[email protected] j. access control to video resources tf-vvc
TRANSCRIPT
TF-VVC
The bad way
TF-VVC
The bad way
TF-VVC
TF-VVC
TF-VVC
TF-VVC
TF-VVC
TF-VVC
AuthZ module
•AuthN have a private key and AuthZ have the public key
•AuthZ check that the assertion is signed by AuthN
•The assertion contains attributes, that allow implement policies
Example User id, Group id, time to live of assertion, role, project, institution, etc
TF-VVC
•Implementation for DSS
•Will be aligned with JRA5
•Improvements: Independent authorization service
• The client ask to authoritation service and it return a The client ask to authoritation service and it return a tokentoken
• The client contact with streaming server with this token The client contact with streaming server with this token as parameteras parameter
• The token (signed by authZ service) will open or not the The token (signed by authZ service) will open or not the access to video depending on small set of parameters: access to video depending on small set of parameters: token timeout, resource, session code…token timeout, resource, session code…
TF-VVC
TF-VVC
•Advantages: Centralized authZ policies More flexible portal to access to our video resources We separate two domains:
• AuthN server- home organizationAuthN server- home organization
• AuthZ server+video streaming servers – resources AuthZ server+video streaming servers – resources
ownerowner