VidMid-VC Conference Call, January 28, 2002

*VidMid-VC Conference Call*
January 28, 2002

*Attendees*

Ken Klingenstein (acting chair) - Internet2
Pierre Hagendorf - RADVISION
Michael Gettes - Georgetown
Ann West - Internet2
Mary Fran Yafchak - SURA
Mairead Martin - U. Tennessee (Knoxville)
John McNair - U. Tennessee (Knoxville)
William Rhodes - U. Tennessee (Knoxville)
Steve Olshansky - Internet2
Doug Sicker - U. Colorado (Boulder)
Art Vandenberg - Georgia State
Leif Laaksonen - CSC (Finland)
Tyler Johnson - UNC-CH
Nadim El-Khoury - UNC-CH
Samir Chatterjee - Claremont Graduate U.
Tom Barton - U. Memphis
Mark Driver (scribe) - Internet2

*Discussion*

Ken initiated discussion by dividing the Vidmid-VC efforts into 3 parallel, concurrent tracks, focused on near-term deliverables:
1. Derive flows and develop architecture for inter-realm authentication and authorization in a federated model;
2. Develop separate object classes and directory structure for VC technologies (H.323, SIP, VRVS, AccessGrid) and tie together in a video superclass;
3. Construct a model for resource discovery between security domains.

Ken gave a 6-8 week target timeframe to complete these items and then to begin implementing them in testbeds. Bob Morgan has previously expressed to Ken that from a security architecture standpoint this schedule is extremely aggressive. Several people mentioned that a clear framework was needed before the development of endpoints could progress by SIP developers and H.323 vendors. Tyler alluded to the Chapel Hill meeting where a common language was agreed upon between security and architecture people, and an illustrative model was created. The next step is to assign flows to this reference diagram. Samir volunteered that security frameworks were developing in both SIP and H.323; now they need to be mapped to Vidmid-VC's federated model. Programming interfaces in each stack, as well as Shibboleth services and components that can be leveraged, need to be researched. Security is not federated; SIP has some rudiments in terms of authorized token passing, but inter-domain security is too new and there is disagreement on how to implement it. [AI] Samir will send some internet drafts on SIP security to the distribution list. Polycom’s proprietary directory offering and Microsoft’s .NET/HailStorm provide security within themselves, but they do not interoperate. Ken offered his understanding of VRVS in which authn/authz occurred by knowing which multicast group to join and requiring secure multicast passwords. [AI] Mary Fran will ask Terry Dixon and Bob Olson to provide an Access Grid perspective on security, authentication and authorization. Ken described the fundamental incompatibility between secure packet routing and multicast. Tyler recommended that VidMid-VC concentrate on application-level security, and leave transport layer security to router manufacturers.

Object classes complement and facilitate resource discovery and Ken recognized the artificial distinction between groups 2 & 3 above. Resource discovery and registration require synchronization, like DHCP dropping IP addresses into a directory; enterprise directories might therefore have to refer to application-specific directories. SIP can register, find and then invite itself, whereas the H.323 mechanism requires greater central control. A cross-technology, SIP-H.323 resource discovery team needs to reduce the problem to its lowest common denominator and experiment with it in a testbed.

Ken asked for volunteers and nominees to populate the 3 separate Vidmid-VC subgroups:
1. Authn/authz: Ken (lead), Samir, Doug, Nadim, Tom Barton (or) Michael Gettes, Keith (as needed) and Philippe (to be confirmed)
2. Inter-realm directory: Tyler (lead), William, and Tom Barton (or) Michael Gettes
3. Resource discovery: Art (lead), others TBD.

Broader participation is encouraged. [AI] Steve will send out descriptions of the subgroups to help enlist participants; volunteers should send their info to Steve. Maintaining the existing VidMid-VC distribution list and bi-weekly call was agreed upon to prioritize requirements and synchronize work between subgroups. CAMP will provide an opportunity to catalyze the subgroups and raise awareness before the next call. [AI] Ken expects to have white papers prepared for NMI release 1.0 in April on architecture, services and best practices/ conventions.

Tyler discussed his progress on H.323 object classes and a generic communications superclass. He and Nadim have created h323Identity and h323Zone object classes which can provide a template for SIP, VRVS and AccessGrid identities. An LDAP specification will be required for both the superclass and subclasses before a testbed can be constructed. He expects to have a finished product in time for the NMI 1.0 release. He talked about having joint IETF/ITU sponsorship as there are no intellectual property rights or publishing issues associated with his work. ITU is interested in the data structure related to H.323, but the communications superclass may be an issue. Having one directory for H.323 and SIP may be as easy as having separate directories; both scenarios would require pointers from an enterprise directory.

VidMid-VC security has common components with Shibboleth, although the latter is limited to web-based applications. The Shibboleth website has an architecture document available with components that can be integrated into VidMid-VC security; however flows may be more difficult to design. Shibboleth currently passes info as signed XML messages, but could be modified if there is a preference for alternative tokens or credentials. Samir stated that XML is not used for SIP, but rather plain text is used, which is not preferred.

Tyler wondered about middleware buy-in from universities, noting that UNC-CH and Georgetown were reluctant to implement some of the Internet2 middleware developments. Ken reassured the group that through the CAMP middleware liaison list, the NMI best practices/conventions efforts and the development of a 'killer app' using Shibboleth, the VidMid-VC architecture would become more widely adopted and gather momentum soon. As evidence of the last point, Ken relayed that Ohio State students can access the Blackboard server at Carnegie Mellon providing new capabilities, but also emphasized that some institutions are more open to adopting this than others.

