multimedia broadband applications -...
TRANSCRIPT
RVS
Multimedia Broadband Applications
Torsten Braun
Computer Networks and Distributed SystemsInstitute of Computer Science and Applied Mathematics
University of Bern
www.iam.unibe.ch/~rvs
Università della Svizzera Italiana, January 27, 2004, Lugano
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
2
RVS
Overview§ Introduction
l Multimedia Systemsl Multimedia Application
Requirements§ Multimedia Communications
l Multimedia Communication Architecture
l Internet Multicastl Real-time Transport Protocol
§ Audio / Video Applicationsl Mbone A/V Conferencing Toolsl Synchronizationl Adaptive Applicationsl Session Directoryl Mbone VCRl Real-Time Streaming Protocoll Access Gridl Session Initiation Protocoll H.323l Tokyo Lectures l SWITCHvconf
§ Peer-to-Peer (P2P) Networksl P2P Network Architecturesl Unstructured and
Structured P2P Networksl P2P Applications
§ End System Multicast§ IP Telephony (Skype)
§ Distance Learning: VITELSl Interactive Course Modulesl Student Supportl Implementation Architecture
§ Authentication & Authorizationl Authentication & Authorization
Problemsl SWITCH AAI Initiativel Shibbolethl AAI enabled Softwarel AAI Mediators: Proxy, Portal
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
3
RVS
Multimedia SystemsDefinition [Steinmetz]: A multimedia system is characterized by computer controlled and integrated l creationl manipulation, l presentation, l storage, and l communication
of independent information that is encoded in at least l one discrete (time independent) medium
(examples: text and graphics) andl one continuous (time dependent) medium
(examples: sound and moving pictures)
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
4
RVS
Multimedia Applications§ Computer Supported Cooperative Work§ Conferencing§ Tele-medicine§ Distance Learning§ Interactive TV§ Interactive games§ Tele-shopping§ Virtual reality§ Grid access§ …
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
5
RVS
Multimedia Application Requirements§ All sub-streams
l Throughput dependent on encoding scheme, quality, and interactivity level
l Multicast
§ Audiol Low error ratel Low delayl Very low jitter
§ Videol Low error ratel Low delayl Low jitter
§ Datal No (!) errors l For interactive applications: low delay
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
6
RVS
Delay Jitter= variation of delay
(difference between smallest and largest delay)§ Compensation by buffering at receiver (play-out buffer)
delay
density
minimum delay maximum delay
average delay
synchronous play-out
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
7
RVS
< 10-5
00
10-1
10-8
< 10-4
10-2
< 10-8
---
10 ms10 ms
--
a few msa few ms
Maximumbit error rate
Jitter
1-10s> 1s
1ms-1s
< 0.25 s< 0.25 s
< 1s
< 0.25 s< 0.25 s
Delay
Multimedia Application Requirements
TextData
Real-time data
VoiceMusic
Still images
Uncompressed videoCompressed video
Medium
50 kbpsa few 10 Mbps
a few Mbps
64 kbps1.4 Mbps
a few 100 kbps / Mbps
150 Mbpsa few 10 Mbps
Bandwidth
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
8
RVS
Internet Conferencing Scenario
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
9
RVS
Multimedia Communication Architecture
(Adaptive)InformationEncoding
TransportProtocols
Internet Protocol
Ethernet, WLAN, ADSL, ISDN, ...
IP
UDP TCP
Multimedia Application Session
Control
Network
RTP/RTCP
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
10
RVS
Internet Multicast§ Sender transmits multicast packet to a receiver group
that is identified by an IP multicast address§ Establishment of a multicast delivery tree§ Protocols
l Internet Group Management Protocoll Multicast Routing Protocol
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
11
RVS
11101110
110110
1010
00
1111011110
IP Addressing
Network IDNetwork ID Host IDHost ID
Group IdentifierGroup Identifier
reservedreserved
Class A
Class B
Class C
Class D (Multicast)
reserved
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
12
RVS
Multicast Routing
1st Multicast packetPruning2nd Multicast packet
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
13
RVS
Real-time Transport Protocol§ RTP consists of 2 parts
l Real-Time Transport Protocol (RTP) § real-time data transfer
l Real-Time Control Protocol (RTCP) § sender and receiver reports for
QoS monitoring
§ RTP functions are integrated into applications
§ RTP can run on top of any protocol / network
§ Multicast and session control support
Network
Multimedia application(with RTP/RTCP)
UDP
IP
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
14
RVS
RTP Applications
Encoding
RTP RTCP
A/V application (sender)
UDP/IP
Decoding
RTP RTCP
A/V application (receiver)
UDP/IP
§ RTP A/V applicationsl Video server, A/V conferences
§ Real-Time Transport Control Protocol (RTCP)l Sender and receiver reports
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
15
RVS
RTP Applications§ Audio conferencing tools: vat, rat, ...§ Video conferencing tools: vic, IVS, ...§ shared whiteboard (wb)
l RTP extension for scalable reliable multicast
§ Translator implementationsl audio gateway (agw)§ Translation between typical audio encoding formats
l video gateway (vgw)§ Translation between M-JPEG and H.261 (DCT-based
compression)
l further options§ Interconnection of multicast / unicast end systems§ Encryption between firewalls
§ H.323
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
16
RVS
Video Conferencing Tool (vic)§ Widely used video
conferencing tool§ Developed at LBNL § Supports M-JPEG,
H.261, and other video formats
§ Detailed statistics based on RTCP
§ Modular implementation
§ No adaptation of encoding schemes
§ End-to-end encryption
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
17
RVS
Visual Audio Tool (vat)§ Developed for
audio conferences at LBNL
§ Displays single users and indicates currently active user
§ Controls vic windows via conference bus
§ Audio formatsl PCM, GSM, DVI,
...
§ 160 - 640 samples per packet
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
18
RVS
Robust Autio Tool (rat)§ Developed at UCL (UK)§ Various codecs:
PCM, ADPCM, GSM etc.§ Available for many
operating systems§ Adaptive play-out§ Encryption: DES § Loss concealment
schemesl forward error correctionl replacement of lost
samples
§ Trans-coding
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
19
RVS
FreePhone§ Developed for audio
conferencing and games § Higher sampling rate to
achieve CD quality / stereo§ Robustness by transmission
of redundant information§ Compression mechanisms
l PCM, ADPCM, GSM, Adaptive Delta Modulation etc.
§ Configurable number of samples per packet: 80-800
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
20
RVS
Adaptation of Play-out Time
1320 1160 1000 Delay adaptation
Formatconversion
Play-out time
Adaptation after silence period
t
Jitter < 100 ms 160 ms
t
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
21
RVS
Media Synchronization
Delay adaptation
Formatconversion
Delay adaptation
Formatconversion
Mediasynchronization
x ms y ms
max(x,y)max(x,y)
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
22
RVS
Conference Bus§ Local IP multicast in computer via conference bus§ Broadcast of playback delays for synchronization§ vat broadcasts canonical name of current speaker § vic records information and highlights speaker window § Session Control can allocate speaking time to
participant → suppression of other participants
vat vic SessionControl
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
23
RVS
Adaptive ApplicationsExample: INRIA Videoconferencing System
§ Control Algorithmif (median_loss > tolerable_loss)
maximum_rate = max(maximum_rate/2,minimum_rate);
elsemaximum_rate = gain * maximum_rate;
§ Modesl Privilege Quality § Adaptation of frame rate§ Constant compression parameters → high picture quality
l Privilege Frame Rate§ Constant frame rate§ Adaptation of compression parameters
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
24
RVS
Redundant Applications
AudioInput
Echocance-lation
Pausedetection
Com-pression
Redun-dancy
Trans-mission
Feedback
Automatic gain control
AudioOutput
Play-outbuffer
Audio recon-
struction
QoSinfor-
mation
Mixing Decom-pression
Sequen-cing Reception
RTP
RTCP
Example: Freephone
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
25
RVS
Session Directory
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
26
RVS
Mbone VCR§ Functions for recording and replaying RTP sessions§ Remote control § Receiver requires separate audio/video application for receiving,
e.g. vic, vat
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
27
RVS
Real-Time Streaming Protocol
Webbrowser
A/V client
Webserver
A/Vserver
RTSPplug-In
HTTP/TCP
RTSP/TCP(UDP)
RTP+RTCP/UDP
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
28
RVS
Access Grid§ Grid applications produce massive amounts of
data to be viewed.§ Access Grid (www.accessgrid.org)
= (low cost) ensemble of resources including l large-format multimedia displaysl presentation and interactive environmentsl interfaces to grid middleware and to visualization
environments.
§ Resources are used to support group-to-group interactions across the grid, e.g. forl large-scale distributed meetingsl collaborative work sessionsl seminars, lectures, tutorials, and training
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
29
RVS
Access Grid Node§ Node consists of
l Conferencing rooml Large display for multiple users§ Multiple aligned projectors to
project a single image§ Alignment requires image
corrections
l Multiple camerasl Audio equipment
(microphones, speakers) with echo cancellation
l 4 computers (display, video capture, audio, control)
§ Standard hardware and open source software, e.g. vic, rat
§ Network requirements: bandwidth and multicast
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
30
RVS
Access Grid
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
31
RVS
Session Initiation Protocol
turing gauss
sip.iam.unibe.ch
Location server
INVITE [email protected]: [email protected]: [email protected]: [email protected]
brau
n
brau
n@ga
uss
INVITE [email protected]: [email protected]: [email protected]: [email protected]
unisi.ch
iam.unibe.ch
OKFrom:...To: ...CALL-ID: ...
ACK braun@gaussFrom:...To: ...CALL-ID: ...
OKFrom:...To: ...CALL-ID: ...
ACK [email protected]: ...To: ...CALL-ID: ...
Proxyserver
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
32
RVS
H.323
Terminals
MultipointControl
UnitGatewayGatekeeper
Router Zone
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
33
RVS
H.323 Gatekeeper§ Terminals must use gatekeeper (if available)
before initiating / accepting calls§ Functions
l Call control§ Admission control, e.g. to prevent external calls § Gatekeeper permits to use a certain bandwidth for a call
l Address translation§ Mapping: Alias (phone no., email addr., name) → IP address§ Support of conference names§ Localization functions and mobility support
l Network and zone management, registration, accounting
l Signaling & call management, supplementary services
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
34
RVS
H.323 Connection Establishment
ALERT (H.245-Port)
CONNECT
Terminal 1 Terminal 2
CALL PROCEEDING
SETUP
Gatekeeper
ARQ (phone number)
ACF (signaling port)
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
35
RVS
H.323 Multipoint Control Unit
§ MCU mixes different audio / video streams§ Similar concept for data collaboration tools
(includes floor control)
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
36
RVS
AI Tokyo Lectures§ Interconnection of five universities
(Tokyo, Beijing, Zürich, Munich, Warsaw)
§ 10 lectures to hundreds of students
§ Technology usedl H.323 video conferencing
(SWITCH MCU)l Live streamingl Instant messagingl Application Sharing (BridgIT)
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
37
RVS
Demo AI Tokyo Lecturestokyolectures.org
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
38
RVS
Demo SWITCHvconfwww.switch.ch/vconf/
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
39
RVS
Peer-to-Peer (P2P) Networks§ End-to-end (e2e) communication between end systems§ Interaction between equal end systems§ Resource sharing§ No central control or services§ Autonomous and self-organizing systems
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
40
RVS
Domain Name System vs. P2P Networks§ Conventional DNS address mapping
l DNS mapping§ logical name (e.g., host name) → IP address
l Mapping is centralized / hierarchical
§ Peer-to-Peer Networksl Application specific mapping§ application ID (e.g., fileID) → IP address
l Mapping may be distributed
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
41
RVS
Peer-to-Peer Network Architectures§ Index and file server
l contains file index and corresponding files
§ P2P network with central index serverl contains file indexl Files are distributed
among peers. l Example: Napster
§ Distributed P2P networkl Index and files are
distributed among peers.→ Redundancy→ Load balancing
centralindex server
index andfile server
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
42
RVS
Distributed Peer-to-Peer NetworksUnstructured§ Characteristics
