You might want to take a look at what inSORS does with their venues, where the "room" can be assigned a "key" you need to unlock the door.
Gavin W. Burris aka 86 wrote: > I think allowing anyone into a secure meeting until you "lock the > door" is a poor security model. No need to lock the door and be > worried about who you have already let in, because it is really not > that user unfriendly to have an attendee list and add them to a secure > room with the GUI server administration tool. If you don't do > security properly, it is just another hoop someone has to jump through > to get what you don't want them to have. > > Derek Piper wrote (on Mon, 11 Apr 2005 at 08:28): > >> Something I've been asked about that's security related is about having >>the ability to 'lock' a room from within the venue client, akin to >>having a closed and locked door for a real conference room. Then, if the >>room were set up to encrypt the traffic and people couldn't just >>'jump-in' it might make private meetings more attractive to those that >>have a need for it. Sure you can set up a room with allowing certain >>certificates, but that's cumbersome to have to do on a per-meeting basis >>if all you want is something like a bunch of 'conference rooms'. Having >>to have an operator tailor a room to a particular meeting isn't a very >>user-friendly way of doing it. >> I asked a while ago on the list of a good way to do that and the >>response was it'd be something I'd have to do myself. If enough people >>think it's a feature they want, maybe we can convince the AG software >>writers/maintainers to add functionality? >> >> Derek >> >> >>Gavin W. Burris aka 86 wrote: >> >>>Here are two good resources: >>>http://multicasttech.com/ >>>http://multicast.internet2.edu/ >>> >>>I get asked about security more and more now. People are concerned that >>>their research will be broadcast to anyone with a multicast-enabled >>>network. VIC and RAT do offer encryption keys, and that is an option >>>to enable with AGTk venue servers. Rooms can have access based on >>>your globus certificates, too. And AGTK uses SSL for its >>>client/server connections. >>> >>> >>>Would it be feasible to route multicast though a VPN for very secure >>>meetings? Say, run a VPN server on the same machine that the venue >>>server is on, have clients connect their VPN client to it, and then >>>fire up AG over the encrypted tunnel? >>> >>> >>> >>>Dioselin Gonzalez wrote (on Wed, 6 Apr 2005 at 09:05): >>> >>> >>>>Hello everybody, >>>> >>>>As part of our distance learning project, we need in-depth technical >>>>information about security mechanisms and multicast allocation in the >>>>AG. Are there any documents or papers about this? >>>> >>>>The team will be doing low-level implementation, so we need hard-core >>>>documentation for techies :o) >>>> >>>>Thanks, >>>> >>>>Dio.- >>>> >>> >>> >>-- >>Derek Piper - dcpi...@indiana.edu - (812) 856 0111 >>IRI 323, School of Informatics >>Indiana University, Bloomington, Indiana > > -- Bob Riddle (b...@internet2.edu) Technologist,Internet2 1000 Oakbrook, Suite 300 Ann Arbor, Michigan 48108 Business Phone: 734.913.4257 Fax Number: 734.913.4255 "An expert is a man who has made all the mistakes that can be made in a very narrow field." Niels Bohr
