BSI shows how secure groupware can be developed using open source
Revamping the first open source groupware solution
Many heroes will remain unsung because there is no-one to tell their story. I first came across this story over eight years ago, and three years ago it became connected with my own. The hero in our story is an unlikely candidate for heroism: a public sector body in Germany, the German Federal Office for Information Security (BSI).
This body was one of the first to participate actively in open source development. Virtually everyone today is indebted to them because they enabled much of the work on GNU Privacy Guard (GnuPG), which everyone uses and if only as a core component of any distribution. But it did much more than that.
In the early 2000s the BSI was in need of a Groupware solution that was suitable to their heightened security requirements—setting standards that many IT professionals are following today. The solution had to be auditable to the core, with an option to build the software in their own controlled environment, with maximum software freedom and as many open standards as could possibly be. To understand how truly visionary this was, just think back to what you were doing around the year 2001, and the discussions that dominated the media in those days.
This was still the time of open source being attributed to unwashed students, not corporate boardrooms, where 'but software patents are likely to severely harm open source' was more likely an argument for than against software patents.
Yet the BSI tendered and awarded development of a solution that would adhere to security standards that were defining today's state of the art. These would be part of the solution's design and ended up pioneering concepts such as NoSQL storage by relying on IMAP as a technology that would scale to millions of users and gigabytes of data. The solution would also not rely on a monolithic server, but on components that would communicate over secured network protocols, giving it many of the elastic properties we seek in clouds today. And most importantly, the solution would provide a path out of the Microsoft desktop monopoly by focusing on a functionally equivalent desktop client to complement that server.
All of this was developed in the open, in and by the community, without any proprietary components, and put into production in version 1.0 in 2003. As such, this software was an early example of a government maximizing returns on tax money spent by 'freeing the code' and promoting reuse and multiple vendor implementations of various technologies. So when it was released and put into practice it made quite some news. But then things got quieter. Today, many people have forgotten or never even heard about this solution. It's name? Kolab.
Having covered the release of version 2 in the Brave GNU World, I now find myself deeply involved in the release of version 3. This version is the result of two years of development work where the entire server and parts of the client have been re-factored while allowing users continued operation. A truly nerve wrecking endeavour at times. But the result is some technology we are truly proud of.
Integration has never been easier. The new storage format was re-based on the xCal and xCard RFCs. So we are now using an XML schema description to generate the code that allows usage as canonical storage format through an API from virtually any programming language. A server API now provides for configuration and control through JSON—and we also developed the administration front end to go with it. And last but not least the new web-client interface which incorporates and has delivered a huge push to Roundcube, the world's favourite open source webmailer.
All of this comes with everything that made Kolab great before: the extremely flexible scalability, robustness, and security that has made Kolab the groupware of choice for many integrated products in the past. But we also improved upon it with synchronization support for mobile devices and tablets, with a refactored version of the Kolab support for Mozilla Thunderbird and Lightning, and of course a much improved KDE Kontact that has made huge advancements over the past year.
The most important improvement was however not technical. It was the founding of Kolab Systems AG and the ramping up of an entirely fresh development team that is both passionate and highly competent. This established a true products champion that is a full open source Independent Software Vendor (ISV), including partnerships with Red Hat and SuSE. Along with the switch to a time based release model it gives users and customers the peace of mind that comes from an actively maintained solution, and a whole range of services to choose from.
So I think it is quite likely that even if you hadn't heard of Kolab before, you'll hear of it again.
And the heroes of our story who kicked all of this off, the BSI. They approached this problem with an open mind and chartered the (then) unknown path of open source.
After all, without them the first comprehensive open source Groupware solution, and still one of the very few that actually provides supported software freedom to its users, might not exist.
Living up to the principle of practicing what they helped define and preach, they continue to use Kolab on 500 Linux desktops as they have for years. And they continue to do important work in open source that will continue to benefit the IT security of the German government as well as users around the world.