A RELOAD Usage for Distributed Conference Control (DisCo) – update – draft-knauf-p2psip-disco-00 draft-knauf-p2psip-disco-00 Alexander Knauf, Gabriel Hege,

Slides:



Advertisements
Similar presentations
Authentication Authorization Accounting and Auditing
Advertisements

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
RPKI Certificate Policy Status Update Stephen Kent.
Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,
Remote Call/Device Control IETF82, Dispatch WG, Taipei November 15, Rifaat Shekh-Yusef Cullen Jennings Alan Johnston.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
1 CPCP Hisham Khartabil XCON WG IETF 60, San Diego 2 nd August, 2004
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
CMSC 414 Computer (and Network) Security Lecture 17 Jonathan Katz.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.
Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.
Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Security Systems Lecture notes Dr.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Authorization. Authorization: Two Meanings Determining permission Is principal P permitted to perform action A on object U? Adding permission P is now.
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Key Management in Cryptography
14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.
Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.
XCON Framework Overview & Issues Editors: Mary Barnes Chris Boulton
Issues of HIP in an Operators Network Nick Papadoglou Thomas Dietz.
Locating objects identified by DDI3 Uniform Resource Names Part of Session: Concurrent B2: Reports and Updates on DDI activities 2nd Annual European DDI.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
1 A Common API for Transparent Hybrid Multicast (draft-waehlisch-sam-common-api-04) Matthias Wählisch, Thomas C. Schmidt Stig Venaas {waehlisch,
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.
PPSP Tracker Protocol draft-gu-ppsp-tracker-protocol PPSP WG IETF 82 Taipei Rui Cruz (presenter) Mário Nunes, Yingjie Gu, Jinwei Xia, David Bryan, João.
A RELOAD Usage for Distributed Conference Control (DisCo) draft-knauf-p2psip-disco-00 Alexander Knauf Gabriel Hege Thomas Schmidt Matthias Wählisch
Scalable Security and Accounting Services for Content-based Publish/Subscribe Systems Himanshu Khurana NCSA, University of Illinois.
03/09/2003Helsinki University of Technology1 Overview of Thesis Topic Presented By: Zhao Xuetao.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
A Conference Gateway Supporting Interoperability Between SIP and H.323 Jiann-Min Ho (Presenter) Jia-Cheng Hu Information Networking Institute Peter Steenkiste.
1 Vigil : Enforcing Security in Ubiquitous Environments Authors : Lalana Kagal, Jeffrey Undercoffer, Anupam Joshi, Tim Finin Presented by : Amit Choudhri.
IETF 60 – San Diegodraft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Aravind.
XCON WG IETF-73 Meeting Instant Messaging Sessions with a Centralized Conferencing (XCON) System draft-boulton-xcon-session-chat-02 Authors: Chris Boulton.
Distributed Authentication in Wireless Mesh Networks Through Kerberos Tickets draft-moustafa-krb-wg-mesh-nw-00.txt Hassnaa Moustafa
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
1 Mobility Support by the Common API for Transparent Hybrid Multicast draft-irtf-samrg-common-api-03 Project Matthias Wählisch,
11 December, th IETF, AAA WG1 AAA Proxies draft-ietf-aaa-proxies-01.txt David Mitton.
1 SIPREC draft-ietf-siprec-architecture-00 An Architecture for Media Recording using SIP IETF SIPREC INTERIM – Sept 28 th 2010 Andrew Hutton.
Mediactrl Framework draft-melanchuk-mediactrl-framework-00 Tim Melanchuk
Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP 2.0 TLS handling Magnus Westerlund draft-ietf-mmusic-rfc2326bis-12.
Data Manipulation Jonathan Rosenberg dynamicsoft.
Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.
IRTF SAM RG Agenda IETF 78 Chairs: John Buford, Avaya Labs Research Thomas Schmidt, U. Hamburg.
1 CPCP Open Issues Hisham Khartabil XCON WG Interim Meeting, Boston 26 th May, 2004
Christian Groves Describing Captures in CLUE and relation to multipoint conferencing draft-groves-clue-multi-content-00 CLUE Interim meeting (09/13)
XCON BOF IETF 57 Vienna, Austria July 15, Administriva Conscripting a Scribe Note Well announcement (Read Section 10 of RFC 2026) Blue Sheets.
Draft-huston-sidr-rfc6490-bis Geoff Huston Slide 1/6.
Services Security A. Casajus R. Graciani. 12/12/ Overview DIRAC Security Infrastructure HSGE Transport Authentication Authorization DIRAC Authorization.
- 1 -P. Kyzivatdraft-sipping-gruu-reg-event-00 Reg Event Package Extensions draft-sipping-gruu-reg-event-00 IETF64 Nov-2005.
1 SIPREC Recording Metadata format (draft-ram-siprec-metadata-format- 00) Jan 25-26th SIPREC INTERIM MEETING R Parthasarathi On behalf of the team Team:
March 20, 2007BLISS BOF IETF-681 Requirements and Implementation Options for the Multiple Line Appearance Feature using the Session Initiation Protocol.
1 CPCP Hisham Khartabil XCON WG IETF 59, Seoul
A SIP Load Control Event Package draft-shen-sipping-load-control-event-package-00.txt Charles Shen, Henning Schulzrinne, Arata Koike IETF 72, Dublin Ireland.
Slide #1 Nov 7 – 12, 2004XCON WG IETF51 draft-levin-xcon-cccp-00.txt By Orit Levin
User Application Control (Keypress Events) SIPPING WG - IETF 53 Robert Fairlie-Cuninghame, Bert Culpepper, Jean-François Mulé.
Integrating Access Control with Intentional Naming Sanjay Raman MIT Laboratory for Computer Science January 8, 2002 With help from: Dwaine.
Andrew Allen ROUTING OUT OF DIALOG REQUESTS draft-allen-dispatch-routing-out-of-dialog-request-01 Dispatch IETF 92 March 23 rd 2015.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
SIPPING Working Group IETF 67 Mary Barnes Gonzalo Camarillo.
Jean-François Mulé CableLabs
IETF 57 Vienna, Austria July 15, 2003
Charles Shen, Henning Schulzrinne, Arata Koike
draft-bryan-sipping-p2p
SIP Session Policies Volker Hilt
A RELOAD Usage for Distributed Conference Control (DisCo) – Update
Presentation transcript:

