Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CPCP Hisham Khartabil XCON WG IETF 60, San Diego 2 nd August, 2004

Published byCori Sharp Modified over 9 years ago

Similar presentations

Presentation on theme: "1 CPCP Hisham Khartabil XCON WG IETF 60, San Diego 2 nd August, 2004"— Presentation transcript:

1 1 CPCP Hisham Khartabil XCON WG IETF 60, San Diego 2 nd August, 2004 hisham.khartabil@nokia.com

2 2 Requirements Went through a WGLC The main issue was the definitions of terms defined in draft- ietf-sipping-conferencing-framework-02 and how they related and are used in this requirements draft. Requirements draft does not reference the framework draft for definitions Framework draft does not define Floor Control Policy and that it is part of conference policy Framework defines conference policy to include media policy, yet no media policy requirements are present

3 3 Solution

4 4 Common Policy (1/6) Introduced and Extended Common Policy to replace ACL and PCL example.com true allow

5 5 Common Policy (2/6) Conditions: that has and

6 6 Common Policy (3/6) Actions: with values Block, allow, confirm with values None, asserted-id, shared-secret and certificate

7 7 Common Policy (4/6) Transformations

8 8 Common Policy (5/6) Introduced PIN and password per conference and per individual user The or element can be used to match those participants that are have knowledge on a password for the conference. For example: pass1 allow So the condition is the password. If any user knows the password, ignoring their identity, the user is allowed to join.

9 9 Common Policy (6/6) A combination of the condition and the condition creates the possibility of assigning users personal passwords to enable them to join a conference. For example: alice@example.com pass2 allow

10 10 Other Changes From 00 (1/3) Added text on how to use external lists Removed use of wildcards (instead in common- policy is used) Removed all but 1 namespace from XML Schema Added Refer-list Changed URI assignment and conflicts solutions to mirror that of list-usage in SIMPLE Moved conference manipulation text into a separate section making the XCAP section minimal (less than a page) Declared that interface between focus and conference policy server is out of scope Introduced the concept of sidebars, sidebar URIs etc. Changed media-policy to media-streams and introduced media-policy reference (Cullen Jennings' draft)

11 11 Other Changes From 00 (2/3) Fixed floor policy to enable correlation between media and floor Solved Key participant issue with common-policy Made major changes to conference-time reflecting list consensus Added privileges using common policy Simplified the schema for Dial-out list Changed the schema so the word "conference" does not appear in every element Added a section indicating where in the schema extensions are allowed Made Privileged user the common term replacing policy manipulator, and in some cases creator.

12 12 Other Changes From 00 (3/3) made consistent when to use single quotes, double quotes and <> in schema discussion text Populated the Security section with text Modified examples to reflect recent changes. Split examples into Conference policy example and XCAP example

13 13 Open Issues

14 14 Interpreting the Element “The element is already defined in the common policy framework [1]. However, the rules for interpreting the identities in elements are left for each application to define separately. This document, however, does not define the rules for interpreting identities in elements in conferencing applications since those interpretation rules are signalling protocol specific.” Do we need to say more than this? Specifically, how do you derive the identities (from different using protocols) used in the elements?

15 15 Conference State Events allows or blocks a user from subscribing to conference state event package Is this sufficient? Do we need “confirm”, “polite-block”? Do we need to break conference state into pieces and authorise certain pieces of state and not others?

16 16 Floor Control Events allows or blocks a user to receive conference floor events Is this sufficient? Do we need “confirm”, “polite-block”?

17 17 Conference Information The element controls whether information in the, and elements may be made available publicly. Do we require more granularity for this element? Perhaps an enumerated integer type, with defined levels of information about the conference, or a set of boolean transformations, each granting a single piece of conference information?

18 18 The need for Refer List In the last XCON meeting, we agreed that a separate refer list is needed, mainly because The list is not a list of users that the focus invites to join the conference (dial-out list) The ACL (now using common policy) is not the place to list users a focus refers to the conference

19 19 vs. in the draft refers to any authenticated user refers to any unauthenticated user The lack of element in the conditions means any user, so do we need explicitly?

