|
|
Hi Folks,
I'm thinking about whether the Live Sharing Feature is recommendable for a
SME environment or not. So I'd appreciate to get some background informations
on LS. To have a clear picture in mind is indispensable for evaluating the
limitations, reliability, and security of LS.
LS seems to establish a P2P connection between host and attendees. What kind
of encryption is used? Anything known about problems with firewalls? Any kind
of certification involved while establishing the connection? What services
are required? Does it make a difference whether the database is settled on a
server or on a client PC? How does LS identify the attendee who made a
specific change to the live shared notebook?
Ricco.
|
|
The Live Sharing feature is a holdover from the 2003 version and is
somewhat less emphasized in 2007 and beyond. The preferred method of
sharing OneNote information is via a Shared Notebook.
The synchronization isn't in real time, but fairly close, and all
communication is between each client and the server where the Shared
Notebook is stored. That communication is via normal file access
(SMB/Mapped Drive/SharePoint/etc.) A Live Sharing session is only between
2 peers.
The attendee is identified via the name listed under Tools | Options |
Display | Personalize Your Copy of Office. There is no authentication
performed. Notebooks do not have additional security associated with them.
They rely on the underlying security provided by the OS.
NTFS/Share/SharePoint permissions apply, but that authenticated user's name
is not brought into a Shared Notebook or LS session.
=?Utf-8?B?UmljY28gUmVpbWFubg==?= <Ricco
Reimann[ at ]discussions.microsoft.com> wrote in
news:4379873F-2EC5-4185-83EC-8A0D1D5B2C15[ at ]microsoft.com:
[Quoted Text] > Hi Folks,
>
> I'm thinking about whether the Live Sharing Feature is recommendable
> for a SME environment or not. So I'd appreciate to get some background
> informations on LS. To have a clear picture in mind is indispensable
> for evaluating the limitations, reliability, and security of LS.
>
> LS seems to establish a P2P connection between host and attendees.
> What kind of encryption is used? Anything known about problems with
> firewalls? Any kind of certification involved while establishing the
> connection? What services are required? Does it make a difference
> whether the database is settled on a server or on a client PC? How
> does LS identify the attendee who made a specific change to the live
> shared notebook?
>
> Ricco.
>
>
|
|
Ricco Reimann wrote:
[Quoted Text] > I'm thinking about whether the Live Sharing Feature is recommendable for a
> SME environment or not.
I'm not familiar with the term - what does SME stand for in your case?
> LS seems to establish a P2P connection between host and attendees. What kind
> of encryption is used?
If the session is password-protected, livesharing uses 3DES encryption
(same as for password protected sections). If the session is not
password protected, encryption is not used and traffic is in cleartext.
> Anything known about problems with firewalls?
OneNote's live sharing relies on DirectPlay, so if you configure the
firewalls to allow DirectPlay traffic you shouldn't have any problems.
> Any kind of certification involved while establishing the connection?
> What services are required?
Not sure what you mean. What kind of certification/services do you have
in mind?
> How does LS identify the attendee who made a
> specific change to the live shared notebook?
If you right-click on a paragraph, you'll be able to see who was the
last person to modify it. This information is taken from the
username/initials entered when first launching Office, or as configured
in the options dialog.
|
|
|
|
"Erik Sojka (MVP)" wrote:
[Quoted Text] > The preferred method of sharing OneNote information is via a Shared Notebook.
That very well may be. But I heard that the synchronization of shared
notebooks is too slow. Let me give an example. For my opinion, a
brainstorming session requires a Live Sharing Session. LS is a really
interesting idea because you only share a small editable area of an
application: a digital whiteboard. Usually you have to share a desktop or an
application as a whole. And that's not what you when you work with your
colleagues.
"Erik Sojka (MVP)" wrote:
> A Live Sharing session is only between 2 peers.
Oops. 2 peers only? I don't understand. According to the online help there
is no limitation of the number of attendees. So, what does this mean?
Ricco.
|
|
"Ilya Koulchin" wrote:
[Quoted Text] > If the session is password-protected, livesharing uses 3DES encryption
> (same as for password protected sections). If the session is not
> password protected, encryption is not used and traffic is in cleartext.
Thank you for the details, Ilya.
> OneNote's live sharing relies on DirectPlay, so if you configure the
> firewalls to allow DirectPlay traffic you shouldn't have any problems.
DirectPlay? So, Live Sharing is inspired by the idea of a multiplayer game?
Well...
> > Any kind of certification involved while establishing the connection?
> > What services are required?
>
> Not sure what you mean. What kind of certification/services do you have
> in mind?
>
Certification refers to an authentification process. Erik pointed out that
there is no authentification. Please, think about the implementation of that.
BTW, this is also a must for shared notebooks. You said, the user name as
configured in the option dialog determines the displayed name of the last
person who modified a paragraph. But everybody can change the user
informations of OneNote on the fly. You see, what I am getting at?
