VidMid-VC-AuthN/Z Conference Call, March 22, 2002

*VidMid-VC-AuthN/Z Conference Call*
March 22, 2002

*Participants*

Steve Olshansky -- Internet2
Tom Barton -- Memphis
Steven Carmody -- Brown
Samir Chatterjee -- Claremont
Pierre Hagendorf -- RADVISION
John McNair -- Tennessee
Doug Sicker -- Colorado
Ron Tipton -- Tennessee
Art Vandenberg -- Georgia State
Egon Verharen -- SURFnet
Nate Klingenstein -- Internet2(scribe)

*Discussion*

SteveO opened the call by thanking the group for convening so rapidly after the last call. Future VC Authn/z calls will take place every Tuesday at 11:00 Eastern. The group is aiming to have a white paper containing some sort of recommendation, or at least a discussion of present thoughts re: the issues being addressed, ready for 13 April. If this is no more than a statement of the problem, the group still regarded that as a useful contribution. Ken has been explicit with what he wants the group to accomplish. Tyler, Egon, Samir, Steven, Keith Hazelton of Wisconsin, Michael Gettes of Georgetown, and Bob Morgan of Washington were variably volunteered to provide diagrams and texts for this document.

Pierre identified the three schemas that apply from H.235 to H.323 videoconferencing currently as annexes D, F, and G. Annex D doesn't apply well to the scenarios currently being discussed, because it requires predefinition of the endpoints, gatekeepers, passwords, and so forth. Annex F is based on certificates and seems useful.

Federated Administration

Steven expounded at length for the group about the tiers of authentication and the different ways that authentications can be abstracted out of the local security domain in which they originate. He reasoned that experience and knowledge gained from reasoning out Shibboleth, WebISO, and other Internet2 projects may prove applicable in the scenarios being discussed by VidMid.

In the common intra-realm model, a gatekeeper is expected to do authentication, meaning typically that the user or end agent supplies a username/password to the gatekeeper. The gatekeeper then performs a simple interaction with the enterprise authentication system to accomplish verification. Shibboleth can be used to simplify this system, abstracting out the authentication by producing a signed assertion about the end results. This assertion utilizes standard syntax and semantics, independent of the technology used to authenticate the user. The process eliminates the necessity for the gatekeeper to interface, because the assertion originates from a trusted entity. A gatekeeper only needs to determine that the assertion is valid and comes from a trusted entity before sending it on to the other end for further validation. This abstraction of much of the inner workings of authentication also permits greater interoperability between realms. The ability to work with a standard format in standard ways allows individual sites to handle the authentications of other realms more easily. A trust network still needs to be constructed which can verify the authority of signers and senders, which, together with the interoperability, yields a federated administration. The Internet2 website has a draft of trust network guidelines for Shibboleth.

SAML is the authentication assertion format that Shibboleth uses for interrealm exchanges. This assertion has bindings for most messages to common protocols, but the committee has been far more involved in web-based services, yielding a much greater degree of maturity in the HTTP bindings. Steven thought the group would do well to examine the SAML domain model and the accompanying text, while considering how the components in the existing domain model align with how H.323 currently works.

Authorization

Authorization is particularly difficult in videoconferencing because so many different entities may want to authorize each party involved in the conversation for many different resources. The federated authentication model still needs to be augmented with good authorization systems to effectively gate access. A theoretical argument that Tom proposed is that authentication is the simplest case of authorization, and that the group would get beyond identifying the individual into more complex permissions in future drafts.