Kerberos backers form consortium

Developers and other supporters of the Kerberos authentication platform gathered at MIT's Stata Center on Thursday to unveil a new industry effort aimed at furthering the technology.

Already in use by an estimated 100 million people through its longtime inclusion in other technologies, including popular products made by Apple, Microsoft, Red Hat, and Sun, backers of the new MIT Kerberos Consortium said that the group should help the platform -- invented at MIT 20 years ago -- remain relevant and accommodate new trends around shared infrastructure and mobile computing.

The new Kerberos association, whose members include Centrify, Financial Services Technology Consortium, Google, Stanford University, Sun, TeamF1, and the University of Michigan, will provide some of the funding, technological expertise, and development resources needed to help achieve those goals, organizers said at the event.

Sam Hartmann, chief technologist of the consortium and one of the five full-time developers of Kerberos, said the technology remains one of the IT industry's best-kept secrets but that the group is hoping to change that via its new efforts.

"Kerberos has grown incrementally until today, but it's a technology where people who are using it don't know how much they've used it. When a computer security program works, you shouldn't notice it. You should be able to get your job done, and it shouldn't get in the way," Hartmann said.

"Anyone using Microsoft's Active Directory or Apple Mac Server has used [Kerberos] without even knowing it, and that's the level of success we're striving for," he said. "Our job now is to expand the envelope to bring Kerberos to new developers and uses."

With the backing of the group, Hartmann said that developers will attempt to modify Kerberos to work within the smaller footprint of mobile devices and applications to offer expanded authentication capabilities to areas like wireless e-commerce.

The current iteration of Kerberos designed for use across multiple organizations remains "a pain to set-up" he admitted, while pledging that the assembled team will push to improve the technology's functionality to that end.

The MIT Kerberos Consortium will also seek new opportunities to align the authentication system with industry standards, including SAML (Security Assertion Markup Language), as well as with standards bodies like the Information Assurance Task Force (IATF) and the Organization for the Advancement of Structured Information Standards.

Bruce Vincent, the chief technology strategist at Stanford, said that Kerberos has proven critical in allowing commercial authentication systems to communicate and provide access management across multi-vendor IT systems.

"Without Kerberos as part of the fabric of our existing infrastructure for ID management and a number of other uses, there's no way we could manage authentication across thousands of systems today," Vincent said, while adding that Stanford was committed to the platform for the "long haul."

Officials from Centrify, which has built its own software business around Kerberos, an open-source project, said that the platform is as relevant today as it has ever been, particularly inside large corporate IT shops.

As a result, his company has been able to recruit $36 million in venture funding from Silicon Valley capitalists, including Sigma Partners, and sold products to roughly 25 percent of companies ranking in the Fortune 50.

"A lot of large enterprises are dealing with compliance problems, and this is forcing customers to take a hard look at how they manage their internal systems and access technologies," Kemp said. "The reality of the situation is that computing environments and infrastructure will be heterogeneous and that the people who wrote Sarbanes-Oxley weren't thinking about this situation. Most vendors' technologies don't talk to each other."

Contrary to some rumors, consortium representatives reported that the Kerberos community has not had a falling-out with Microsoft and said that the platform's presence in Active Directory remains crucial based on the product's popularity among businesses.

"MIT wants to make sure that everyone plays nicely together," said Stephen Buckley, executive director of the Kerberos Consortium. "Bad things only happen because people do nothing. If MIT and these visionary companies did nothing, the world's ability for authentication would fracture."