September 27, 2007
Kerberos was first deployed at MIT in September of 1986. In its more than two decades of use it has matured and blended into the background. Most Kerberos users have never heard of it and have no idea what it does. Designed in part based on much research that preceded it, a significant strength of the Kerberos system is the placement of the server at a management control point for authentication and related technologies, enabling other security technologies to work together.
Over the years there has been significant controversy as some organizations used Kerberos one way, and others used it differently. Kerberos was designed to work in such environments, with much of its future potential enabled through protocol hooks, waiting for other technologies to be developed that would use them. The bright future for Kerberos depends on our ability to standardize the technologies layered above Kerberos, and that provides the need for an organization like the Kerberos consortium.
I am delighted to see industry, academia, and the business community coming together to promote the growth of Kerberos into new areas. By working together, we will be able to use Kerberos to strengthen many core security technologies as they are deployed in federated environments. We will see advances in authorization, management, and even audit and intrusion detection. I look forward to working closely with all involved to ensure that the vision of Kerberos is fulfilled.
Prof. Clifford Neuman
Director, USC Center for Computer Systems Security
Principal designer, Kerberos