*VidMid-VC Conference Call*
April 22, 2002
*Attendees*
Egon Verharen - SURFnet (chair)
*Discussion*
Ken started off by offering his notes and comments on the Authentication /
Authorization subgroup meeting on Tuesday, April 16th. At that time a
couple of major questions arose regarding the differences in how to
handle inter-realm vs. intra-realm authentication. Art clarified some of the
information available on presence detection by saying that individuals
may be detected just as devices are with SIP: "I am here on this device
at one time, and there on another device at a different time." In this
way, the registration process can pertain to an individual or to a
device. Egon raised the question of whether the credentials for
authentication would be the same for inter-realm as for intra-realm, and noted
that the group's original focus was only on inter-realm authentication.
Ken, however, contended that there are two good reasons to discuss
authentication in both contexts: 1) it provides ease of use to the user,
and 2) it can reduce the exposure of the authentication mechanism to
attack. Samir brought up the question of the trust model framework for
authenticating users. The main point is that authentication happens
through the home security domain, and authorization depends on the
policy / business rules for the home domain that authenticates the
user / device.
Michael Gettes offered some information on the use of Radius for
local single sign-on. If an endpoint / user has been authenticated, and
then wishes to utilize a service through a gatekeeper, then the
gatekeeper is able to access the Radius server to check whether the
endpoint / user has been validated.
Samir hypothesized that a slight modification to the existing
Shibboleth design could utilize the Radius system, and Egon
mentioned that they are implementing this same design
for wireless LAN connectivity in Norway as well as for the SURFnet
national dialin service and SURFspot software shop. They are pursuing
this together with Uninett, a research network in Norway. However, the
English translations of those documents were not written yet, though
Egon promised to keep all of the interested parties up to date on their status.
Art added his commentary on the authentication issue as it relates
to Resource Discovery by clarifying that authentication to the local
domain happens first, and only then does registration and resource discovery
occur. The registration involves linking the commObject to an entry in
a directory, whether it is an enterprise directory or some other listing.
The Access Grid people had talked about the question of encryption,
but hadn't said much about authentication. Once authentication is
handled, there are several ways to encrypt the datastream.
At the SURA/ViDe workshop Tyler, Egon and Larry will be presenting. Larry
will be speaking on the video directory implementation, and Egon will give
an update on VidMid-VC. During the upcoming Internet2 Spring Member meeting
an open Authentication and Authorization workshop is organized on Monday
afternoon. Furthermore, Egon will present on VidMid-VC and Mairead Martin
on VidMid-VoD during the middleware track on Tuesday afternoon. VidMid will
also be presented during the I2-DV update track on Tuesday morning. Egon will
be sending out a URL with a new web interface for registration.
During a draft review call on Monday, April 15th, Tyler and
Nadim captured some new feedback and plan to apply the necessary
changes to the definitions paper and the white
paper in order to have them ready for a final vetting call soon.
With the mention of the vetting call, Ken wanted to make it clear
where NMI stands: they will not be publishing any of these documents as
standards. They are only making available these recommendations and
findings to the academic and research communities. He proposed that we
add "standards" as a future agenda item so that we can discuss how best
to promote our work into the appropriate standards bodies.
*New Action Items*
1. [AI] 22-Apr-02 (Egon): Keep everyone posted on the status and
availability of English translation documents detailing integration
of local single sign-on and inter-realm authentication schemes for
wireless LAN connectivity project in Norway.
2. [AI] 22-Apr-02 (Karen): Look into submitting the H.323 portion of our
research to the ITU-T.
3. [AI] 22-Apr-02 (Egon): Send out a URL to the new web interface for
registration.
4. [AI] 22-Apr-02 (Tyler and Nadim): Apply the final comments to the
definition and white papers for final vetting call.
5. [AI] 22-Apr-02 (SteveO and Art): Send a copy of the Resource
Discovery paper to the VC list for final comments.
*Old Action Items*
1. [AI] 22-Apr-02 Mary Fran will ask Terry Dixon and Bob Olson to
provide an AccessGrid perspective on security, authentication
and authorization.
2. [AI] 22-Apr-02 [TBD] will investigate potential benefit of
leveraging Grid MDS v.2 (Meta-computing Directory Services)
work on directory of directories (meta-directories).
3. [AI] 22-Apr-02 Doug will develop scenario: interoperability between
H.323 and SIP.
4. [AI] 22-Apr-02 Steve and Tim Poe will follow up with vendors
not already represented in VidMid-VC,identify and contact key individuals.
5. [AI] 22-Apr-02 Jill, Mike and Keith will collaborate on
the VideoDoD/Globus investigations.
6. [AI] TBD Jill and Samir will conduct an Active Directory
investigation.
John McNair - U. Tennessee, Knoxville
William Rhodes - U. Tennessee, Knoxville
Karen Krivaa - RADVISION
Nadim El-Khoury - UNC-CH
Michael Gettes - Georgetown
Samir Chatterjee - Claremont Graduate University
Steve Olshansky - Internet2
Ann West - Internet2/EDUCAUSE
Art Vandenberg - Georgia State
Jill Gemmill - U. Alabama, Birmingham
Brent Zionic - U. Colorado, Boulder
Ken Klingenstein - Internet2
Tom Barton - U. Memphis
Doug Sicker - U. Colorado, Boulder
In progress (est. 8 months ~ 1 year).
In progress.
To be taken offline.
In progress - came up at the UNC meetings.
In progress.