This paper describes efforts underway within Internet2 to create a secure federated IP based videoconferencing model. The objective is to create an environment that is user-friendly, ensures user privacy, and simplifies user management. This model makes use of the Session Initiation Protocol (SIP) as the underlying session establishment protocol. Since the session can (and most often will) be between domains, securing the process will involve inter-realm authentication and authorization, which gives rise to host of issues such as user privacy and authorization granularity. To address this issue, we make use of a federated trust model for sharing resources based on Shibboleth and the Security Assertion Markup Language (SAML), an XML-based security standard that describes the format and exchange of authentication and authorization information, such as identity, attributes, and artifacts.
Douglas C. Sicker, Ameet Kulkarni, Anand Chavali,