Secure Endpoints Inc.

Secure Endpoints Inc. (a corporation registered in the State of New York, DUNS# 14-353-0660) provides expert consulting and software development services combining the use of secure open source authentication, data exchange, and communication software and the Microsoft Windows platform. Secure Endpoints Inc. is a primary contributor to a number of Open Source Projects including OpenAFS, MIT Kerberos, and OpenSSL.

Latest News:

2013-05-09 OpenAFS for Windows Release 1.7.24 is now available.
2011-10-02: Heimdal 1.5.1 replaces MIT Kerberos 3.2.2 for Microsoft Windows.
2010-09-08: Network Identity Manager Version 2.0.102 is available as an update to Kerberos for Windows.
2010-05-27: Open Source Kerberos Tooling site announced.
2010-02-18: KX.509 Kerberized Certificate Authority Provider Version 2.4 for Network Identity Manager is now available.
2009-01-22: Network Identity Manager and Kerberos for Windows Development Road Map updated
2008-07-28: Updated OpenAFS for Windows Status Report
2008-01-24: OpenAFS for Windows Development Road Map updated
2007-10-22: MIT Kerberos for Windows 3.2.2 including Network Identity Manager 1.3.1 and support for 64-bit Windows has been announced.
Older News

Products:

Network Identity Manager

Secure Endpoints Inc. is the primary developer of Network Identity Manager (NetIdMgr). It allows end users to manage multiple network identities from within a single easy to use interface. Built upon the extensible Khimaira framework, NetIdMgr enables organizations to provide users with a single sign-on experience. A single Kerberos authentication can automatically derive credentials for a variety of other authentication mechanisms including AFS tokens and X.509 certificates. NetIdMgr also provides users with automatic credential renewal.

Network Identity Manager is distributed as the credential manager for MIT Kerberos for Windows.

Read the Network Identity Manager User Documentation (PDF) and the Khimara Developer Documentation (HTML) or (CHM).

Organizations wishing to support the on-going development of Network Identity Manager are encouraged to contact Secure Endpoints Inc. The road map contains a broad range of features and user interface improvements for which funding is required.

Network Identity Manager Version 2.0.102 is now available as an update to Kerberos for Windows.

AFS Token Provider

Secure Endpoints Inc. has developed a plug-in supporting AFS token acquisition and renewal for multiple AFS cells from a single Kerberos v5 identity. The plug-in is distributed as part of OpenAFS for Windows.
Kerberized Certificate Authority Provider

Secure Endpoints Inc. is distributing a Kerberized Certificate Authority plug-in that can be used to automatically obtain X.509 client certificates when Kerberos v5 credentials are obtained or renewed. Version 2.4.0 is available for download. End-user documentation is also available. The KCA plug-in is bundled with a PKCS#11 module that exports certificates from the Windows Certificate Store to applications such as Mozilla's Firefox and Thunderbird.
The significant changes since version 2.0 include:
- Support for 64-bit Network Identity Manager
- Several memory leaks were plugged
- Capable of storing private keys for certificates with longer Issuer names
- Improved retry algorithm better adjusts for network packet loss
- Notification Icon that shows the status of KX.509 Certificates [2.3]
- Support for old University of Michigan KCA servers that do not include issuer KCA_REALM information in the issued certificates. [2.4]

OpenAFS for Windows

Secure Endpoints Inc. is the primary developer of OpenAFS.org's OpenAFS for Windows product. The Andrew File System (AFS) is a secure distributed file system which allow users of Microsoft Windows and Unix the world over to share information as easily as if the files were stored on their local disks. OpenAFS for Windows is an AFS client providing users of Microsoft Windows 2000, XP, 2003, Vista and Server 2008 nearly seamless access to the data stored in locally managed and publicly available AFS cells the world over.

The latest OpenAFS Release is 1.7.24, now a native Microsoft Windows file system.

Other major improvements that have been implemented in the 1.7 release series include:
- Compatible with all OpenAFS and IBM/Transarc AFS Server versions
- Significantly faster than the OpenAFS 1.6 release (up to 800MB/second read throughput from Solid State Disk backed cache)
- Does not require the installation of the Microsoft Windows Loopback Adapter
- Provides support for kernel enforced Process and Thread Authentication Groups
- New Explorer Shell integration including AFS specific property sheets
- Immediate access to \\AFS namespace after system resume
- AFS Mount Points and Symlinks are File System Reparse Points
Version 1.7.24 is the fastest and most functional OpenAFS client for Windows ever released.

Download 1.7.24 and read the OpenAFS Documentation Set.

Status Report and Development Road Map:

Secure Endpoints Inc. publishes periodic status reports describing the state of development. The most recent report was published in July 2008.

Secure Endpoints Inc. maintains the development road map for OpenAFS for Windows. The road map describes projects that will benefit the OpenAFS community. Organizations wishing to support the on-going development of OpenAFS for Windows are encouraged to contact Secure Endpoints Inc.

Secure Endpoints Inc. offers support for OpenAFS on either a per-incident or annual basis.

Heimdal is an implementation of Kerberos 5 (and some more stuff) originally developed in Sweden (which was important when the project started, less so now). It is freely available under a three clause BSD style license.

Secure Endpoints, Inc. ported Heimdal to the Microsoft Windows operating system platform as a replacement for MIT's Kerberos for Windows which has not been updated in several years. The Secure Endpoints' Heimdal distribution consists of several components:
- The core Heimdal libraries, implemented as a set of side-by-side assemblies
- A set of Kerberos command-line tools including kinit, klist, kdestroy, ktutil, kswitch, kvno, kdigest and others
- A set of MIT Kerberos for Windows compatibility libraries which permit applications developed against MIT Kerberos for Windows to use Heimdal
- A Microsoft LSA credential cache plug-in
- A MIT Kerberos for Windows API cache plug-in
Download digitally signed Heimdal installers.