*New Action Items*

1. [AI] 28-Jan-02 Samir will send some internet drafts on SIP security to the distribution list.
2. [AI] 28-Jan-02 Mary Fran will ask Terry Dixon and Bob Olson to provide an Access Grid perspective on security, authentication and authorization.
3. [AI] 1-Feb-02 Steve will send out descriptions of the subgroups.
4. [AI] 28-Jan-02 Tyler and Nadim will complete UNC’s H.323 object class and communication superclass in time for the NMI 1.0 release in April 02.

*Previous Action Items*

5. [AI] 14 Jan 02 Egon will write a summary of the VidMid-VC session at the VIMM.
6. [AI] 14 Jan 02 Samir will send the list a short summary of approaches to coping with NATs and firewalls.
7. [AI] 14 Jan 02 Egon will contact OpenH323 about participating in VidMid-VC. (In Progress)
8. [AI] 14 Jan 02 Tyler will look into Siemens' involvement in videoconferencing-related technologies, especially SIP. Tyler will send Siemens contact info to Steve. William has videoconferencing contact at Siemens in Boca Raton and will pursue that avenue.
9. [AI] 14 Jan 02 {In Progress}Steve will follow up with Michael Gettes re: Sun contact interested in VidMid-VC with potentially available resources: Programming help? SW licenses? HW?
10. [AI] 14 Jan 02 Egon will contact France Telecom to invite them to participate in Vidmid-VC
11. [AI] 14 Jan 02 Pierre will send RadVision object classes to VC list.
12. [AI] 14 Jan 02 Mary Fran, Bob, Keith, Michael, Pierre, and Tyler will look at H.235 Annex D and Annex E to see what is viable near/mid-term to use in our work, and what is viable for the April release.
13. [AI] 14 Jan 02 Philippe (VRVS) will comment on multicast and multipoint scenarios.
14. [AI] 14 Jan 02 Keith will send to VC list a proposal on using eduPersonExtension and eduPersonEntitlement for video groups in enterprise directory.
15. [AI] 14 Jan 02 {In Progress} Steve will follow up with details of IMTC (International Multimedia Telecommunications Consortium) - a vendor-centric group focusing on vidmid issues. Egon contacted Paul Jones who is trying to establish an H.323 Forum under the auspices of the IMTC. IMTC wants to get universities involved. Tyler mentioned Anatoli at Radvision also wanted vidmid and IMTC to link up.
16. [AI] 14 Jan 02 Mike and Keith will investigate potential benefit of leveraging Grid MDS v.2 (Meta-computing Directory Services) work on directory of directories (meta-directories). Grid MDS work happening over weekend of Jan. 19-20. Jill discussed coordination with Globus toolkit workshop at end of January.
17. [AI] 14 Jan 02 {In Progress} Samir and Doug will pursue development of SIP user agents capable of voice and video.
18. [AI] 14 Jan 02 {In Progress}Steve and AB will follow up: NIH spending $40m on Middleware in next few years. Synergy?
19. [AI] 14 Jan 02 Tyler and Orit Levin will follow up: H.323 Study Group 16 hasn't looked at LDAP yet, so they might be open to looking at it. Tyler is finishing latest revision before submitting.
20. [AI] 14 Jan 02 Nadim, Tyler, Albert, Mike, and Keith will go through schema point by point with an I2 scribe in a conference call or two. Brief mention of Internet2 identity and zone attributes. Consideration needed re: Radvision implementation of these attributes vs. other vendors' implementations.

Remaining action items deferred until future call:

21. [AI] 18 Jan 02 Mary Fran, Art and Egon will markup/revise scenarios to make them less H.323 centric (Final Version 1.0)
22. [AI] 18 Jan 02 Tyler, Egon, and Jill will overlay scenarios onto Tyler’s Visio reference model diagram (including scheduling)
23. [AI] 18 Jan 02 Samir will develop scenario: interoperability between H.323 and SIP
24. [AI] 18 Jan 02 Steve and Tim Poe will follow up with vendors not already represented in VidMid-VC: Tandberg, VCon, Polycom, MS, Sony(?), PictureTel (?), Cisco(?) [VRVS and Access Grid?] identify and contact key individuals
25. [AI] 18 Jan 02 Steve, Jill and Ann West will follow up: UNC-Chapel Hill & GaTech funded to do documentation for the Commons; maybe part of this could go to the VideoCookbook
26. [AI] 18 Jan 02 Jill and Steve will investigate the benefits/viability of planning an April 02 meeting where we could get end users together with endpoint vendors.
27. [AI] 18 Jan 02 Jill, Mike and Keith will collaborate on the VideoDoD/Globus investigations
28. [AI] 25 Jan 02 Samir will find a SIP vendor willing to implement user authentication.
29. [AI] 25 Jan 02 Steve will report on the degree to which SunONE infrastructure parallels/aligns with NMI
30. [AI] 8 Feb 02 Mary Fran and Jill will develop (or oversee) a survey of end users to get data for endpoint functionality
31. [AI] TBD Tyler, Steve and Jill will investigate other potential funding sources; develop grant proposals to assist in funding some of our efforts.
32. [AI] TBD Jill and Samir will investigate viability of setting up a SIP testbed
33. [AI] TBD Jill and Samir will conduct an Active Directory investigation