20 20 Media Stream Security Policy Currently, the draft defines what security measures are needed for the signalling protocol (use of TLS and S/MIME) But what about the media? Do we need to include security policy for media? For example: Audio MUST use SRTP? Can it be a general media security policy or does it have to be per media type? Is this part of media policy? Is is local policy at the focus?

21 21 Authenticating a User The action defines the mechanism used by the conference focus to authenticate a user. This element is an enumerated integer type, with defined values of: none, asserted-id, shared-secret and certificate. We already have the necessary tools in conditions (, conditions without identities) Is this really useful? What benefit does it have to the average user?

22 22 Meta Policy (1/3) Many actions are defined that dictate the privileges for users in a conference:

23 23 Meta Policy (2/3) Should such a policy be defined in a separate document? The separate document indicates the privileged users and their privileges. Advantages: Reduces conference policy complexity Separates the manipulation rules of the conference policy from the conference policy itself Disadvantages: Many of the conditions have to be repeated in this new document. For example: – –Or should this just be using identity? (I.e. privileges are only assigned for identities) A user has to create and manipulate 2 documents.

24 24 Meta Policy (2/3) The current draft defines write access and assumes read access to users with write access Should there be separate actions defining read access? For example: needs the companion action to allow users to read the Dial-out list but not modify it.

25 25 vs. element Common policy has a condition that relates to the authorization rules. It defines the time period that a rule exists in element defines the conference lifetime There are cases where a rule might be valid for a portion of the conference time (eg: first half is management only and second half is for everyone in engineering)

26 26 Providing Anonymity (1/2) Currently a user requests anonymity by authenticating himself to the conference focus and providing an anonymous ID in the signalling protocol (like in the From-header). The conference policy needs to allow anonymous users to join by having a rule allowing it. For example: allow Should there be rules allowing specific users to be anonymous? If so, should there be a condition or transformation to provide anonymity? Or Both

27 27 Providing Anonymity (2/2) alice@example.com allow Do we mean by ? Or do we need both? alice@example.com allow

28 28 and Users who are using a PSTN phone to join a conference can authenticate using a PIN (traditional way). We use the condition for this. Users who are aware of the conference password can join, irrespective of their identity. So anyone who knows the password was join. We use the condition for this. Can we combine? The problem here is that it will create confusion since a user creating those pins or passwords will mistakenly put characters in a pin or think that a password is restricted to digits. They serve different purposes and it doesn't hurt to keep them separate BTW, and should be of type digit and string respectively.

29 29 External Lists (1/2) Currently, the draft states that to use an external list, you just place the list URI (XCAP) into the element that carries the URI Example of normal case: Example of using external list: What does it mean for an element to carry an XCAP URI?

30 30 External Lists (2/2) Should the use of external list be more explicit in the policy by using element or “external” attribute? OR

31 31 Unauthenticated Identities The element in element refers to authenticated users only Do we need to list users that need to be authenticated? For example: User bob@example.com can join a conference, but he does not need to be authenticated? So anyone claiming to be Bob can join?bob@example.com If we allow such a thing, how many Bobs do we allow? I.e. How many are allowed to claim to be Bob and can join?

32 32 Expelling a User Care must be taken since if one rules allows a user to join and one blocks a user from joining, the result in that the user is allowed to join. For example, Bob can join a conference since an authorization rule has been defined to allow everyone at example.com: example.com allow

33 33 Expelling a User Setting the following rule will not block Bob from joining nor will it expel him since the above rule overrides it: bob@example.com block

34 34 Expelling a User So, in order to expel Bob, the original rule has to be modified using the element: example.com bob@domain.com allow

35 35 Floor-id Currently uses floor URI. Needs to be changed to reflect current floor control protocol

Download ppt "1 CPCP Hisham Khartabil XCON WG IETF 60, San Diego 2 nd August, 2004"

Similar presentations

XCAP Tutorial Jonathan Rosenberg.

