Embed Size (px)
DESCRIPTION
Jill Gemmill 2004 Other drivers COTS - We wanted solution to be implemented by vendors. Therefore, adoption as a standard was necessary H.323/SIP already had existing security protocols – use those, without requiring modifications Be useful for non-standards based conferencing (MPEG2/AG/VRVS)
Citation preview
Jill
Gem
mill
20
04 NMI Component: commObjectITU-T H.350 Directory Services for
Multimedia
Jill GemmillUniversity of Alabama at Birmingham
17th APAN Meeting
Jill
Gem
mill
20
04What problems did we
want to solve?• Use existing identity management –
avoid replicating into proprietary directories
• Standardize storage for protocol-specific data to ease updates/migrations; one central store for multiple protocols
• Leverage identity management for reliable authentication and authorization
Jill
Gem
mill
20
04Other drivers
• COTS - We wanted solution to be implemented by vendors. Therefore, adoption as a standard was necessary
• H.323/SIP already had existing security protocols – use those, without requiring modifications
• Be useful for non-standards based conferencing (MPEG2/AG/VRVS)
Jill
Gem
mill
20
04Acknowledgments
NSF ANI-022710 “ViDe.Net: Middleware for Scalable Video Services for Research and Higher Education” (Gemmill (PI), Chatterjee, Johnson)
NSF ANI-0123937 “NSF Middleware Initiative” via SURA-2002-103 “UAB Middleware Testbed Program: Integrated Directory Services, PKI, Video, and Parallel Computing”, Subcontract (Shealy, Gemmill (Technical Lead))
NSF EPS-0091853 via UA-01-016 “Alabama Internet2 Middleware Initiative”, NSF EPSCoR (Shealy, Gemmill (co-PI) )
Any opinions, findings or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.
Jill
Gem
mill
20
04H.350 : New ITU-T Standard
(ratified August 2003)• H.350 was born out of Internet2 Video
Middleware working group (Internet2 Middleware and ViDe joint initiative)http://middleware.internet2.edu/video/
• H.350 was introduced in NMI Release 2 as commObject, an NMI-EDIT component
• NSF grant to UAB with partners CGU, SURFnet, UNC, and RADVISION
• Sent by ITU for informational review to IETF
Jill
Gem
mill
20
04
H.350 Architecture Components
Jill
Gem
mill
20
04Endpoints
(What the end user has)• H.323 Terminals:
– Desktop videoconferencing (VCON, Viavideo, etc)
– Room videoconferencing (Polycom, Tandberg, etc)
– Multi-point control unit (MCU)• SIP User Agents:
– IP Telephony– Desktop (Messenger, CGU client…)
Jill
Gem
mill
20
04Call Servers -
Service Management
• H.323 Gatekeeper• SIP Proxy • Both have lists of users, do call routing,
enforce usage policies, do logging for any billing….
Jill
Gem
mill
20
04Enterprise Directory
• Central stores of information about people associated with an institution
• Authoritative (eg: Human Resources, Registrar; Telecommunications)
• ONE consolidated list – identities resolved (SSN!)• Benefits:
– Correct and current– Single location to disable account– Single location to reset password
• Video/VoIP manager – reinvent this wheel?
Jill
Gem
mill
20
04H.350 Directory
• Standardized LDAP schema that represents application-specific information for multimedia including these protocols:– SIP– H.323– H.235– H.320– Non-standard (eg: Access Grid, VRVS, MPEG2).
• Designed to require minimal changes to the enterprise directory.
