*Attendees*

Egon Verharen - SURFnet
Steve Olshansky, Internet2
Tom Barton, Memphis
Jeanette Fielden, Internet2
Jill Gemmill, UAB
Ken Klingenstein, Internet2
Jonathon Tyman, Internet2
Samir Chatterjee, Claremont
John McNair, Tennessee
Nadim El-Khoury, UNC

*Discussion*

Samir provided an overview of the CGU SIP client development efforts. The development is being done in 3 stages.
1. Provide a basic SIP voice/video client for desktop. The basic SIP voice/video client is already done and available. It was demonstrated at the NMI meeting at RadVision. We are presently working to resolve certain licensing issues so that this client can be released to entire VidMid group for testing and use.
2. Extend that basic client with single sign-on and commObject directory integration. The goal for finishing commObject directory integration and single is March 2003. The federated implementation would use SAML. Target completion is the fall of 2003.
3. Add a federated model for authentication and authorization using SAML and other related technologies. RadVision is partnering with us to use their SIP stack. Open-source code is also being evaluated. A report of the pros and cons of each of these freeware modules is planned.

The IETF draft document Doug and Jon are working on will be submitted next month at the IETF meeting. The question was asked how the integration with single sign-on is done in that model? The consensus was that the document doesn't address explicitly how it obtains the credential. It talks more about if you have a SAML assertion for authentication that was issued by a WebISO how it would be carried in the SIP messages. The Authn/z call tomorrow will discuss the issue of how you get that authentication token is such a way that it can be used in greater detail.

ViDe.net meeting update: The purpose was for those involved in the NSF grant to lay a basic direction and firm up the deliverables. The first part focused on commObject and directory services. The ViDe.net portal, using commObject, is up and being populated by users in the single central commObject directory model. There was also a discussion about the common understanding of the existing authentication. There are only two solutions in the standard. One involves a shared password between the end point and the gatekeeper. The other involves the use of end user certificates. In terms of Radvision, the certificate-based version isn't in code yet. Whatever solution is selected needs to be tied into the H.323 security standard; otherwise the encryption would be proprietary.

There was also discussion about how to integrate enterprise LDAP servers that by design have labeled URI's that point from the directory server to the commObject server. The goal is to use that existing relationship to the LDAP directory services enterprise services for authentication. You would chain somehow in one direction or the other from the time the authenticated bind occurs to pick up an endpoint password that could be used for encryption. It's a workable strategy that takes the step forward of using both the application specific directory service and the enterprise authentication system. This solution could be up and running in the spring for distribution. There's an interest in looking at another solution but nothing specific is planned yet.

ITU meeting update:
Study Group 16 has accepted the directory service architecture we've proposed as an official work item. Tyler is the editor for the document. There is an informal working group to bring the document into ITU conformance by the May 2003 meeting. After that the next step is ratification.

NMI release 2: There is an effort to figure out how to include pieces of software not built by the Grids team or NMI-Edit team. The goal is to get additional software contributed by non-NMI partners included by the next release in April.

Fall Internet2 Member Meeting:
An invitation has been extended to all VidMid participants for the closed meeting. Please let Egon know if you're planning on attending so we can ensure all arrangements are in order. Steve will send a notice about the session to list.

The next call is Monday November 4.