*Attendees*
Tyler Johnson, U. North Carolina - Chapel Hill
Tom Barton, U. Memphis
Michael Gettes, Georgetown.
Art Vandenberg, Georgia State
Ken Klingenstein, Internet2
Jill Gemmill, U. Alabama - Birmingham
Ted Hanss, Internet2
Tarun Abhichandani, CGU
Mudassir Fajandar, U. Colorado - Boulder
Jonathan Tyman, Internet2
Steve Olshansky, Internet2
Jeanette Fielden, Internet2
Tyler reported that Annex K is ratified. It appears Annex K can be used to trigger a web based authentication handshake. The biggest downside is that 95% of the current endpoint space is not PC based so there are no HTML interfaces at present. The use of LDAP groups for authorization with commObject is also being pursued. Conceptually its probably fine; there may be concern over implementation.
Consensus has been reached on how to proceed with Inter-realm directories in H.323 zone. Zone administrators will be handled as unique LDAP URI references. Automatic registration of H.323 zone LDAP schema with a directory of directories is not going to be pursued currently because the notion of having an LDAP directory register itself is not entirely standardized at present. CommObject was well received in the ITU and has been accepted as a standards track document. Last Wednesday the new VIDe.net toolset that has commObject as a component was made available. 11 sites have signed up so far, and about 125 are expected over the next few months.
There has not been much discussion of how the registration process that was outlined in the early documents fits in with resource registration. Theres a closing of the loop needed to make sure that registration and query mechanisms proposed from the SIP perspective are reflected in any previous work in terms of resource discovery. In the authorization space its desirable to have interoperable authorization between SIP and H.323. It appears that discussion of the H.323 side will begin in October. In both cases the desire is to 1) adopt a federated approach to identity and authorization and 2) look at specific technologies that can be used in that space.
Authentication seems to be slightly more important than authorization initially. It may be preferable to begin with the simplest scenarios. Its also important to keep this as native mode as possible There is also the question of at some point should anonymous video conferencing in the federated space be enabled? Another important issue is authorization and where authorization decisions will be made.
Authn/z subgroup update: There was a meeting over the weekend to work on the
call flows. It was observed that resource registration, resource discovery,
and call initiation might be better viewed as separate items. If it is assumed
that resource registration and some resource discovery has been done then the
focus can be on how to initiate a call,
authentication and authorization issues, and how to incorporate other desired
Authn/z functions. If it is agreed not to have enterprise authenticated privacy/anonymity
at this point, it will simplify things and avoid introducing considerable complexity
into the call flows.
The next VidMid VC call is scheduled for Monday August 12, 2002.