Please send bug reports and feature requests to heimdal@secure-endpoints.com.

MIT Kerberos

KFW allows applications built around the MIT Kerberos API to execute seamlessly on Microsoft operating systems. Secure Endpoints Inc. strives to improve the single sign-on experience for end users when multiple Kerberos implementations are present on Microsoft Windows operating systems. Secure Endpoints Inc.'s largest contribution to KFW is Network Identity Manager which replaces the antiquated Leash Ticket Manager.

Download MIT KFW 3.2.2 from MIT or digitally signed versions from the Secure Endpoints web server (including 2007 DST updates):
- 32-bit EXE
- 32-bit MSI
- 64-bit MSI (on 64-bit Windows install both the 32-bit and 64-bit MSI packages)
Please send bug reports and feature requests to kfw-bugs@mit.edu.

Secure Endpoints Inc. has been a member of the MIT Kerberos Core Team since 1999 and maintainer of the MIT Kerberos for Windows (KFW) product since 2003. In November 2006, MIT announced a new direction for Kerberos for Windows development and is no longer funding Secure Endpoints Inc.'s continuing efforts to improve MIT's Kerberos product. Organizations wishing to support the on-going development of Kerberos for Windows are encouraged to contact Secure Endpoints Inc. The road map contains a broad range of features and user interface improvements for which funding is required.

Other Open Source and Standards Participation:

OpenSSL

A contributor to OpenSSL since 1999 supporting the Microsoft Windows implementation and the Kerberos v5 cipher suite.
Internet Engineering Task Force

A participant in the development of Internet Standard protocols since 1999.
- Kitten (Common Authentication Technologies: Next Generation)
- Kerberos
- PKIX (Public Key Infrastructure)
- SASL (Simple Authentication and Security Layer)
- TLS (Transport Layer Security)
- Security Area Advisory Group
- Security Directorate

Upcoming Presentations:

European AFS and Kerberos Conference 2011
(October 4-7, 2011) at DESY, Hamburg, Germany

Past Presentations:

AFS and Kerberos Best Practices Workshop (May 19-24, 2010) at University of Illinois at Urbana/Champaign
AFS and Kerberos Best Practices Workshop (June 1-5, 2009) at Stanford University
The New York OpenAFS User Group June Meeting (June 19, 2008)
AFS and Kerberos Best Practices Workshop (May 19-23, 2008) at New Jersey Institute of Technology
- Kerberos Tutorial, Tuesday May 20
- Status of OpenAFS for Windows and Kerberos for Windows, Wednesday May 21
- Customizing Windows Installers for OpenAFS for Windows and Kerberos for Windows, Thursday May 22
- A Preview and Architectural Overview of the Native Windows OpenAFS Client, Friday May 23
- OpenAFS Elders discussion of the road ahead, Friday May 23
The New York OpenAFS User Group April Meeting (Apr 17, 2008) - Windows Cache Manager Architecture
HEPiX Fall 2007 - OpenAFS Status and Futures (November 6, 2007) (Slides)
AFS and Kerberos Best Practices Workshop (May 7-11, 2007)
- Kerberos Tutorial, Tuesday May 8 (Slides)
- Status of OpenAFS for Windows (Slides) and Kerberos for Windows (Slides), Wednesday May 9
- OpenAFS for Windows and Kerberos for Windows User Interface Futures (Slides), Thursday May 10
- OpenAFS Road Map Discussion (Slides), Friday May 11
ACM Reflections 2006 (October 20-22, 2006)
Apple WWDC (August 7-11, 2006)
AFS and Kerberos Best Practices Workshop (June 12-16, 2006)
The third annual AFS & Kerberos Best Practices Workshop was held the University of Michigan. The workshop included two days of tutorials and three days of talks.
- AFS & Kerberos Workshop OpenAFS Status Slides
- Developing Plug-ins for Network Identity Manager
NIST PKI'06 (Tuesday April 4, 2006) - "Integrating Public Key and Kerberos"
AFS and Kerberos Best Practices (June 20-24, 2005)
The second annual AFS & Kerberos Best Practices Workshop was held at Carnegie Mellon University. The workshop included two days of tutorials and three days of talks.
Apple WWDC (June 6-10 2005)
Session 636 - Hands On: Network Authentication

UNIGROUP of New York (April 21 2005)
OpenAFS: An Open Source Wide-Area Distributed File System

AFSig.se (December 2004)
OpenAFS for Windows: One Year Later
UNIGROUP of New York (May 2004)
MIT Kerberos and Cross Platform Interoperability with Microsoft and Java
AFS Best Practices Conference (March 2004)
- Future Directions for the AFS Client on Windows
Uninett (June 2003)
Keynote Address
Peer to Peer Networking. What is it? And why do we care?
JavaOne 2002
Project JXTA P2P Security: A Java(tm) technology-based, Virtual Transport Implementation of Transport Layer Security

Who are Secure Endpoints Inc.?:

Jeffrey Eric Altman, President/CEO

Network Identity Manager	Heimdal	OpenAFS for Windows	OpenSSL
All our development projects are open source and freely available for use. Please contribute to the development of Network Identity Manager, Kerberos for Windows, and OpenAFS for Windows by making a contribution.	Anonymous access to AFS	Subscribe to the Secure Endpoints journal	Open Source Kerberos Tooling

Status Report and Development Road Map: