One of the main security concerns for Collaborative Working Environment (CWE) and Collaborative Virtual Environments has to do with the management and distribution of data or resources amongst a group of users. For any proposed CWE scenario, it must be possible to control access to data and applications within the CWE. This must take into account the requirements of the group of users involved, as well as the requirements of the multiple domains across which the virtual CWE is physically located. In addition, if data may be highly sensitive, or even classified, there are likely to be significant constraints on its use that need to be strongly enforced by the access control system(s) within the CWE.
To this end, there has recently been a lot of research and standardisation work on Multi-domain Authentication & Authorisation models. In addition, multi-domain authentication and authorisation solutions have been identified as a pressing need for videoconferencing in particular (see [1]).
In VISNET I, an Access Control Architecture has been specifically designed to meet the multi-domain authentication and authorisation requirements associated with multimedia CWE scenarios.
In VISNET II, a prototype implementation of the access control architecture is being developed to obtain metrics for validation purposes, as well as to allow demonstrations of the architecture for Collaborative Working environments such as nuVa. The prototype implementation uses various Web Service Standards (particularly WS-Trust) and SAML token exchange to facilitate secure access between multiple domains. The prototype implementation uses OBSCURE to facilitate secure access to protected data items.
[1] “Federated Secure Internet Conferencing”, University of North Carolina at Chapel Hill, Study Group 16, ITU Telecommunications Standardisation Sector, Document DVD-2427, 11-14 May 2004.