A RELOAD Usage for Distributed Conference Control (DisCo) – update – draft-knauf-p2psip-disco-00 draft-knauf-p2psip-disco-00 Alexander Knauf, Gabriel Hege, Thomas C. Schmidt, Matthias Wählisch

Status of this Memo draft-knauf-p2psip-disco-00 presented at Maastricht Feedback from WG: Turn into generic mechanism for distributing resources in Reload + accessible via one ID + secure shared resource without contacting enrollment server + recovery from failures of single resource instances + taking over dialogs from other user agents (resilience and load sharing) + providing a proxy function at (focus-)nodes that serves as a node- state keeper Provide mechanisms to synchronize media parameters/SDP over conference

Problem: securing a shared resource without contacting enrollment server Basic problem: Trust Anchor needed Self-signed or creator-based certificates don’t work alone Malicious peer could take over the shared resource by creating own certificate for the resource (name) Approach: Tie resource name to creator – Restrict allowed resource URIs by pattern matching – Example: URI pattern: User Name: Allowed: NOT allowed:

Problem: Trust Delegation Chain 1st Approach: USER-CHAIN-MATCH Resource creator produces shared certificate, signed with his private key Storing peer verifies certificate chain Distribute private key for shared resource to all managing peers Remaining Problems: Enhanced chance of shared certificate being compromised, because multiple peers have the private key Still no solution for certificate revocation (short lifetime, revoc. List?) Certificate can only be used as long as creator is present (+ lifetime)

Problem: Trust Delegation Chain (2) 2nd Approach: USER-CHAIN-ACL Delegation list in RELOAD 1.Creator X initiates resource and signs with its private key: X  X, kind-ID (signed by X) 2.Creator delegates to Y: X  Y, kind-ID (signed by X) 3.Y can delegate further: Y  Z, kind-ID (signed by Y) 4.Storing peer authorizes writing permission based on the ACL 5.Accessing peer must verify List Chain (not certificate chain) All list entries contain Kind-ID of the corresponding shared resource Allows for subtree-revocation by nulling delegation line Works in absence of creator (or intermediate node) if lifetime appropriately extended

Conference State Synchronization in DisCo Each controller in a distributed conference maintains its own signaling relations to the participants – Problem: Controllers don’t have a global knowledge about the current state of a conference e.g.: Who is in the conference? Who is a focus to the conference? Where to delegate a call in case of overloading? Initial approach in version -00: Focus peers to a conference subscribe to each other for an extended Event Package for Conference State [RFC4575] – Problem (identified at ietf78 in samrg session): RFC4575 NOT convenient to synchronize the state in a distributed conference A RELOAD Usage for Distributed Conference Control6

Event Package for Distributed Conferences Proposal for -01: Definition of a new Event Package for synchronizing the conference state in a distributed conference – Designed to convey information about roles and relations of the conference participants – Enables a coherent global knowledge to a conference – Handles concurrency and racing conditions E.g., Uses a version scheme based an vector times – XML Imports of several element definitions of RFC4575 As they are still suitable for distributed conferences A RELOAD Usage for Distributed Conference Control7

Event Package Overview : – Root element : – Enables a coherent version scheme : – General information about a DisCo : – Describes a participant in role of a focus and its responsibilities to other participants : – Describes a focus peers relations to adjacent focus peers A RELOAD Usage for Distributed Conference Control8

Offer/Answer within Distributed Conferences Focuses are responsible for distributing media to connected peers Ad-hoc scheme:  A Focus distributes all media streams to all connected peers  Focus may choose to do mixing/recoding  When a new peer joins: Focus offers all media streams it receives to the joining peer Joining peer offers its media streams to the focus  Either: Focus modifies media sessions to all connected peers, offering the new stream  OR: mix the new stream with existing streams to prevent the need for SIP re-INVITE  Media streams naturally follow signaling connections A RELOAD Usage for Distributed Conference Control9

Opinions / Questions?