[AG-TECH] AG security and multicast ?

Derek Piper dcpiper at indiana.edu
Mon Apr 11 08:28:41 CDT 2005


	Something I've been asked about that's security related is about having 
the ability to 'lock' a room from within the venue client, akin to 
having a closed and locked door for a real conference room. Then, if the 
room were set up to encrypt the traffic and people couldn't just 
'jump-in' it might make private meetings more attractive to those that 
have a need for it. Sure you can set up a room with allowing certain 
certificates, but that's cumbersome to have to do on a per-meeting basis 
if all you want is something like a bunch of 'conference rooms'. Having 
to have an operator tailor a room to a particular meeting isn't a very 
user-friendly way of doing it.
	I asked a while ago on the list of a good way to do that and the 
response was it'd be something I'd have to do myself. If enough people 
think it's a feature they want, maybe we can convince the AG software 
writers/maintainers to add functionality?

	Derek


Gavin W. Burris aka 86 wrote:
> Here are two good resources:
> http://multicasttech.com/
> http://multicast.internet2.edu/
> 
> I get asked about security more and more now.  People are concerned that
> their research will be broadcast to anyone with a multicast-enabled
> network.  VIC and RAT do offer encryption keys, and that is an option
> to enable with AGTk venue servers.  Rooms can have access based on
> your globus certificates, too.  And AGTK uses SSL for its
> client/server connections.
> 
> 
> Would it be feasible to route multicast though a VPN for very secure
> meetings?  Say, run a VPN server on the same machine that the venue
> server is on, have clients connect their VPN client to it, and then
> fire up AG over the encrypted tunnel?
> 
> 
> 
> Dioselin Gonzalez wrote (on Wed, 6 Apr 2005 at 09:05):
> 
>>Hello everybody,
>>
>>As part of our distance learning project, we need in-depth technical 
>>information about security mechanisms and multicast allocation in the 
>>AG.  Are there any documents or papers about this?
>>
>>The team will be doing low-level implementation, so we need  hard-core 
>>documentation for techies :o)
>>
>>Thanks,
>>
>>Dio.-
>>
> 
> 

-- 
Derek Piper - dcpiper at indiana.edu - (812) 856 0111
IRI 323, School of Informatics
Indiana University, Bloomington, Indiana




More information about the ag-tech mailing list