*Attendees*
Art Vandenberg, GSU
Renee Frost, Internet2
Samir Chatterjee, CGU
Doug Sicker, CU-Boulder
John Paul Robinson, UAB
Jonathon Tyman, Internet2
Steve Olshansky, Internet2
Ken Klingenstein, Internet2
Egon Verharen, SURFnet (chair)
Jeanette Fielden, Internet2
*Discussion*
Internet2 Spring Member Meeting:
Space has been reserved for the BoF on Wednesday morning. The regular track
session proposals have been received and the program committee will meet to
review all the proposals and make inclusion selections. There are a number of
video proposals, both middleware and applications, so there is a good chance
there may be a video track.
An abstract with details needs to be written for the BoF. Topics identified
for discussion are security and authorization issues. Authorization is a concern
because of the amount of bandwidth the desktop video might consume and whether
we need to include an authorization function in early releases of video clients
so that campuses feel that they have some protection against large student usage
of desktop video and any network traffic issues that creates.
[AI] Steve and Egon will send a BoF agenda to Renee.
H.235 security profile:
There has been discussion of writing a security profile for the meeting. It
is not clear if this will be ready by the Internet2 meeting due to the H.350
work.
SIP updates:
Doug and his students are working on a paper for an IEEE conference that examines
federation and discusses issues they have uncovered. They have also written
a rough draft on the SAML binding. The papers will be circulated when they are
in a form for review.
Samir gave an update on his video client. He is waiting for approval for a
general release to Internet2 members. It will be just the client, not a proxy.
Samir will act as an initial service provider until universities can set up
their own. The client should inter-operate with any proxy not just dynamicsoft.
The management tools are particular to dynamicsoft though Vovida has management
tools as well. Samir's students are currently evaluating the Vovida stack.
Dynamic Password:
John Paul Robinson described dynamic password briefly. The idea behind it is
to add enhanced security to the password being passed to the client during client
configuration. If the password is static it might be more knowable.
A client that uses the SIP or H.323 identity would be imprinted with an identity using a person's enterprise password. Example: A person would sit down at a telephone; type in their enterprise password, and the phone would be enabled to take on the appropriate identities the person has access to. The telephone would download its configuration including a registration password, different from the enterprise password, and use that password with the gatekeeper to register, and not expose the enterprise password.
How is the password maintained? That is an issue since it cannot be stored as a hash. In the H.323 world, the end-point registers itself with a gatekeeper and the conversation between the end-point and gatekeeper assumes the secret is known on both ends (clear text password). They do a challenge handshake to prove they both know it. The idea for random passwords came in because you need to know the clear text password at the end-point.
How is it passed? Passed from the phone contacting the commObject server and getting the phone's configuration, which is appropriate to you.
[AI] John will put together a document explaining the concept and assumptions since there have been so many different e-mail threads on the subject.
It was also not clear why multiple H.323 identities would exist. It was concluded that more discussion on the issue was needed.
[AI] Steve and Egon will send a BoF agenda to Renee.
[AI] John Paul Robinson will put together a document explaining the concept
and assumptions since there have been so many different e-mail threads on the
subject.
[AI] John Paul Robinson will check with Aditya about sending out the Microsoft
Attendee list.