Password-enabled Venue Service

From UW Center for Collaborative Technologies Wiki
Jump to: navigation, search

The goal of this proposal is to add a minimal level of security to ConferenceXP. The basic idea is to extend the Venue Service to associate an optional password with each venue. Clients must provide this password to obtain the mapping from venue name to multicast address.

This proposal is not intended to be robust against a dedicated attacker. The password is sent in the clear (or, a hash of the password is sent in the clear). And, an attacker can always bypass the venue service altogether if she can learn the IP address of the associated multicast address.

Implementation Details

The Venue Service maintains a mapping from venue identifiers to password. The absence of a mapping for a particular venue implies that there is no password protection. If a password does exist, the server returns a Venue object with a well-known invalid multicast address (probably 0.0.0.0). The client recognizes this address, and prompts the user for a password. The client then performs another remote call to a new Venue Service method, which returns the "real" IP address of the venue.

Server-side changes

  • Add a data structure to FileStorage to keep track of Venue.Identifier to password mappings.
  • Read and write this data structure during cache validation.
  • Change the GetVenues web service call to replace the IP address of "secure" venues with a dummy address (all zeroes).
  • Add a new web service call to re-load a venue based on a particular password:

public Venue GetVenue(string venueIdentifier,string password);

  • Enhance the administrator tool to enable a password during venue creation / modification.

Client-side changes

  • Venues with the dummy multicast address should be displayed using lock icon next to the venue icon.
  • The client must recognize that some venues with the dummy address require a password authentication step. The client should show a dialog box that asks the user for the password. If password authentication succeeds, the enhanced venue result should replace the unauthenticated result in the venue list.