Final Update ( By katelyn Last mod: Jun 10 14:44 )
I don't know if anyone is still reading this blog, but I wanted to write about the outcome of my project, how GSoC went for me and my future plans related to the project.
In case anyone reading this didn't know, I was working on Inferno authentication, in particular the SPKI infrastructure for Inferno. I completed the project successfully, and produced the following:
- An implementation of Inferno authentication for Plan 9 and p9p
- A SPKI verifier which can produce Inferno certificates
- A SPKI version of keyfs which stores keys and certificates securely,
and allows these to be queried
- A command which creates SPKI certificates to form part of a chain of
delegation of authority
- I also adapted a program written by my mentor Charles to create a
module which performs SPKI reduction.
I'd like to say how GSoC was from the perspective of someone who was never involved in open source development before. In general, I felt that GSoC went well for me. I started off slowly because I found it very difficult to become familiar with Plan 9 and Inferno so quickly since I'd never heard of them until earlier this year. I think this was the main thing I'd change - if I did this again I'd try my best to prepare more. I also should have asked my mentor more questions - at first I was afraid to ask many things in case the questions were stupid. On the other hand, after a few weeks I started working a lot more quickly and I really learned a huge amount during the project, not just about Plan 9/Inferno but also about development and managing a project in general. Overall, I think I produced more useful code than I had expected at the start.
In future, I intend to continue to work on improving or fixing the code I have written this summer, if necessary. However, I also want to become actively involved in the development of Plan 9 and Inferno, and contribute as much as possible to these projects. This includes both work related to my project and also totally different work, since I have a lot of ideas. I guess I'll post to the relevant mailing lists when I want to work on something.
speaksfor ( By katelyn Last mod: Jun 10 14:44 )
Today I completed the speaksfor program. This is an Inferno command which will be used to create a SPKI certificate which forms part of a SPKI "speaksfor" chain of delegation of authority. It works like this: the command can be invoked as
speaksfor S I [T] [V]
where S is the Subject, I is the Issuer, T is an optional tag and V is the optional validity of the certificate. Then a certificate is created which states that Subject S may now speak on behalf of Issuer I regarding the things in the tag T (by default the Subject may speak for I regarding everything). In other words, I delegates part of its authority to S.
In practical terms, currently S is the name of a public key stored in keyfs which I spoke about last time, and I is a public/private key pair read from a file. The Issuer I then signs the certificate with its private key. Although it isn't essential for my project, I'd like to extend speaksfor so that it can also produce name certificates, which would be used to verify that a user is a member of a group.
As for what I have left to do, there are several things. Right now I'm working on a command that does SPKI reduction. I'll write about that next time as I only just started this. I also have a couple of minor bugs to fix and man pages to write.
Inferno SPKI ( By katelyn Last mod: Jun 10 14:44 )
This is my first post on here, and I guess it is about time I posted some news on my project. My project involves extending the SPKI infrastructure of Inferno by implementing various file servers and commands. Using SPKI for authentication improves scalability and provides a way to define group membership using the "speaks-for" relationship with SPKI certificates.
The first part of my project was not actually related to SPKI, and involved adding support for Inferno authentication to the factotum of Plan 9 and p9p. I completed a basic implementation of this, although it would benefit from further testing.
I then wrote a SPKI verifier. The verifier is implemented as a file server using file2chan, and accepts a SPKI certificate sequence as input. If the sequence is verified correctly, the verifier then serves a file containing an Inferno certificate which can be used to access services.
Right now I am working on a SPKI version of keyfs for Inferno. This keyfs stores SPKI keys and certificates securely in an encrypted keyfile. It is implemented as a Styx file server which serves three directories within /mnt/keys: pk/, sk/, and cred/, which contain public keys, private keys, and all credentials including certificates respectively. Users can add new keys and certificates and name them by writing an S-expression to the "new" file which is provided.
So, next I will probably be adding more features to the keyfs, and hopefully also beginning work on some other related things. My code can be found at http://code.google.com/p/inferno-spki/.
I am enjoying the project a lot and learning so much, even though I have found it difficult. I will give another update very soon.