I2IM Conference Call March 19, 2004

[AI] Peter: will revise the case he wrote to reflect authentication issues.
[AI] Brendan: will revise the statements that distinguish pseudonymous from authorized to reflect the web of trust concept regarding attribute authorities.

I2IM Conference Call March 19th, 2004

Peter St Andre, Jabber Software Foundation
Diego Lopez, RedIRIS
Chris Williams, University of Buffalo
Michael Gettes, Duke
Jonathan Siegle, Penn State
Brendan Bellina, Notre Dame
Jeanette Fielden, Internet2
Steve Olshansky, Internet2
Ann West, Educause/Internet2

*Discussion*
Peter asked who would obtain the authorization credentials in a case such as group chat rooms? Is it the group chat service, the server that hosts the service or the users home server? Is it preferable for the remote server to use an XMPP binding or HTTP to request the credentials? When you authenticate to the local server do you get a handle, does the chat room ping my local server for a local handle, or is it provided from the client side? How does the remote end get attributes given a handle? Existing HTTP libraries or an XMPP binding can be used to pass attributes. The advantage to using the HTTP libraries is that a variety of environments and those clients that aren't using XMPP could utilize it.

[AI] Peter: will revise the case he wrote to reflect authentication issues.

How do we build up the trust within the instant messaging framework so that we can go inter-realm? Internet2 might be federation 1 and Educause federation 2, how do we go between them? How do you trust the initial connection? Does the path matter in transitive trust? The sense is that SAML and Shibboleth have enough cryptography to support transitive trust.

Peter indicated that one reason to push handles down to the client is there is not necessarily a local server to authenticate to. For a lone instance of Mozilla, the handle has to be at the client level. There is more client/server architecture in the XMPP world, which might be utilized to build something stronger. Michael asked how stronger XMPP binding from server to server would impact current practice? Would people regard it as trusted communication? Peter noted that energy traders, Wall Street brokers, are using IM based applications now for real time trading and it would be more trustworthy if you knew you were getting attributes for SEC compliance, and were assured that the trader was verifiably from Morgan Stanley, etc. This circles back to Brendan's pseudonymous use case in assuring that the teacher is communicating with someone who is a member of the class.

Brendan has identified three statements that separate pseudonymous communication from authorized.
Pseudonymous
1. The user should be able to chat without revealing identity. You would know it is an authenticated member of the group but not the individual identity.
2. The user should be able to reinitiate a chat session and be recognized without revealing specific identity.
3. The user should be able to reinitiate a chat session without having to know the target's specific identity.

Authorized
If you're not going to pass identity then you need to pass something so the person knows that you're authorized for access, non-specific identity information such as Member of class
1. A user should be able to filter potential chatters by attributes that have been vouched for by an attribute authority.
2. A user should be able to determine why a person is allowed through a filter.
3. A user should not be his/her own attribute authority.

Michael believes the third item under authorization does not allow for future developments in technology. Compare it with the history of telephones. Originally telephone switchboard operators connected all calls. Now callers act as their own operators. In the Higher Education Bridge model we are all our own CA's and we develop relationships with other entities. It is how we start and which network we are a member of that determines who trusts us and how much trust we get in the rest of the network. It is a web of trust issue. If the bindings are strong enough, i.e. the federation has well enforced rules, then you can trust that the information supplied is correct, similar to believing the number the phone company passes via caller id is the real number.
[AI] Brendan will revise the statements that distinguish pseudonymous from authorized to reflect the web of trust concept regarding attribute
authorities.

There are four speakers confirmed for the Real Time Communications Summit at the Internet2 Spring Member Meeting on April 21st 2004. In the first half the working group chairs for VidMid VC, VoIP, PIC, and I2IM will give a brief presentation with a response from the invited speaker. The second half of the summit will be a moderated discussion with the audience.