Presentation is loading. Please wait.

Presentation is loading. Please wait.

A RELOAD Usage for Distributed Conference Control (DisCo) – update – draft-knauf-p2psip-disco-00 draft-knauf-p2psip-disco-00 Alexander Knauf, Gabriel Hege,

Published byKathleen Underwood Modified over 9 years ago

Similar presentations

Presentation on theme: "A RELOAD Usage for Distributed Conference Control (DisCo) – update – draft-knauf-p2psip-disco-00 draft-knauf-p2psip-disco-00 Alexander Knauf, Gabriel Hege,"— Presentation transcript:

1 A RELOAD Usage for Distributed Conference Control (DisCo) – update – draft-knauf-p2psip-disco-00 draft-knauf-p2psip-disco-00 Alexander Knauf, Gabriel Hege, Thomas C. Schmidt, Matthias Wählisch

2 Status of this Memo draft-knauf-p2psip-disco-00 presented at Maastricht Feedback from WG: Turn into generic mechanism for distributing resources in Reload + accessible via one ID + secure shared resource without contacting enrollment server + recovery from failures of single resource instances + taking over dialogs from other user agents (resilience and load sharing) + providing a proxy function at (focus-)nodes that serves as a node- state keeper Provide mechanisms to synchronize media parameters/SDP over conference

3 Problem: securing a shared resource without contacting enrollment server Basic problem: Trust Anchor needed Self-signed or creator-based certificates don’t work alone Malicious peer could take over the shared resource by creating own certificate for the resource (name) Approach: Tie resource name to creator – Restrict allowed resource URIs by pattern matching – Example: URI pattern: *-conf-$USER@$DOMAIN User Name: alice@example.com Allowed: pretty-conf-alice@example.com NOT allowed: alice-conference@example.com

4 Problem: Trust Delegation Chain 1st Approach: USER-CHAIN-MATCH Resource creator produces shared certificate, signed with his private key Storing peer verifies certificate chain Distribute private key for shared resource to all managing peers Remaining Problems: Enhanced chance of shared certificate being compromised, because multiple peers have the private key Still no solution for certificate revocation (short lifetime, revoc. List?) Certificate can only be used as long as creator is present (+ lifetime)

5 Problem: Trust Delegation Chain (2) 2nd Approach: USER-CHAIN-ACL Delegation list in RELOAD 1.Creator X initiates resource and signs with its private key: X  X, kind-ID (signed by X) 2.Creator delegates to Y: X  Y, kind-ID (signed by X) 3.Y can delegate further: Y  Z, kind-ID (signed by Y) 4.Storing peer authorizes writing permission based on the ACL 5.Accessing peer must verify List Chain (not certificate chain) All list entries contain Kind-ID of the corresponding shared resource Allows for subtree-revocation by nulling delegation line Works in absence of creator (or intermediate node) if lifetime appropriately extended

6 Conference State Synchronization in DisCo Each controller in a distributed conference maintains its own signaling relations to the participants – Problem: Controllers don’t have a global knowledge about the current state of a conference e.g.: Who is in the conference? Who is a focus to the conference? Where to delegate a call in case of overloading? Initial approach in version -00: Focus peers to a conference subscribe to each other for an extended Event Package for Conference State [RFC4575] – Problem (identified at ietf78 in samrg session): RFC4575 NOT convenient to synchronize the state in a distributed conference A RELOAD Usage for Distributed Conference Control6

7 Event Package for Distributed Conferences Proposal for -01: Definition of a new Event Package for synchronizing the conference state in a distributed conference – Designed to convey information about roles and relations of the conference participants – Enables a coherent global knowledge to a conference – Handles concurrency and racing conditions E.g., Uses a version scheme based an vector times – XML Imports of several element definitions of RFC4575 As they are still suitable for distributed conferences A RELOAD Usage for Distributed Conference Control7

8 Event Package Overview : – Root element : – Enables a coherent version scheme : – General information about a DisCo : – Describes a participant in role of a focus and its responsibilities to other participants : – Describes a focus peers relations to adjacent focus peers A RELOAD Usage for Distributed Conference Control8

9 Offer/Answer within Distributed Conferences Focuses are responsible for distributing media to connected peers Ad-hoc scheme:  A Focus distributes all media streams to all connected peers  Focus may choose to do mixing/recoding  When a new peer joins: Focus offers all media streams it receives to the joining peer Joining peer offers its media streams to the focus  Either: Focus modifies media sessions to all connected peers, offering the new stream  OR: mix the new stream with existing streams to prevent the need for SIP re-INVITE  Media streams naturally follow signaling connections A RELOAD Usage for Distributed Conference Control9

10 Opinions / Questions?

Download ppt "A RELOAD Usage for Distributed Conference Control (DisCo) – update – draft-knauf-p2psip-disco-00 draft-knauf-p2psip-disco-00 Alexander Knauf, Gabriel Hege,"

Similar presentations

Authentication Authorization Accounting and Auditing

Authentication Authorization Accounting and Auditing
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
RPKI Certificate Policy Status Update Stephen Kent.

RPKI Certificate Policy Status Update Stephen Kent.
Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,

Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,
Remote Call/Device Control IETF82, Dispatch WG, Taipei November 15, 2011 1 Rifaat Shekh-Yusef Cullen Jennings Alan Johnston.

Remote Call/Device Control IETF82, Dispatch WG, Taipei November 15, Rifaat Shekh-Yusef Cullen Jennings Alan Johnston.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.

Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
1 CPCP Hisham Khartabil XCON WG IETF 60, San Diego 2 nd August, 2004

1 CPCP Hisham Khartabil XCON WG IETF 60, San Diego 2 nd August, 2004
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
CMSC 414 Computer (and Network) Security Lecture 17 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 17 Jonathan Katz.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.
Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.

Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 1 Security Systems Lecture notes Dr.

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Security Systems Lecture notes Dr.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Authorization. Authorization: Two Meanings Determining permission Is principal P permitted to perform action A on object U? Adding permission P is now.

Authorization. Authorization: Two Meanings Determining permission Is principal P permitted to perform action A on object U? Adding permission P is now.
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Key Management in Cryptography

Key Management in Cryptography

Similar presentations

Ads by Google