VidMid VC - BoF Internet2 Spring Member Meeting April 19th 2004

Jill Gemmill of UAB provided an overview of the Video Middleware Cookbook, a resource for using middleware for videoconferencing and voice over IP (VoIP), located at: http://lab.ac.uab.edu/vnet/. Version 0.5 was included in the NMI release 4. The latest version of the cookbook will be included in NMI release 5.

The intended audience for the cookbook is software developers and system administrators of videoconferencing endpoints, user agents, proxies, gatekeepers, and gateways. It provides an overview for LDAP and videoconferencing administrators to aid in implementing videoconferencing middleware. The cookbook discusses design and implementation considerations for interrelating video-and-voice-specific directories, enterprise directories, call servers and endpoints to take advantage of directory services like searchable white pages, automated configuration of endpoints, association of persons with endpoints, and user authentication based on authoritative data sources.

There was a demonstration of the ViDeNet global video directory of directories prototype: located at: https://veloce.isis.unc.edu/vide-dod.

There was also an H.323 RADVision endpoint demo, which demonstrated the capability of an endpoint to authenticate the user against his/her Enterprise directory, and then allowed that person to choose which H323 Identity he/she wanted to register with the gatekeeper, then auto-configured the endpoint and successfully registered it with the gatekeeper.

Tyler Johnson gave a presentation on security work for video. Copies of presentations will be available from: http://events.internet2.edu/2004/spring-mm/sessionDetails.cfm?session=1393&event=203. There is a new effort called Federated Secure Internet Conferencing. Tyler indicated his view is that H.323 and SIP are fundamentally broken when it comes to how they deal with authentication. They are oriented towards a traditional client/server approach. For video and VoIP the thing people are trying to get to is not the middle, they are trying to reach other users. Anything in the middle is there to make things work. So users have a need to authenticate each other.

The first step in the effort is to develop use cases and scenarios. Then develop design requirements and submit these to standards bodies. The goal is to work towards a set of specifications that people can write into their RFP's to create incentive for vendors to support it in their products.

Scenarios being developed include: 1. Users should have free and unfettered access to multiple service providers. 2. How to deal with the authentication of MCU calls. 3. Environments that don't have access to a universities set of computers, servers, and resources. For example, an elementary school, that has a collaborative program with community businesses for instruction enhancement.

Design Goals: 1. Decoupling security negotiations from the protocol itself to make supporting multiple protocols easier. Conferencing protocols are good at conferencing and bad at security. Security protocols don't really care about conferencing. 2. End-to-end security. What is on the market is end-to-middle security. Support for federated trust models is needed. 3. One architecture that can support the entire range of security so you don't need different devices for different levels. 4. Globally scalable. It needs to work without any two networks having to have pre-existing knowledge of each other. 5. Support for the level of privacy that you want to implement from none to very secure. 6. Quick with little latency.

There is also a need to explore what will work best for user interfaces. Computers vs. appliances wireless, PSTN, and how they connect, do you have to log into your phone, etc?