User:Jeffrey.Altman

Jeffrey Eric Altman is President/CEO of AuriStor, Inc. and Secure Endpoints, Inc. Jeffrey has been a long time believer in open source projects dating back to his work with Columbia University's Kermit Project. As Kermit transitioned from a serial/modem communications suite to a tcp/ip suite, Jeffrey recognized the need for various authentication and authorization models as well as data encryption to ensure privacy and data integrity. OS/2 Kermit and Kermit 95 (the Windows version) were very much a lab in which Jeffrey experimented with a broad range of technologies that have determined his perspective to this day. Kermit integrated support for TCP/IP, NetBEUI, LAT, and several other communication protocol stacks. For authentication and data privacy Kermit added Kerberos v4 and v5, Tranport Layer Security (TLS), Secure Remote Password (SRP), and NTLM.

In order to meet the requirements of Kermit, Jeffrey became active in the Internet Engineering Task Force (IETF) and became a frequent contributor to various open source implementations of IETF protocols including MIT Kerberos, OpenSSL, and Secure Remote Password. In 2000 the IETF published RFC2839 The Internet Kermit Service which provided a client/server Kermit File Transfer Service implemented on top of Telnet. The IKS was implemented as part of C-Kermit and Kermit 95 but did not see broad adoption in third party products.

In 2001, Jeffrey became actively involved in Sun Microsystems' peer-to-peer Project JXTA and was one of the original board members for the project. Jeffrey became known as an expert in peer-to-peer system design giving talks at JavaOne 2002 and the keynote at Uninett 2003. His efforts contributed to the formation of the Internet Research Task Force on Peer-to-Peer networking.

In late 2002, Jeffrey left the Kermit Project and set out on his own forming Secure Endpoints, Inc. The MIT Kerberos team hired Secure Endpoints, Inc. in 2003 to manage the development of the Kerberos protocol implementation on the Microsoft Windows platform. Over the course of the next four years MIT and Secure Endpoints released MIT Kerberos 2.6 through 2.6.5, 3.0, 3.1, 3.2. The Kerberos 3.2.2 release is still the current release supporting Windows 200, XP and Server 2003.

While working with the MIT Kerberos team, Jeffrey was exposed to the Andrew File System, a location-independent distributed file system with a global name space. An open source implementation, OpenAFS was created in November 2000 when IBM released the sources to the commercial product. One of the goals of the MIT Kerberos team was the deprecation of Kerberos v4. Although Kerberos v5 had been an IETF standard since the publication of [RFC1510 http://tools.ietf.org/html/rfc1510] in 1993, its adoption was lagging due to the large number of application protocols that relied upon Kerberos v4 but lacked support for Kerberos v5.

In November 2003, Secure Endpoints took on responsibility for modernizing the Microsoft Windows implementation of OpenAFS and integrating Kerberos v5 support. By the March 2004 AFS Best Practices Conference at SLAC Jeffrey had been named an OpenAFS Gatekeeper and less than a year later he was named an OpenAFS Elder.

The MIT Kerberos user interface in the 2.x and prior releases was called Leash32. This tool provided users the ability to obtain a Kerberos v5 Ticket Granting Ticket (TGT), a matching Kerberos v4 TGT, and an AFS token for the workstation's default AFS cell. This functionality was mirrored by the AFS Credential Tool and a variety of university developed tools such as Stanford University Desktop, Cornell University SideCar, and Rose Hulman's Wake. Each tool had its strengths and weaknesses.

With the version 3.0 release of Kerberos for Windows, Network Identity Manager (NIM) was introduced. NIM was designed to be a flexible framework for managing network authentication identities that is independent of the specific authentication mechanisms. Each authentication mechanism would be added to the framework via a set of plug-ins known as providers. Three sets of providers are supported: identity providers, credential providers, and tool providers. An identity provider is an authentication mechanism that defines a network identity. A credential provider is capable of obtaining a credential using a network authentication mechanism for one of the defined network identities. A tool provider is independent of the network authentications and permits additional functionality to be offered via the user interface.

NIM addressed a variety of needs. First and foremost it broke down monolithic do everything tools that shipped with MIT Kerberos into modules that could be released and upgraded independent of each other. The MIT Kerberos team was no longer responsible for incorporating AFS support into their user interface. The OpenAFS distribution would include an AFS token provider for NIM but would not have to include its own user interface. Sites that depended on both but had requirements for additional credential types such as X.509 client certificates issued by a Kerberized Certificate Authority would no longer have to maintain their own tools.

The development of NIM v2 is one of the most important achievements of Secure Endpoints, Inc.

When IBM released OpenAFS in 2001 the vast majority of IBM AFS customers simply stopped paying licensing fees to IBM and never contributed to the development of OpenAFS. By the Spring of 2007 a wish list of feature enhancements had been published for which there was little to no funding available.

In October 2007, Jeffrey founded AuriStor, Inc. (originally Your File System, Inc.) AuriStor, Inc. received Phase I and Phase II SBIR grants from the Department of Energy to develop an enhanced version of the Andrew File System that meets the security, performance, and functional requirements of the 21st Century cloud filesystems. The expanded OpenAFS wish list published in November 2007 was derived entirely from the SBIR grant application. All of the work funded by the SBIR grant was donated by AuriStor, Inc. to OpenAFS. However, few of the features were ever completed. In 2012 Jeffrey began his transition away from OpenAFS by stepping down as an Elder. Jeffrey determined that it would be impossible to complete the AFS vision upon which AuriStorFS was built if end user organizations had no incentive to contribute resources to fund research and development.

Jeffrey and the AuriStor team continued to invest in the AuriStorFS filesystem. The product was commercially deployed in May 2016 at its first customer. AuriStorFS in July 2017 does not include all of the functionality envisioned in 2007 but it has made substantial improvements in security, networking, scale, performance and functionality.

When Jeffrey is not working on his companies, he is actively playing volleyball and raising his Beagle, Ch Saranan Leonardo da Vinci.