[AG-TECH] AG Venue Access Control

Wed Aug 13 15:30:42 CDT 2003

Hi Ed,

The default permission is to let anyone (with a valid certificate) to 
enter the venue.  Someone who has administrative rights to the venue is 
able to remove that default and specify individual users to be allowed or 
disallowed entry when you want to restrict access.

Eric

On Wed, 13 Aug 2003, Ivan R. Judson wrote:

> 
> 
> > -----Original Message-----
> > From: owner-ag-tech at mcs.anl.gov 
> > [mailto:owner-ag-tech at mcs.anl.gov] On Behalf Of Ed Ritenour
> > Sent: Wednesday, August 13, 2003 12:25 PM
> > To: ag-tech at mcs.anl.gov
> > Cc: 'Stuart Levy'
> > Subject: Re: [AG-TECH] AG Venue Access Control
> > 
> > 
> > Ivan
> > 
> > Are you making the authorization optional. There are times 
> > when you want meetings open to allow anyone to attend.
> > 
> > Ed
> > 
> > "Ivan R. Judson" wrote:
> > 
> > > Hey Stuart,
> > >
> > > Good questions.  What it does is creates an authorization step in 
> > > venue entry. What that means is if you aren't allowed in the venue, 
> > > you don't get to know anything about the contents (including the 
> > > stream information).
> > >
> > > If using dynamic streams this means you don't get to know 
> > the stream 
> > > locations or encryption keys (because they're dynamically 
> > allocated). 
> > > If you are using static streams, then the addresses could be known. 
> > > Eventually (when the media tools are reasonable) we'll be adding an 
> > > encryption rollover mechanism that issues new keys at an interval 
> > > (might be random?), so that even if you know the stream 
> > locations, you 
> > > won't know the keys to get at the data.
> > >
> > > Does that make sense?
> > >
> > > --Ivan
> > >
> > > > -----Original Message-----
> > > > From: Stuart Levy [mailto:slevy at ncsa.uiuc.edu]
> > > > Sent: Wednesday, August 13, 2003 10:17 AM
> > > > To: Ivan R. Judson
> > > > Cc: ag-tech at mcs.anl.gov
> > > > Subject: Re: [AG-TECH] AG Venue Access Control
> > > >
> > > >
> > > > On Wed, Aug 13, 2003 at 09:03:58AM -0500, Ivan R. Judson wrote:
> > > > >
> > > > > In the "almost ready to tell you about" 2.1 release
> > > > schedule for this
> > > > > Friday, we have added functionality that allows you (as the
> > > > venue or
> > > > > venueserver administrator) to specify who is allowed in (or not 
> > > > > allowed in). This authorization mechanism will be 
> > expanding in the 
> > > > > future, but currently it enables essentially ACL-like
> > > > control of every
> > > > > venue.
> > > >
> > > > How will it work?  Will it use encryption keys for the 
> > streams, or 
> > > > just tell the tools not to start if the wrong site tries to start 
> > > > them? I'm wondering if it's the kind of thing that could 
> > be evaded 
> > > > by people who knew the multicast addresses for the venue.
> > > >
> > > >     Stuart
> > > >
> > 
> > --
> > Ed Ritenour                                                   
> >       Phone:
> > 510-486-5754
> > Data Communications/ Facilities                          
> > Pager: 510-539-1069
> > Network & Telecommunications Department         Fax: 510-486-7000
> >              Lawrence Berkeley National Laboratory
> >              One Cyclotron Road, Berkeley, CA. 94720
> >                          MS 50E-101
> > 
> > 
> 
> 