FYI :-) If required, discussion can be continued on the GE mailinglist. Regards, Emmanuel ----- Original Message ----- From: Leon Timmermans To: glasselevator-talk@xxxxxxxxxxxxx Sent: Thursday, April 24, 2003 9:25 PM Subject: [ge-talk]Networking futures Hi everybody, BeOS always has been THE multimedia OS, but I think it should also become the 'ultimate networking system'. Networking should be completely transparent. It should be just as easy to access a network resource as to access a local one. Also the protocols used to do this should be standardized. This eases everything a lot. First of all OBOS needs to become multi-user OS(everyone agrees here I think). A multi-user OS requires a 'triple-A' system: authentication, authorization, and accounting. I think the best way to implement this would be a combination of LDAP (preferably with TLS/SSL) and GSS-API. GSS-API will be used for authentication and LDAP for authorization and accounting. Both should be integrated into a modular AAA-kit itself. Why GSS-API? Simple: because applications can use it for to authenticate, encrypt and integrity-protect (network) resources with it. LDAP probably is the best directory service in existence, on some sites it has even replaced DNS. I think LDAP is definitely the best choice for things like accounting. SQL or NIS/NIS+ aren't adequate. The easier it is for programmers to use triple-A in their programs, the more likely it is they will use it and the safer the system becomes. Authorization should take at most 4 lines of code. OpenLDAP (www.openldap.org) is BSD licensed, as is Heimdal (a Kerberos implementation; http://www.pdc.kth.se/heimdal/), (there also is a MIT implementation at http://web.mit.edu/kerberos/www/), so license shouldn't be a problem. RFC2307 (http://www.ietf.org/rfc/rfc2307.txt) gives some recommendations on how to implement the LDAP part. We must have our own native distributed file system. I do not have Beserved, so I can't tell if it is any good, but I think depending on one commercial source is a little dangerous (focus-shifts). I think we should use NFSv4. NFSv4 (Network File System version 4) has got *a lot* of potential, because it is standardized and made to be cross-platform interoperable and extendable. I know many people don't like NFS. NFSv4 is *fundamentally* different from previous version. It has solved many "limitations and deficiencies of NFS version 3". It has state, like other networked file systems. RFC 2624 (http://www.ietf.org/rfc/rfc2624.txt) describes the design considerations of the protocol. RFC3010(http://www.ietf.org/rfc/rfc3010.txt) is the specification. To quote that RFC: "NFS (Network File System) version 4 is a distributed file system protocol which owes heritage to NFS protocol versions 2 [RFC1094] and 3 [RFC1813]. Unlike earlier versions, the NFS version 4 protocol supports traditional file access while integrating support for file locking and the mount protocol. In addition, support for strong security (and its negotiation), compound operations, client caching, and internationalization have been added. Of course, attention has been applied to making NFS version 4 operate well in an Internet environment." It already supports features as attributes, and mime-type. Queries will require an extension but the designers deliberately made that possible. NFSv4 also has very good security features (Kerberos and LIPKEY). It has another bonus: we can this to access non-BeOS (read linux/unix) fileservers for too. Important to remember is that there already is a protocol, so we won't have to design that ourselves. We only need to extend it a little. There already is an open source implementation for Linux/OpenBSD (http://www.citi.umich.edu/projects/nfsv4/, its GPLed, might be an obstacle). It would be very useful if OBOS could operate in a diskless environment (as a thin client). This is much more than a geek feature, it could be a very strong advantage compared to other desktop operating systems. Network booting in a desktop environment could give us a lot of new possibilities. Linux can do this (http://www.ltsp.org), but we want a desktop OS. We would really need a network file system for this, so that should come first. This idea might be for R3 or later, since it affects a lot of things like booting. It will probably be complicated. The dynamically swappable kernel idea posted here a while ago might be useful. Dataless clients are also an option ofcourse. They are a lot easier to implement, and have many of the advantages of diskless computers. There could be an integrated remote-access system. Something like VNC can be very useful at times. We should however state a clear goal: should it be an entire desktop that's being showed (like VNC), or just one program (like X). It is a fundamental difference that should be paid attention to. It should not be a low-level protocol as X. It simply isn't efficient enough. We can and should use GSS-API to authenticate here.