l Flat network without structurel Random searches
(flooding or random walks)
§ Advantagesl Easy accommodation
of transient nodesl High failure tolerancel Key word search possible
§ Disadvantagesl inefficient and not scalable
searches
§ Examplesl Gnutellal Freenet
Structured§ Characteristics
l Establishment of an overlay network structure
l Connection of neighborsl Mapping of keys to nodes
§ Advantagesl Rather efficient searchesl Scalability
§ Disadvantagesl Limited failure tolerancel Overhead for joins/leavesl Difficult keyword search
§ Examplesl Tapestryl Chordl Content Addressable Network
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
43
RVS
Unstructured P2P Network: Gnutella§ Each message carries a unique ID § Broadcast of query messages to
neighbors using TCP, TTL = 7.§ Unique ID is memorized by forwarding
nodes → Loop control→ Back-propagation of responses
§ Messagesl PING / PONG
§ Neighbor detectionl QUERY / QUERY RESPONSE
§ File search§ Flexible interpretation of query !§ Response: IP address of peer
l GET and PUSH § Loading and storing of files§ Push in case of server behind firewall
§ Reflector nodes l cache query resultsl can answer subsequent queries
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
44
RVS
Gnutella Problems§ Bootstrapping: host caches for locating peers§ Mismatch of Gnutella and IP network
l 2-5 % of Gnutella link nodes within the same autonomous system (AS), but > 40 % of nodes are within top 10 ASs
l unnecessarily high number of traffic crossing ASs
§ Huge amount of control messages (ping, query flooding); collapse in 8/2000
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
45
RVS
Super PeersTwo level network organization: Super Peers (usage in Kazaa / FastTrack)§ organize themselves on a higher level and
shield network traffic from ordinary nodes.§ have high-bandwidth, fast WAN access and
high processing power§ store metadata from clients and can answer request on
their behalf.
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
46
RVS
Structured P2P Networks§ Distributed storage of (key, value) pairs, e.g.
l Key = hash value of file namel Value: IP address of storing node
§ Each node stores a certain key space → distributed hash tables§ Establishment of network structures such as rings or hyper-cubes
(→ routing tables)§ Transfer of (key, value) pairs for joining and leaving nodes
A:1-1111
B:1112-2222
C:2223-3333
F:5556-6666
G:6667-7777
H:7778-8888
I:8889-9999
D:3334-4444
E:4445-5555
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
47
RVS
P2P Problems§ Firewall and network address translator (NAT)
l TCP connections towards peers behind firewalls are not allowed → gateways for firewall / NAT traversal
§ Asymmetric networks§ Bandwidth consumption in access networks§ High join and leave ratios
l Network changes and (key, value) transfers
§ Trust and cooperationl Scoring mechanisms for building reputation
§ Anonymityl Users want to store data anonymously on other
peers.
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
48
RVS
Peer-to-Peer Applications§ Distributed lookup service
l Example: address mapping
§ Distributed file systemsl Examples: Kazaa, eDonkey etc.
§ Overlay networks for multicast data distributionl Example: Narada (end system multicast)
§ GRID Computingl Example: SETI@home
(Search for Extra Terrestrial Intelligence)
§ IP Telephony l Example: Skype
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
49
RVS
End System Multicast§ Native IP Multicast
l Low deployment in ISP networksl Scalability concerns (multicast routing entries)
§ End System Multicast, e.g. Naradal Self-organized establishment of overlay networks
for multicast distribution as in P2P networksl use of unicast forwarding mechanismsl Mesh establishment and adaptationl QoS routing protocol on top of the mesh:
shortest widest path algorithm in order to optimize latency and bandwidth
l Member nodes exchange measurement packets every 200 ms.
l Results (real experiments in research networks): In some cases, optimization works better than regular IP multicast routing in terms of bandwidth and delay !
