Action Items
[AI] {Nadim} will invite Doug, Ben and James to attend a future call to discuss the new SIP document.

*Attendees*
Nadim El-Khoury, University of North Carolina, Chapel Hill (Chair)
Tyler Johnson, University of North Carolina, Chapel Hill
Paul Hill, Massachusetts Institute of Technology
Martin Euchner, Seimens
Mary Fran Yafchak, SURA
Scott Cantor, Ohio State University
Steve Carmody, Brown University
Jill Gemmill, University of Alabama, Birmingham
Bob Morgan, University of Washington
Ben Teitelbaum, Internet2
Ann West, EDUCAUSE/Internet2
Terrie Clark, Internet2

*Discussion*

All communications and work of Internet2 WG’s are subject to the Internet2 Intellectual Property Framework http://members.internet2.edu/intellectualproperty.html, please review this page. The VidMid-VC WG will hold a BoF session during the previously scheduled Internet2 Fall Member Meeting, September 27 – 30, 2004 in Austin, Texas. http://events.internet2.edu/2004/fall-mm/. This is an open working group session for the VidMid-VC group. The goal of this session is to gain consensus on the best way to achieve Federated Secure Internet Conferencing and to further the discussions on developing a "security agent" operating outside of any multimedia protocols.

Discussion about the new approach of the thin security agent - Is utilizing the proposed thin client the most effective way to provide federated security to multimedia applications? Many real time collaboration protocols use security, authentication and authorization solutions specific to an individual protocol. Gateway protocols, by definition, loose security integrity once a gateway opens access to a new domain. With the exception of pure PKI models. The proposed solution creates a stand alone protocol or API that provides federated mutual authentication across domains. The federated protocol is separate from the multimedia conferencing application protocol. SIP or H323 can utilize the proposed thin layer with minimal changes. And, the application protocol would require modification to transport security tokens. IETF has not yet addressed this issue. Current standards drafts with similar goals are SIP specific. How, then, do we present this concept to ensure cooperation from standards organizations? For this to be successful, the architecture should include an understanding of each conferencing application. Or, approach a particular conferencing protocol and design a federated solution for that protocol. The elements of conferencing should also be defined. The group discussed two different approaches to the proposal. The protocol approach would provide either a generic or specific protocol. Or, the architecture approach provides a proposed architecture for Internet multimedia conferencing and develops protocols for federated security after the architecture has been developed. Related efforts - Other efforts within the MACE I2IM WG propose extending SNMP to use SAML. The NSF has a proposal to implement a grid security protocol and Shibboleth. A Mellon funded effort at Penn State includes security to line wire protocol leveraging some concepts from Shibboleth. The Security Services WG is evaluating a similar concept from three-tier architecture approach. These are parallel efforts, but no efforts to define an all-encompassing architecture exist. Older security mechanisms lack federated security functionality, and most applications cannot t support cross domain security issues. Standardized agreements of trust will be required prior to successful implementation The proposed solution benefits commercial applications in producing products to incorporate security with a generic component that could be either a simple interface, API, or another reusable component connected to conferencing applications. Currently, most of the standardization is at the protocol level not a vertical architecture interface. Some of the group’s next steps with the proposed solution are: Decide if this is going to be an API or protocol or both; Gain an understanding of the cross-domain architecture; and Define and address federated approach issues individually.

The next call will be Monday, July 26, 2004 at 11:00AM ET.