[openbeosnetteam] Fw: [ge-talk]Networking futures
- From: "Emmanuel Jacobs" <emmanuel.jacobs@xxxxxxxxxxxx>
- To: <openbeosnetteam@xxxxxxxxxxxxx>
- Date: Wed, 30 Apr 2003 15:25:58 +0200
FYI :-)
If required, discussion can be continued on the GE mailinglist.
Regards,
Emmanuel
----- Original Message -----
From: Leon Timmermans
To: glasselevator-talk@xxxxxxxxxxxxx
Sent: Thursday, April 24, 2003 9:25 PM
Subject: [ge-talk]Networking futures
Hi everybody,
BeOS always has been THE multimedia OS, but I think it should also become
the 'ultimate networking system'. Networking should be completely
transparent. It should be just as easy to access a network resource as to
access a local one. Also the protocols used to do this should be
standardized. This eases everything a lot.
First of all OBOS needs to become multi-user OS(everyone agrees here I
think). A multi-user OS requires a 'triple-A' system: authentication,
authorization, and accounting. I think the best way to implement this would
be a combination of LDAP (preferably with TLS/SSL) and GSS-API. GSS-API will
be used for authentication and LDAP for authorization and accounting. Both
should be integrated into a modular AAA-kit itself. Why GSS-API? Simple:
because applications can use it for to authenticate, encrypt and
integrity-protect (network) resources with it.
LDAP probably is the best directory service in existence, on some sites it
has even replaced DNS. I think LDAP is definitely the best choice for things
like accounting. SQL or NIS/NIS+ aren't adequate.
The easier it is for programmers to use triple-A in their programs, the more
likely it is they will use it and the safer the system becomes.
Authorization should take at most 4 lines of code.
OpenLDAP (www.openldap.org) is BSD licensed, as is Heimdal (a Kerberos
implementation; http://www.pdc.kth.se/heimdal/), (there also is a MIT
implementation at http://web.mit.edu/kerberos/www/), so license shouldn't be
a problem.
RFC2307 (http://www.ietf.org/rfc/rfc2307.txt) gives some recommendations on
how to implement the LDAP part.
We must have our own native distributed file system. I do not have Beserved,
so I can't tell if it is any good, but I think depending on one commercial
source is a little dangerous (focus-shifts). I think we should use NFSv4.
NFSv4 (Network File System version 4) has got *a lot* of potential, because
it is standardized and made to be cross-platform interoperable and
extendable.
I know many people don't like NFS. NFSv4 is *fundamentally* different from
previous version. It has solved many "limitations and deficiencies of NFS
version 3". It has state, like other networked file systems. RFC 2624
(http://www.ietf.org/rfc/rfc2624.txt) describes the design considerations of
the protocol. RFC3010(http://www.ietf.org/rfc/rfc3010.txt) is the
specification.
To quote that RFC:
"NFS (Network File System) version 4 is a distributed file system protocol
which owes heritage to NFS protocol versions 2 [RFC1094] and 3 [RFC1813].
Unlike earlier versions, the NFS version 4 protocol supports traditional
file access while integrating support for file locking and the mount
protocol. In addition, support for strong security (and its negotiation),
compound operations, client caching, and internationalization have been
added. Of course, attention has been applied to making NFS version 4 operate
well in an Internet environment."
It already supports features as attributes, and mime-type. Queries will
require an extension but the designers deliberately made that possible.
NFSv4 also has very good security features (Kerberos and LIPKEY).
It has another bonus: we can this to access non-BeOS (read linux/unix)
fileservers for too.
Important to remember is that there already is a protocol, so we won't have
to design that ourselves. We only need to extend it a little.
There already is an open source implementation for Linux/OpenBSD
(http://www.citi.umich.edu/projects/nfsv4/, its GPLed, might be an
obstacle).
It would be very useful if OBOS could operate in a diskless environment (as
a thin client). This is much more than a geek feature, it could be a very
strong advantage compared to other desktop operating systems. Network
booting in a desktop environment could give us a lot of new possibilities.
Linux can do this (http://www.ltsp.org), but we want a desktop OS. We would
really need a network file system for this, so that should come first. This
idea might be for R3 or later, since it affects a lot of things like
booting. It will probably be complicated. The dynamically swappable kernel
idea posted here a while ago might be useful.
Dataless clients are also an option ofcourse. They are a lot easier to
implement, and have many of the advantages of diskless computers.
There could be an integrated remote-access system. Something like VNC can be
very useful at times.
We should however state a clear goal: should it be an entire desktop that's
being showed (like VNC), or just one program (like X).
It is a fundamental difference that should be paid attention to.
It should not be a low-level protocol as X. It simply isn't efficient
enough.
We can and should use GSS-API to authenticate here.
Other related posts: