<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2655.35">
<TITLE>RE: [AG-TECH] AG Security</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>Just to give you some insight - this is one of our biggest concerns. We have two types of AG setup's -</FONT>
</P>
<P><FONT SIZE=2>1) the open setup to communicate with the AG audience</FONT>
<BR><FONT SIZE=2>2) Secure encrypted communication between our location using J&J multicast address over tunnels. It has taken us about 6 months to make it work - but we now have the ability to have secure connections for J&J and un-secure connections with the AG community. </FONT></P>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Allan Spale [<A HREF="mailto:aspale@evl.uic.edu">mailto:aspale@evl.uic.edu</A>] </FONT>
<BR><FONT SIZE=2>Sent: Thursday, July 18, 2002 2:24 PM</FONT>
<BR><FONT SIZE=2>To: ag-tech@mcs.anl.gov</FONT>
<BR><FONT SIZE=2>Subject: [AG-TECH] AG Security</FONT>
</P>
<BR>
<P><FONT SIZE=2>Hello,</FONT>
</P>
<P><FONT SIZE=2>One of the questions today that I received during my presentation about the Access Grid concerned security. Specifically, how can one guarantee that no one can eavesdrop (video and/or audio) on an AG session. I am somewhat aware about the Secure Room and its purpose, but what other options are there? When I described this process, my explanation made this process of reserving this room seem cumbersome (i.e. having to specifically request use of the Secure Room as opposed to reserving a non-secure venue).</FONT></P>
<P><FONT SIZE=2>The other idea I thought about was setting up an instituition-level venues server (Virtual Venues server software). If this was done, what assurances would there be to keep people from eavesdroping on the internal session. </FONT></P>
<P><FONT SIZE=2>Taking this one step further, if there were shared applications used during a session (and I do not think exposing DPPT data streams would really matter, but for the sake of argument), it is more of the writers of the applications to provide their own security mechanism to assure that the data streams are secured?</FONT></P>
<P><FONT SIZE=2>I would appreciate any people sharing their information with me. In this way, I can help address the security issue in a much better manner in any future AG presentation. Thanks.</FONT></P>
<BR>
<P><FONT SIZE=2>Allan</FONT>
<BR><FONT SIZE=2>EVL@UIC</FONT>
<BR><FONT SIZE=2>node-op</FONT>
</P>
</BODY>
</HTML>