XCAP Tutorial Jonathan Rosenberg.
Yunling Wang VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)

Yunling Wang VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)
What is XML? a meta language that allows you to create and format your own document markups a method for putting structured data into a text file; these.

What is XML? a meta language that allows you to create and format your own document markups a method for putting structured data into a text file; these.
XCON Framework Overview & Issues Editors: Mary Barnes Chris Boulton

XCON Framework Overview & Issues Editors: Mary Barnes Chris Boulton
EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
A RELOAD Usage for Distributed Conference Control (DisCo) – update – draft-knauf-p2psip-disco-00 draft-knauf-p2psip-disco-00 Alexander Knauf, Gabriel Hege,

A RELOAD Usage for Distributed Conference Control (DisCo) – update – draft-knauf-p2psip-disco-00 draft-knauf-p2psip-disco-00 Alexander Knauf, Gabriel Hege,
XML Configuration Access Protocol (XCAP) Jonathan Rosenberg dynamicsoft.

XML Configuration Access Protocol (XCAP) Jonathan Rosenberg dynamicsoft.
XML Schemas Microsoft XML Schemas W3C XML Schemas.

XML Schemas Microsoft XML Schemas W3C XML Schemas.
Identity, Spheres and Privacy Rules Henning Schulzrinne (with Hannes Tschofenig and Richard Barnes) Workshop on Identity, Information and Context October.

Identity, Spheres and Privacy Rules Henning Schulzrinne (with Hannes Tschofenig and Richard Barnes) Workshop on Identity, Information and Context October.
XCON architecture and protocol musings Henning Schulzrinne Columbia University.

XCON architecture and protocol musings Henning Schulzrinne Columbia University.
Membership and Media Management in Centralized Multimedia Conferences based on Internet Engineering Task Force Protocol Building Blocks Author: Ritu Mittal.

Membership and Media Management in Centralized Multimedia Conferences based on Internet Engineering Task Force Protocol Building Blocks Author: Ritu Mittal.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.

A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
XCON Framework Overview & Issues Editors: Mary Barnes Chris Boulton

XCON Framework Overview & Issues Editors: Mary Barnes Chris Boulton
XP New Perspectives on XML Tutorial 4 1 XML Schema Tutorial – Carey ISBN 0-619- 10187-3 Working with Namespaces and Schemas.

XP New Perspectives on XML Tutorial 4 1 XML Schema Tutorial – Carey ISBN Working with Namespaces and Schemas.
Requirements for DSML 2.0. Summary RFC 2251 fidelity Represent existing directory protocols with new transport syntax Backwards compatibility with DSML.

Requirements for DSML 2.0. Summary RFC 2251 fidelity Represent existing directory protocols with new transport syntax Backwards compatibility with DSML.
XP New Perspectives on XML Tutorial 3 1 DTD Tutorial – Carey ISBN 0-619-10187-3.

XP New Perspectives on XML Tutorial 3 1 DTD Tutorial – Carey ISBN
XCON Working Group IETF 61 Washington, DC. The Normal Stuff NOTE WELL statement Minute Taker Jabber Scribe Blue Sheets.

XCON Working Group IETF 61 Washington, DC. The Normal Stuff NOTE WELL statement Minute Taker Jabber Scribe Blue Sheets.
Slide 1 Conferencing with MSRP draft-niemi-simple-chat-02.txt Miguel Garcia, Aki Niemi IETF-62 08-March-2005.

Slide 1 Conferencing with MSRP draft-niemi-simple-chat-02.txt Miguel Garcia, Aki Niemi IETF March-2005.
1 © NOKIA 1999 FILENAMs.PPT/ DATE / NN SIP Service Architecture Markus Isomäki Nokia Research Center.

1 © NOKIA 1999 FILENAMs.PPT/ DATE / NN SIP Service Architecture Markus Isomäki Nokia Research Center.
1 Tutorial 13 Validating Documents with DTDs Working with Document Type Definitions.

1 Tutorial 13 Validating Documents with DTDs Working with Document Type Definitions.

Similar presentations

Ads by Google