Friday, September 28, 2007

MIT Kerberos Consortium - cutting through the smoke and smashing the mirrors

Apparently, a bunch of companies have formed a consortium to "further the technology".

Already in use by an estimated 100 million people through its longtime inclusion in other technologies, including popular products made by Apple, Microsoft, Red Hat, and Sun, backers of the new MIT Kerberos Consortium said that the group should help the platform -- invented at MIT 20 years ago -- remain relevant and accommodate new trends around shared infrastructure and mobile computing.

Let me start this by saying that anything that is done to help further Kerberos is a great thing. However, as I read this article there was a second when I saw through the smoke and mirrors and caught a glimpse of what was behind the curtain so here I go off on an rant...

  • "MIT Kerberos Consortium said that the group should help the platform" - Funny how it is called the "MIT Kerberos Consortium" and not the "Kerberos Consortium". Does everyone know that there are other companies out there that build Kerberos servers? Like Heimdal, for example? Should the statement really be something like: "said that the group should help the MIT platform"? Big difference - help MIT versus help the industry as a whole. Oh, and why suddenly is the IETF being marginalized? I'm pretty much used to seeing the IETF drive standards - just what we need, another cook in that kitchen.

  • "Anyone using Microsoft's Active Directory or Apple Mac Server has used [Kerberos] without even knowing it, and that's the level of success we're striving for," he said. "Our job now is to expand the envelope to bring Kerberos to new developers and uses." Oh, how true!! Anyone using AD is using Kerberos! Microsoft's Kerberos - not MIT's Kerberos! I wonder why Microsoft is not a founding member of the "MIT Kerberos Consortium"??

  • "Kerberos has grown incrementally until today". Are you kidding me?? If it wasn't for Microsoft - let me repeat that so it sinks in: If it wasn't for Microsoft you guys would have a pretty small club. Kerberos' claim to fame prior to the launch of Microsoft Windows 2000 was "DCE". Everyone remember DCE? Exactly, that's my point. Microsoft put Kerberos on the map my friends. Period, end-of-story. Kerberos would have died without Microsoft and, without a sound.

  • "Without Kerberos as part of the fabric of our existing infrastructure for ID management and a number of other uses, there's no way we could manage authentication across thousands of systems today". Very true indeed but which/what "thousands of systems" are we talking about? Oh, of course, the "thousands" of Microsoft servers, clients and web servers (based on IIS!) that are out there. Of course there are other servers that use Kerberos but please point me to the numbers that would show how they exceed what Microsoft has shipped.

  • Contrary to some rumors, consortium representatives reported that the Kerberos community has not had a falling-out with Microsoft and said that the platform's presence in Active Directory remains crucial based on the product's popularity among businesses. I'm sure (I know) Microsoft loves Kerberos. I love Kerberos. We all love Kerberos (and Barney). So why isn't Microsoft a member of the consortium then? Well, if I was Microsoft and most of my world was based on Kerberos would I want a bunch of jumped-up eggheads and vendor-neutral-my-eye folks telling me what to do?? Not a chance. After all, "I am Kerberos" (at least that's what I would say if I was at Microsoft.)

So, my prediction is that a lot of the folks who are contributing huge pots of money to the consortium have pretty much poured it down the drain. Nothing will come out of this unless or until the industry as a whole - including Microsoft - adopt whatever the consortium comes out with.

Build it and they will come? I doubt it. Microsoft is doing more for Kerberos than the "MIT Kerberos Consortium" will ever do...

No comments: