Security is a top priority for on-premise conferencing. In Office Communications Server 2007 R2, all messaging and media in conferencing are encrypted, using the same security infrastructure as Live Communications Server 2005 SP1. Office Communications Server 2007 R2 also provides additional safeguards for conferencing. These safeguards include the following features:
Strong authentication using Integrated Windows authentication and Digest authentication. For users who are members of the hosting domain, their domain credentials would be required using Integrated Windows authentication. For nondomain members, Digest authentication is used through the input of the conference ID and the meeting password making up the authentication digest.
Role-based authorization for conference control. Role-based authorization allows for control over who can access what resources. Typically, a presenter would have read and write permissions, while an attendee would have read-only permissions.
Control over the level of access through three predefined access types. The defined types are organizer, presenter, and attendee. The organizer can set up and schedule the meeting and send out invites, as well as promote attendees to presenter status. The presenter can manage the content of the conference, present it, and promote others to presenter status. An attendee can attend and view the materials, as well as optionally download a copy. They can also be promoted by either the organizer or the presenter to presenter status.
Policy-based administration to allow administrators to control resource use and security. Meeting features are grouped and managed by using Meeting policies. Administrators control which meeting features a meeting organizer can use during a meeting by configuring and applying specific policies. For more information about Meeting policy, see the section titled "Meeting Policy and Policy Enforcement" later in this chapter.
Conference access types for organizers to use when they create a conference. Organizers can set the conference to have one of three access types: "Invite Within Network" (Open authenticated in Office Communications Server 2007); "Invite Within Network (Restricted)" (Closed authenticated in Office Communications Server 2007); "Invite Anyone" (Allow anonymous in Office Communications Server 2007).
All authenticated enterprise users can join a conference designated as "Invite Within Network". They join as attendees unless the meeting organizer has designated them presenters.
An Invite Within Network conference is suitable in situations where the participant list is dynamic or unknown, such as an open forum meeting that takes place during the lunch hour. Authenticated enterprise users can join any Invite Within Network meeting that is hosted on any Office Communications Server pool, even if the conference organizer does not specifically invite them. This is usually achieved by one user forwarding a conference invitation to another user.
Federated users can join the meeting as attendees if the organizer invites them. Federated users are not able to join the meeting as presenters, but they can be promoted to presenter during the meeting. However, Office Communications Server does not support creating an Invite Within Network conference with federated users as pre-set presenters. If you want to prevent federated users from participating in an Invite Within Network meeting, you can do so by not configuring the Access Edge Server for federation or by disabling the organizer for federation.
Only authenticated enterprise users who are specifically invited by the conference organizer can join a Invite Within Network (Restricted) conference.
Invite Within Network (Restricted) conferences are suitable in situations where tight control of the conference content is required, such as a meeting that discusses confidential company financial information. An authenticated user who is not explicitly invited cannot join a Invite Within Network (Restricted) conference, even if the user has conference join information from forwarded invitations.
Federated users can join a Invite Within Network (Restricted) conference if explicitly invited. They can join either as attendees or as pre-set presenters. Currently, client implementation prevents a user from scheduling a Invite Within Network (Restricted) conference with federated users.
Invite Anyone conferences have the most relaxed access control. Invite Anyone conferences can be joined by authenticated enterprise users and federated users, as well as anonymous users, as long as those users have conference join information.
Invite Anyone conferences are suitable in situations where collaboration between enterprise users and outside users is required, such as a sales meeting that invites potential outside customers.
To create a meeting of this type, the meeting organizer must be authorized to invite anonymous users. Enterprise users and federated users join as attendees unless they have been designated as presenters by the meeting organizer. Anonymous users join only as attendees, although they can be promoted to the presenter role by presenters after they have entered the meeting. To enter a meeting, anonymous users must present a conference key, which they receive in an e-mail meeting invitation, and they must pass Digest authentication.
Table 6-1 summarizes different situations in which users can be allowed into Office Communications Server conferences.
