jmaria.fontanillo@rediris.es

J. Access Control to Video Resources

TF-VVC

TF-VVC

The bad way

TF-VVC

The bad way

TF-VVC

TF-VVC

TF-VVC

TF-VVC

TF-VVC

TF-VVC

AuthZ module

•AuthN have a private key and AuthZ have the public key

•AuthZ check that the assertion is signed by AuthN

•The assertion contains attributes, that allow implement policies

Example User id, Group id, time to live of assertion, role, project, institution, etc

TF-VVC

•Implementation for DSS

•Will be aligned with JRA5

•Improvements: Independent authorization service

• The client ask to authoritation service and it return a The client ask to authoritation service and it return a tokentoken

• The client contact with streaming server with this token The client contact with streaming server with this token as parameteras parameter

• The token (signed by authZ service) will open or not the The token (signed by authZ service) will open or not the access to video depending on small set of parameters: access to video depending on small set of parameters: token timeout, resource, session code…token timeout, resource, session code…

TF-VVC

TF-VVC

•Advantages: Centralized authZ policies More flexible portal to access to our video resources We separate two domains:

• AuthN server- home organizationAuthN server- home organization

• AuthZ server+video streaming servers – resources AuthZ server+video streaming servers – resources

ownerowner