Jill
Gem
mill
20
04H.350 Directory Organization
commObject commUniqueId commOwner commPrivateh323Identity h323IdentityGKDomain h323Identityh323-ID h323IdentitydialedDigits h323Identityemail-ID
…… h323IdentityEndPointTyper h323IdentityServiceLevelh235Identity h235IdentityUid h323IdentityPassword userCertificate
Enterprise DirectoryinetOrgPerson name (dn) address telephone email organization organizational unit commURIRFC 1274 userPassword
Jill
Gem
mill
20
04White Pages
• Look up person – find video/voip address• Standardized – works with multiple vendors’
hardware and software• Makes “Directory of Directories” searching
possible (a global multimedia directory)• Supports ‘clickable’ dialing• Prototype/Testbed H.350 directory
– https://videnet.unc.edu
Jill
Gem
mill
20
04Search for a person
Enter name; Search Result: Associated with multiple endpoints
Jill
Gem
mill
20
04Endpoint Information
Non-Standard “genericIdentity” example
Jill
Gem
mill
20
04Person/Owner Information
Jill
Gem
mill
20
04Other Searches Possible
Jill
Gem
mill
20
04Directory of Directories Search
• Simple Java Directory Search searches public attributes in predefined list of directories. http://metric.it.uab.edu:11080/videnet/index1.html
• Under Development: scalable approach indexes remote directories (LIMS/TIO). A “google-like” repository linking back to distributed entries.
Jill
Gem
mill
20
04Endpoints Implementing
H.350 can…
• Based on EndpointID, email address, etc., lookup correct configuration information and load it. - Solves big user support issue!
• No matter what protocol or brand, necessary data can be managed in an organized way.
• Do white pages search via LDAP protocol – receive answers; ‘click to dial’ if supported.
• <UAB Electronic Phonebook>
Jill
Gem
mill
20
04Endpoints supporting
H.235 can…
• User/Endpoint Validation– Do enterprise authentication (via LDAP)– Obtain videoconferencing credentials– Use VC credentials to obtain CORRECT
configuration– Logging now suitable for usage
tracking/billing
Jill
Gem
mill
20
04Call Servers Implementing
H.350 can…
• Pull information from canonical store– Solves manual data entry problems– Can convert canonical to proprietary if
needed on the fly• Use XIdentityServiceLevel attribute to
provide levels of authorization• Scale up video/voip operations
Jill
Gem
mill
20
04Video Middleware Cookbook• Version 0.5 is included in NMI Release 4
http://www.nsf-middleware.org/NMIR4/• Description and examples of all H.350
attributes • LDIF files ready to use for iPlanet and
OpenLDAP• H.350 installation and server configuration
instructions• Version 1. (March 2004) will include code
snippets for developers and global indexing instructions.
Jill
Gem
mill
20
04Video Middleware Cookbook
http://lab.ac.uab.edu/vnet/
Jill
Gem
mill
20
04Do Any Products Support H.350?
• YES!• Next version of RADVISION ECS Gatekeeper• Demonstration H.323 Endpoint• HCL Technologies SIP Proxy Server• CGU SIP UserAgent available for download
http://ncl.cgu.edu/sipclient/index.php • Having customers like you request H.350
compliance in RFP’s and products will certainly impact the vendors
Jill
Gem
mill
20
04Recent Developments
• Addition of H.350.6 – Call Forwarding• ASN.1 for using H.350 in X.500 directories• Study Group 16 has requested additional
contributions on Federatedapproaches to authentication and authorization
• Study Group 16 has approved of the idea of a 'Global Secure Conferencing Profile' as a useful concept and has requested furthercontributions in this area.
Jill
Gem
mill
20
04How to Participate
• Join Internet2 VidMid-VC• Join the ViDeNet H.350 Deployment
Testbed– Contact TestBed Manager Jason Lynn
[email protected]– Use Video Middleware Cookbook and
provide feedback to the cookbook editors– Attend the “Deploying H.350” full-day
workshop Thursday March 25 (SURA/ViDe Digital Video Workshop post-conference)
Jill
Gem
mill
20
04Workshophttp://www.vide.net/conferences/h350/
Jill
Gem
mill
20
04Q & A
<Insert your question here>
Jill
Gem
mill
20
04
Copyright Jill Gemmill 2003
This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
