Kerberos Consortium launched

MIT announced late last week the launch of the Kerberos Consortium, aiming high: Creating a universal authentication platform to protect the world’s computer networks. Among the founding sponsors of the new consortium: Centrify Corporation, the Financial Services Technology Consortium, Google, Stanford University, Sun Microsystems, TeamF1, and the University of Michigan. The Consortium also will receive generous support from Apple. Kerberos is a network authentication protocol, originally developed for MIT’s Project Athena in the 1980s. You may know that during the past two decades, it has grown to become the most widely deployed system for authentication and authorization in modern computer networks. The problem is that it is currently mostly available only in large corporate networks. Kerberos’s ability to require strong mutual authentication has enormous potential to protect consumers doing business on the public Internet from phishing and other types of attacks. “By establishing the Kerberos Consortium, MIT seeks to permit Kerberos to continue to grow and develop as a stable and universal ‘single sign-on’ mechanism for the users of modern computer networks,” said Stephen Buckley, executive director of the Kerberos Consortium. “The Consortium will provide a mechanism to permit greater industry participation in the funding and development of Kerberos, and thus allow it to evolve into the universal ‘single sign-on mechanism’ users need but do not yet have.” Sam Hartman, chief technologist for the Kerberos Consortium, added: “We foresee a day when Kerberos-based authentication and authorization will be as ubiquitous as TCP/IP-based networking itself. We want to make Kerberos more useful and available than ever before.”

As an example, Hartman noted that if Kerberos were available on mobile devices, it would be more attractive in the health care industry as a mechanism for securing privacy of health records. If made available for consumers, it could make electronic commerce less susceptible to phishing and identity theft. “We see a number of our customers asking for open source, stable and interoperable single-sign on technology, based on the Kerberos protocol” said Kathy Jenks, Director, Sun Microsystems. “The MIT Kerberos Consortium is an outstanding way to address our customers’ requirements, and a continuation of the work we have been doing within the Kerberos community over the last several years.” Clifford Neuman, director of the USC. Center for Computer Systems Security, and the original principal designer of Kerberos, said: “The bright future for Kerberos depends on our ability to standardize the technologies layered above Kerberos — hence the need for an organization like the Kerberos Consortium. I am delighted to see industry, academia, and the business community coming together to promote the growth of Kerberos into new areas.”

The consortium will perform software development and the documentation activities necessary to achieve its goal of ubiquitous support for Kerberos-based single sign-on solutions across all aspects of the world’s communication infrastructure. A primary objective of the consortium is to implement the solutions it promotes in the form of open source reference implementations that can be used by Consortium members within their products and organizations without licensing fees.