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
50
RVS
Skype§ First P2P based IP telephony system (9/2003)§ Based on Kazaa / FastTrack P2P technology
(Super Peers)§ Decentralized global user directory§ Encrypted voice connections§ Routing along P2P network§ Firewall / network address translator traversal§ Works with random ports > 1024 or port 80 ☺§ Based on UDP and/or TCP§ 3-16 kbyte/s§ Proprietary signaling protocol L
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
51
RVS
Demo Skypewww.skype.com
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
52
RVS
Distance Learning§ Distance Learning courses are usually based
on a large variety of media such as text, data, graphics, audio, video, animations§ Distance learning courses should be highly
interactive.§ High degree of interactivity increases
bandwidth and delay demands§ WebCT: standard e-learning platform at U Bern
l Repository for slides, video filesl Exercise handlingl Discussion forumsl Student data
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
53
RVS
Demo WebCT Coursewebct.unibe.ch
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
54
RVS
VITELS§ Virtual Internet and Telecommunications Laboratory of
Switzerland§ Swiss Virtual Campus Project No. 991043§ Runtime: October 2000 - July 2004§ www.vitels.ch
U Bern(IAM + Informatikdienste)
U FribourgEI Fribourg
U Neuchâtel
U Genève
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
55
RVS
Goals
§ Improve attractiveness and quality of education by practical exercises to complement lectures in telecommunications / computer networks
§ Sharing of human and technical resourcesallowing partners to focus on main competence
§ Highest degree of interactivity§ Ease of use (no special hardware / software
requirements except web browser, single login)
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
56
RVS
Interactive Course Modules§ Keywords: Hands-on exercises, interactivity§ Series of course modules (course language: English)§ Types of course modules
l Virtual exercises: experiments using emulation and simulation of network devices§ Safe§ No perfect image of the real world
l Remote exercises: experiments with real, commercially available equipment§ Not safe (→ challenge for software to be developed)§ Mistakes like in the real world (→ valuable learning effects)
§ Integration into curriculum l Replacement of traditional exercises with
required presence of tutors and limited laboratory access times
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
57
RVS
Course Module Structure Chapter 1: Introduction
l Welcome l The Goals and How to Reach Them l Module Vicinity l My Goals l Tips l FAQ
Chapter 2: Theoryl Theoretical Basics l Readings l Personal Synthesis l Self-test l Quiz
Chapter 3: Knowledge Application / Explorationl Hands-on Session
Chapter 4: Prove Your Knowledge and Skillsl Personal Synthesis l Final Quiz
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
58
RVS
Student Support
Telephone or A/V Conferencingwith Tutor
Email Exchange with Tutor
Discussion Board
Frequently Asked Questions
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
59
RVS
VITELS Implementation Architecture
Portal Server(LDAP Client)
Host
Repeater
Router
LDAP ServerSchedulingStudent dataModule data
ClientsStudents, Tutors
Course ServerWebCT
AccessControl (IPSec)
Scheduling
IP SecurityModule Lab
otherlab
Distributed users and distributed resources !
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
60
RVS
Demo VITELSwww.vitels.ch
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
61
RVS
Authentication & Authorization§ Authorization is the process to decide whether
an authenticated user is allowed to access or perform operations on a resource. § Problems of authorization schemes
l User accounts with high administration overheadl Fine-grained access control is often impractical§ Examples: on-line libraries, distance learning courses
l Credentials need to be delivered to servers
§ Requirements for authorizationl Scalability for resource administratorsl Convenience for users§ Example: single login / password at home organization
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
62
RVS
Authentication & Authorization Problem
ResourceB
University of Fribourg
ResourceC
University of Geneva
Infoaboutuser
ResourceA
Infoaboutuser
User
ID, Credentials
Problem: Many users - many resources - many organizations
User
ID, CredentialsID,
CredentialsID, Credentials
User
ID, CredentialsID,
CredentialsID, Credentials
Infoaboutuser
University of BernID,
Credentials
Infoaboutuser
ID, Credentials
Infoaboutuser
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
63
RVS
SWITCH AAI Initiative§ Authentication and Authorization Infrastructure§ 2001/2002: study phase§ early 2003: selection of Shibboleth middleware
(Internet 2) as basis for implementation§ currently: pilot projects and implementation § www.switch.ch/aai
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
64
RVS
AAI Terms§ Home Organization
l Representative of a user community, e.g. universities, libraries, university hospitals etc.
