Re: [XCON] CPCP Issue 28: <pin> and <password>

To: hisham.khartabil at nokia.com
Subject: Re: [XCON] CPCP Issue 28: <pin> and <password>
From: Paul Kyzivat <pkyzivat at cisco.com>
Date: Mon, 23 Aug 2004 15:39:21 -0400
Cc: xcon at ietf.org
List-help: <mailto:xcon-request@ietf.org?subject=help>
List-id: Centralized Conferencing <xcon.ietf.org>
List-post: <mailto:xcon@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/xcon>, <mailto:xcon-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/xcon>, <mailto:xcon-request@ietf.org?subject=unsubscribe>
References: <2038BCC78B1AD641891A0D1AE133DBB7023EEC54@esebe019.ntc.nokia.com>
Sender: xcon-bounces at ietf.org
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826

Hisham,

Here is the basic use case I have in mind, though there are lots of variants on it:

- some conference participants are likely to call from some random PSTN phone that can't be anticipated in advance

- calls from the PSTN may well have the calling phone number as an authenticated identity, because a GW has reason to trust the callerid it gets from the PSTN.

- conference administrator can't authorize each potential PSTN phone number that might be used by a participant, and isn't willing to blanket authorize participation by arbitrary PSTN callers.

The shared secret (password or pin) can provide a way in for these users, but it isn't a way of authenticating the calling identity, and it must override the lack of authorization for the calling user authenticated identity.

	Paul

hisham.khartabil at nokia.com wrote:

-----Original Message-----
From: ext Paul Kyzivat [mailto:pkyzivat at cisco.com]
Sent: 13.August.2004 17:41
To: Khartabil Hisham (Nokia-TP-MSW/Helsinki)
Cc: xcon at ietf.org
Subject: Re: [XCON] CPCP Issue 28: <pin> and <password>
Hisham - comments inline.
	Paul
hisham.khartabil at nokia.com wrote:
Users who are using a PSTN phone to join a conference can
authenticate using a PIN (traditional way). We use the <pin> condition for this.

Users who are aware of the conference password can join,
irrespective of their identity. So anyone who knows the password was join. We use the <password> condition for this.

There was a huge confusion about the useability of these 2
conditions. A question was raised on how a focus would react if the password was changed for the conference. Another was raised on what does it mean for a user to be authenticated and then requiring them to enter a password?

There were also comments that a conference policy should
not assign passwords. Those are assigned out of band. The conference policy would then just require the password.

There was no consensus on any of these issues. Here is a
concrete proposal:
I seem to recall that there was a recognition that pins/passwords can be used in two ways:
- they may be used as a means of authenticating. In this case the pin
  or password is specific to an identity that must also be provided
- they may be used as a shared secret for a conference, where possession grants admission to the conference regardless of identity.

The first form is irrelevant to CPCP, since its use would simply provide the identity that is used by CPCP for authorization. It is the second usage that needs to be discussed in CPCP.

- using password and pin with <id> does not make sense
since <id> indicates that a user is authenticated so no need to authenticate that user again.

I don't think the above is true. It is quite possible to be calling from a device that authenticates, but not as a user authorized to join. For instance this is likely to be the case for users calling from the PSTN - the call is likely to have the identity of the calling device: tel:nnn.
So, I think you have multiple ways to get in:
- you are authorized by your identity
- you are authorized by the possession of a secret
Agreed. I was specifically referring to password, not PIN.
- passwords and pins are set out of band - allow rules that indicate that if an unauthenticated user
tries to join a conference, then he needs to enter a pin or password.
Or a user that is authenticated but neither authorized nor rejected on the basis of that authentication.
If there is no rule put in place to reject the user, then he is automatically authorised to join (or was it automatically rejected? Can someone remind me of how common-policy handles lack of rules?)
Regards,
Hisham
- change pin to only be digits - if a password or pin is changed for a certain conference,
users who used that pin or password are not booted out.
Any comments?
Regards,
Hisham
_______________________________________________
XCON mailing list
XCON at ietf.org
https://www1.ietf.org/mailman/listinfo/xcon
_______________________________________________
XCON mailing list
XCON at ietf.org
https://www1.ietf.org/mailman/listinfo/xcon

_______________________________________________
XCON mailing list
XCON at ietf.org
https://www1.ietf.org/mailman/listinfo/xcon

References:
- RE: [XCON] CPCP Issue 28: <pin> and <password>
  - From: hisham . khartabil

Prev by Date: RE: [XCON] CPCP Issue 20: The need for Refer List
Next by Date: [XCON] Change of Chair Address
Previous by thread: RE: [XCON] CPCP Issue 28: <pin> and <password>
Next by thread: RE: [XCON] CPCP Issue 28: <pin> and <password>
Index(es):
- Date
- Thread

Re: [XCON] CPCP Issue 28: <pin> and <password>

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.