[AG-TECH] Encryption of Access Grid 2.x Sessions

Allan Spale aspale at evl.uic.edu
Mon Feb 2 11:40:09 CST 2004 

Ivan,

Thanks for your reply.  After trying some things out, I have some specific
questions listed below.

On Sun, 1 Feb 2004, Ivan R. Judson wrote:

> Hey Allan,
> 
> > I was talking with Obana-son of NTT concerning a conference
> > that EVL and some other Japanese institutions will be
> > participating in, and he expressed an interest in using AG
> > 2.x to have the encrypted AG session (i.e.
> > key-based/non-default encryption where some keys mst be exchanged).
> > I would like to know whether it is possible to reserve an AG
> > 2 room that would provide this capability.  If this is not
> > possible, how difficult would it be to set up a venue server
> > that could provide these capabilities and what additional
> > software would be needed to do this (such as the different
> > things you describe below)?
> 
> It's not clear to me what "the different things you describe below"
> includes. If you can be more explicit I think the answers to your questions
> are easy to find.
> 
> Currently, any AG2 venue can be told to be "secure" some are secure by
> default, such as those at https://ag-2.mcs.anl.gov:8000/, others like the
> tvs https://vv2.mcs.anl.gov:9000/ are not. The encryption coupled with
> authorization enables the same effective security model as AG1, you can not
> allow people in the venue so they can't have the encryption keys.
> 

I tried running a local venue server on my display PC (just to try things
out).  The IP addresses that I used were EVL at UIC video and audio addresses
from tvs (is this "ok" to do?).  I specified an encryption key and then
had the other node operator try to connect using the standard connection
method.  He could not see the streams that I was sending out.  That was
good, but then how do people specify encryption keys if they are supposed
to be attending? 

The only other flaky thing that I encountered was trying to create a list
of people's Globus certificates for who is permitted to enter the venue.
When I made the changes, they did not seem to "save".  I might not have
added the people correctly in the first place, so it may have been my own
fault.

> This is all available now, if you are interested in using this, I suggest
> you find a place to run a venue server and get familiar with administrating
> it. Then you can modify the list of authorized users yourself.
> 
> --Ivan
> 
> 

One more thing.  If I wanted to run a local multicast bridge, do I have to
use Linux because BridgeServer.py directly uses QuickBridge?
Additionally, could the QuickBridge and the venue server coexist on the
same machine without inflicting too much load on it.

Thanks for your help in this matter.


Allan

More information about the ag-tech mailing list