§ Resourcel Application, web site, network, system,
remote laboratory, etc.
§ Resource Ownerl Entity owning a resource and
offering resource access to users
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
65
RVS
AAI Key Features§ Users authenticate to home organization only !§ Resource owners grant access to resource
based on information about users (authorization attributes)
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
66
RVS
ResourceOwner
User‘s HomeOrganization
AccessControlManager
Resource
Info(name,
address,….)
Registration
AccessControl
Definition
User
Registration
data system
Legend:
Pre-processing
UserDB
AAI Model: Registration
1
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
67
RVS
ResourceOwner
User‘s HomeOrganization
AAI
AccessControlManager
Resource
AuthorizationInformation
Authentication
AccessControl
Definition
Access Requestof an authenticated
user
User
Authorization InformationDelivery
data system
AAI-interaction
Legend:
Authentication
UserDB
1
2
3
AAI Model: Resource Access
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
68
RVS
Shibboleth§ AAI solution of Internet2 / MACE
(Middleware Architecture Committee for Education)l middleware.internet2.edu/MACE/l shibboleth.internet2.edu
§ Componentsl SHIRE: Shibboleth Indexical Reference Establisher§ Intercepts resource requests
l SHAR: Shibboleth Attribute Requester§ contacts AA to fetch authorization attributes of a user
l WAYF: Where Are You From server§ redirects user back to HS of home organization
l HS: Handle Server§ authenticates user locally and provides opaque handle identifying
a user
l AA: Attribute Authority§ retrieves attributes (according to user‘s release policy) and
passes them to SHAR
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
69
RVS
Shibboleth AA ProcessR
esou
rce
WAYF
Users HomeOrganization Resource Owner
1
SHIRE
I don’t know you.Not even which home
org you are from.I redirect your request
to the WAYF32
Please tell me where you come from
HS
5
6
I don’t know you.Please authenticate
yourself
7
User DB
Credentials
OK, I know you now.I redirect your requestto the target, together
with a handle
4
OK, I redirect yourrequest now to
the Handle Service of your home org.
SHAR
Handle
Handle8
I don’t know theattributes of this user.Let’s ask the Attribute
Authority
Handle9AA
Let’s pass over the attributes the userhas allowed me to
release
Attributes 10
Reso
urce
Man
ager
Attributes
OK, based on theattributes, I grant
access to the resource
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
70
RVS
AAI
AAI enabled Software
ResourceOwner
Application, e.g.Web Server,WebCT Vista
AAI
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
71
RVS
AAI Mediators§ Problem: Resources are not AAI aware§ Solutions: AAI Mediator
l AAI Proxy§ User is transparent for the resource§ Resource access via proxy§ Example:
Access to on-line libraries are often based on IP addresses.
l AAI Portal§ provides user information in the form required by resource § Direct resource access§ Examples: web and course servers
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
72
RVS
AAI
AAI Proxy
ResourceOwner
AAIAAI Proxy
(Web Proxy)
Web Server“Black Box”
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
73
RVS
AAI Portal
AAI
ResourceOwner
AAI AAI Portal Resourcesign on
Portaldata base
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
74
RVS
Demo AAI Portalaaitest2.unibe.ch/aai-portal
Janu
ary
27, 2
004
Tors
ten
Bra
un (
Uni
vers
ität B
ern)
: Mul
timed
ia B
road
band
App
licat
ions
75
RVS Thank you for listening !
If you have more questions:please contact [email protected]