[AG-TECH] AG Venue Access Control
Ivan R. Judson
judson at mcs.anl.gov
Wed Aug 13 10:39:22 CDT 2003
Hey Stuart,
Good questions. What it does is creates an authorization step in venue
entry. What that means is if you aren't allowed in the venue, you don't get
to know anything about the contents (including the stream information).
If using dynamic streams this means you don't get to know the stream
locations or encryption keys (because they're dynamically allocated). If you
are using static streams, then the addresses could be known. Eventually
(when the media tools are reasonable) we'll be adding an encryption rollover
mechanism that issues new keys at an interval (might be random?), so that
even if you know the stream locations, you won't know the keys to get at the
data.
Does that make sense?
--Ivan
> -----Original Message-----
> From: Stuart Levy [mailto:slevy at ncsa.uiuc.edu]
> Sent: Wednesday, August 13, 2003 10:17 AM
> To: Ivan R. Judson
> Cc: ag-tech at mcs.anl.gov
> Subject: Re: [AG-TECH] AG Venue Access Control
>
>
> On Wed, Aug 13, 2003 at 09:03:58AM -0500, Ivan R. Judson wrote:
> >
> > In the "almost ready to tell you about" 2.1 release
> schedule for this
> > Friday, we have added functionality that allows you (as the
> venue or
> > venueserver administrator) to specify who is allowed in (or not
> > allowed in). This authorization mechanism will be expanding in the
> > future, but currently it enables essentially ACL-like
> control of every
> > venue.
>
> How will it work? Will it use encryption keys for the
> streams, or just tell the tools not to start if the wrong
> site tries to start them? I'm wondering if it's the kind of
> thing that could be evaded by people who knew the multicast
> addresses for the venue.
>
> Stuart
>
More information about the ag-tech
mailing list