skip to main content
Department of Computer Science University of Colorado Boulder
cu: home | engineering | mycuinfo | about | cu a-z | search cu | contact cu cs: about | calendar | directory | catalog | schedules | mobile | contact cs
home · events · colloquia · 2002-2003 · 

Colloquium - Sicker

DLC 1B70

Role Based Authorization in Distributed Real-time Communication
Department of Interdisciplinary Telecommunications

A role-based security policy allows authorization decisions to be based on a role that the user asserts rather than on identity. Role-based authorization can be implemented through an approach that conveys user information in the form of attributes associated with that user. Relying on attributes provides a number of advantages, including simplifying access control, providing a means for more granular (and subsequently more flexible) authorization decisions, and providing a measure of privacy. While role-based authorization has been investigated in the intra-domain space, it is only recently that it has been considered for inter-domain communication.

Douglas Sicker photo

An approach to providing role-based authorization capabilities between domains could be based on the use of the Session Initiation Protocol (SIP). SIP is an application layer protocol that allows endpoints to locate other endpoints and invite them to participate in a session. SIP presently defines various methods for performing authentication (and to a limited extent authorization). However, these methods are generally identity based. In order to facilitate inter-domain role-based authorization, several new SIP-based mechanisms must be defined. This approach would require asserting user attributes between domains in a secure manner. Security Assertion Markup Language (SAML) provides a format for describing these assertions. These user attributes are coded into SAML assertions that are then transported between the SIP entities.

In this talk, I will begin by providing an overview of the architecture for inter-domain role-based authorization. I will then describe a SIP profile and binding for SAML. These profiles and bindings define the ways to incorporate SAML into various communication protocols. Next, I will present a security analysis of the threat model for each of the profiles. I'll conclude this talk by presenting some performance assessments of this design.

Douglas C. Sicker is an assistant professor at the University of Colorado at Boulder in the Department of Interdisciplinary Telecommunications. Before this he was Director of Global Architecture at Level 3 Communications, LLC. Prior to this, Doug was Chief of the Network Technology Division at the Federal Communications Commission (FCC). He has also held faculty positions in the field of medical sciences. Doug's general interests include signaling and security in IP-based networks. His recent work focuses on privacy and role-based authorization in IP-based networks. He is also interested in the interaction of policy and network technology. Doug is a senior member of the IEEE, as well as a member of the ACM and the Internet Society. Doug is active in the Internet2 and the IETF. After leaving the FCC, Doug served as the Chair of the Network Reliability and Interoperability Council steering committee, an FCC federal advisory committee. Doug also served on the Technical Advisory Council of the FCC. Doug holds a PhD from the University of Pittsburgh.

The Department holds colloquia throughout the Fall and Spring semesters. These colloquia, open to the public, are typically held on Thursday afternoons, but sometimes occur at other times as well. If you would like to receive email notification of upcoming colloquia, subscribe to our Colloquia Mailing List. If you would like to schedule a colloquium, see Colloquium Scheduling.

Sign language interpreters are available upon request. Please contact Stephanie Morris at least five days prior to the colloquium.

See also:
Department of Computer Science
College of Engineering and Applied Science
University of Colorado Boulder
Boulder, CO 80309-0430 USA
Send email to

Engineering Center Office Tower
ECOT 717
FAX +1-303-492-2844
XHTML 1.0/CSS2 ©2012 Regents of the University of Colorado
Privacy · Legal · Trademarks
May 5, 2012 (13:29)