbdev list using nondescript email accounts, and also contributing patches to our RT system.  A few friendly introductory emails to some of these individuals yielded replies from four of the very large banks, where Kerberos was their primary authentication mechanism.  This was great news, because now we were in touch with some of very large organizational customers for the first time.

So we organized  several conference calls with these companies last year as we were planning the feature set for our 1.7 release.  To our surprise, one of the banks was using a fairly old version of our code.  This was odd, and several members of our team worried that they had not upgraded due to concerns about the security of our more recent releases.  So we asked why they had not upgraded.  The answer was simple: they had a modified version of MIT Kerberos with features they depended on, and there wasn’t much in the more recent releases that made an upgrade worth the considerable cost!

This was information we needed to hear.  So the subject immediately turned to one of what features would make an upgrade worth the cost.  We immediately identified two features that the bank depended on and put them on the work schedule for our 1.7 release.  We also asked many other organizations what features they would like to see, and soon patterns began emerging around a specific set of features that customers wanted.  So when we delivered Kerberos 1.7 this past June, for the very first time the features and improvements that went into it were based on what a large number of our customers actually said they wanted.

The 1.8 release features are being driven by the same process of asking customers what features they need most.  For example, we heard loud and clear that there was a need for a password lockout feature in MIT Kerberos.  We think the 1.8 release will be well received when it is released in Spring 2010.

3. Documentation
4. Database support
5. Better coding practices
6. A good test suite
7. Kerberos for Mobile
8. Release Kerberos 1.7
9. Simpler revenue model
10. Community Building

Posted in Uncategorized | No Comments »

Key Accomplishments - Part 1

Tuesday, July 28th, 2009 by sbuckley

The 2009 MIT fiscal year ended on June 30th.  The end of one year’s budget and the beginning of a new one is always a good time to take stock of how much progress has been made.  FY 2009 was our first full year of operations since the Kerberos Consortium was founded in October 2007.

We started out FY 2009 with ten basic things we wanted to make substantial progress on by the end of the year.  In guess my assessment isn’t that we got an “A”, but probably at least a “B+”.  Here’s a recap, broken up into ten parts.

1. An organization

This might seem like an odd goal, given that there has been a Kerberos development group at MIT for over 15 years.  However, that group was funded by MIT specifically to support MIT’s deployment of Kerberos.  MIT still uses and needs Kerberos, but as the technology matured, demands on the group were reduced, head count was cut, and releases became less frequent.  With the creation of the Kerberos Consortium, we needed a new type of organization.  We needed an organization that was externally focused, customer-centric, and execution oriented.  We also needed an organization that could do more than just development work on the MIT implementation of Kerberos.  We needed to provide for the interoperability testing requirements of our sponsors, and provide expert advice on all levels.  Most importantly, we needed to provide the intellectual leadership that our sponsors expected of MIT, and that was required to move Kerberos into new areas, such as the web and on mobile devices.

This change required an enormous cultural shift, and it took its toll.  But I’m pleased to say that we have a given the core MIT team an infusion of fresh blood.  Tom Yu, who has been working on Kerberos for 15 years was promoted to Development Team Leader.  We scooped up Zhanna Tsitkova from Novell, who has 15 years experience in commercial IT security.  We also convinced Greg Hudson to join our team from another area at MIT.  Greg is an amazingly productive and clear thinking engineer with lots of open source development experience.  Thomas Hardjono joined us as Strategic Advisor in December, after years at Verisign and as a long-time chair at the TCG.  Thomas is leading the evolution of Kerberos to the web.  Lastly, we also started hiring MIT undergraduate computer science students to work with us part-time.  So many of the most experienced Kerberos engineers in the workplace today got their first experience as students at MIT.  We now have two students working with us, so this important pipeline of new talent is getting refilled.

Next installments;

2. Knowing the customer
3. Documentation
4. Database support
5. Better coding practices
6. A good test suite
7. Kerberos for Mobile
8. Release Kerberos 1.7
9. Simpler revenue model
10. Community Building

Posted in MIT-KC, News | No Comments »