[AG-TECH] AG Security

[Shawn Davis]

Hello,

On Fri, 19 Jul 2002, Ivan R. Judson wrote:
> Currently, we haven't integrated the notion of users into the AG
> completely.  If we did there might be a richer set of data to use for
> exploring different identity and authorization mechanisms.
> 
Being that AGSchedule already incorporates user logins, I'm working on
integrating security into it.  I can automate the creation of the ACL,
and provide keys for encryption through the integrated Venues server.  
Here are my plans for how it will work:
A user schedules a meeting and selects a box to make it a "secure" or
"private" meeting.
Then, all the node operators of the participating sites that the user
selects become members of the ACL.
At this time, a key is generated for that specific meeting and stored in
the database.
When a node operator of a participating site logs in and navigates to the
meeting, they will be able to launch the secure meeting.
Since there's no security preventing people from manually
selecting the ip/port in vic and rat, there's no sense in blocking access
to the venue.  But unless the node operator is a designated participant,
they will not have the encryption key and will not be able to view or hear
the secure meeting.  

Advantages of this process:
1) Automation of ACL - it is specified by the user creating the meeting
simply by selecting the sites that will be participating.  No need to know
individual logins. And no need for one particular person (such as Bob) to
maintain the ACL.
2) Instant updates of ACL - adding/removing allowed participants is easy
for the meeting creator to do - just modify the list of participating
sites through the web interface.
3) Any venue can be used as a secure room.  Since there's nothing special
about the secure room itself, an ACL and key can be used in any venue that
the scheduler owns.

I'd like feedback on this - if I'm missing anything, I'd like to know.
Thanks,
Shawn Davis
wdavis at ncsa.uiuc.edu
National Center for Supercomputing Applications