2020 2003 – Ninth Americas Conference on Information Systems MIDDLEWARE FOR SECURED VIDEO-CONFERENCING Tarun Abhichandani Network Convergence Laboratory Claremont Graduate University tarun.abhichandani@cgu.edu Samir Chatterjee Network Convergence Laboratory Claremont Graduate University samir.chatterjee@cgu.edu Bengisu Tulu Network Convergence Laboratory Claremont Graduate University bengisu.tulu@cgu.edu Jill Gemmill University of Alabama at Birmingham jgemmill@uab.edu Abstract Video-conferencing over IP networks is rapidly becoming a popular application. Currently, there are two standards for signaling that are used in such applications. H.323 is the signaling standard from ITU-T (used by most commercial video-conferencing system) and SIP, which is an IETF approved standard for voice and video communications. In this paper, we present federated security mechanisms as developed within a large project (Vide.Net) on Internet2. We discuss an actual SIP client architecture. Issues and techniques for authentication and authorization in SIP and H.323 based systems are explained. Moreover, we provide insights towards building a federated authentication/authorization model for secured video-conferencing. This federated model utilizes emerging SAML technology that promotes single sign-on authentication and is a novel approach for inter-realm authentication. Call flows depicting behavior of secured video-conferencing are enumerated. Keywords: Authentication, authorization policies, federated administration, middleware, H.323, SIP, video- conferencing. Introduction Real-time applications that send and receive media (audio, video, instant messaging) are rapidly converging on the Internet. Among them, video-conferencing is a popular application that lets diverse group of people located at distributed sites to communicate with each other using video and audio. For video-conferencing, we need signaling protocols as well as media handling capabilities. Session Initiation Protocol (SIP) (Rosenberg, et al., 2002) and H.323 (http://www.itu.int , 2000) have been used for Voice over IP (VoIP) with SIP gaining popularity as a flexible session oriented protocol approved by the Internet Engineering Task Force (IETF). However, in the video-conferencing space, we could not find many academic or commercial applications that use SIP 1 . Most commercial video systems use H.320 protocol over ISDN lines or H.323 over ethernet. Only recently have we started to see the migration of these products to IP-based networks. Not only there is a need to develop and deploy SIP-based video-conferencing applications but also there are several requirements within the higher education community that must be met. These requirements include security, enterprise-level authentication, and having proper authorization policies in place to facilitate inter-campus video communications. Privacy and confidentiality of users is also needed. The paper starts with explaining the design of a SIP-based video-conferencing application. This prototype implementation is being carried out as a collaborative project at Vide.Net ( http://www.vide.net) over Internet2. Further, the paper substantiates requirements for a federated authentication system. After evaluating why a federated authentication is necessary it examines Shibboleth architecture, based on Security Assertion Markup Language (SAML) assertions, which provides us with capabilities of implementing federated security structure. In conclusion, the paper illustrates SIP-based and H.323-based call 1 MSN Messenger is a SIP client from Microsoft.