Ricco.
|
|
Ricco Reimann wrote:
[Quoted Text] > "Ilya Koulchin" wrote:
>> OneNote's live sharing relies on DirectPlay, so if you configure the
>> firewalls to allow DirectPlay traffic you shouldn't have any problems.
>
> DirectPlay? So, Live Sharing is inspired by the idea of a multiplayer game?
I wouldn't say it's inspired by the idea of a multiplayer game, but it
does use the same underlying technology. DirectPlay provides many of the
needed features, and is a widely deployed platform, so it makes for a
convenient base on which to build the live sharing feature.
> Certification refers to an authentification process. Erik pointed out that
> there is no authentification. Please, think about the implementation of that.
You can use password protection to restrict access to the session. If
your live sharing session is password protected, only the people who
know the password will be able to join.
> BTW, this is also a must for shared notebooks.
Shared notebooks rely on file-level access control. You can configure
the folder containing the shared notebook to allow access only to
authorized users.
You said, the user name as
> configured in the option dialog determines the displayed name of the last
> person who modified a paragraph. But everybody can change the user
> informations of OneNote on the fly. You see, what I am getting at?
My guess is that you're worried about someone spoofing some other user,
or pretending to be Mickey Mouse?
At a fundamental level, it is impossible to prevent - if the user has
write access to the file, they can write whatever they want to it. Even
if OneNote were to prevent changing user names, or somehow enforce
pre-approved user names, it likely wouldn't take long for a tool to show
up to "fix" the names to whatever the user wanted.
On a more practical level, if you ask users to use their real names and
not spoof others it tends to work pretty well. If you need a greater
level of verifiability, you should probably consider some other system
with builtin auditing and change-tracking capabilities.
Ricco Reimann wrote:
> "Erik Sojka (MVP)" wrote:
>> A Live Sharing session is only between 2 peers.
>
> Oops. 2 peers only? I don't understand. According to the online help
there
> is no limitation of the number of attendees. So, what does this mean?
There is no builtin limit to the number of participants.
|
|
Many thanks for your detailed explanations, Ilya. That'll help me a lot.
May be I was a bit too schizophrenic when thinking about a possible spoofing
attack...
One more question. In another thread you differentiated between two forms of
rejoinig a session: by using the taskpane, or by using the infobar at the top
of
the section from the previous session. What's the difference, when the
previous session keeps running, i. e. the host didn't close the session?
Ricco.
|
|
Sorry, I meant "2 or more" peers. My emphasis was intended to be the P2P
aspect of the LS session, as opposed to the more robust client/server model
of the Shared Notebook.
=?Utf-8?B?UmljY28gUmVpbWFubg==?=
<RiccoReimann[ at ]discussions.microsoft.com> wrote in
news:9FFFA851-8E45-4BC6-82A2-5E31457CEB3C[ at ]microsoft.com:
[Quoted Text] > "Erik Sojka (MVP)" wrote:
>> The preferred method of sharing OneNote information is via a Shared
>> Notebook.
>
> That very well may be. But I heard that the synchronization of shared
> notebooks is too slow. Let me give an example. For my opinion, a
> brainstorming session requires a Live Sharing Session. LS is a really
> interesting idea because you only share a small editable area of an
> application: a digital whiteboard. Usually you have to share a desktop
> or an application as a whole. And that's not what you when you work
> with your colleagues.
>
> "Erik Sojka (MVP)" wrote:
>> A Live Sharing session is only between 2 peers.
>
> Oops. 2 peers only? I don't understand. According to the online help
> there is no limitation of the number of attendees. So, what does this
> mean?
>
> Ricco.
>
|
|
As people rely more on OneNote for official business, I can see a scenario
where notes taken during a meeting might be called into evidence. With the
product in its current form, it would be easy for a defense attorney to say
"That's not my client's ON notebook where the notes say 'I plan to embezzle
from the company and retire in Fiji.' Someone opened up the file, put my
client's name in the Options dialog box and wrote that!"
I don't know how one balances that corporate use (where an authenticated
user token can be validated, etc.) from the home/school use (where there
typically is no authentication).
Emails are extremely difficult to spoof without detection. Might ON notes
someday become as important as a type of business record?
Ilya Koulchin <ikoulchine[ at ]hotmail.com> wrote in
news:e93664AVJHA.5920[ at ]TK2MSFTNGP06.phx.gbl:
<snip>
[Quoted Text] > My guess is that you're worried about someone spoofing some other
> user, or pretending to be Mickey Mouse?
>
> At a fundamental level, it is impossible to prevent - if the user has
> write access to the file, they can write whatever they want to it.
> Even if OneNote were to prevent changing user names, or somehow
> enforce pre-approved user names, it likely wouldn't take long for a
> tool to show up to "fix" the names to whatever the user wanted.
>
> On a more practical level, if you ask users to use their real names
> and not spoof others it tends to work pretty well. If you need a
> greater level of verifiability, you should probably consider some
> other system with builtin auditing and change-tracking capabilities.
>
|
|
"Erik Sojka (MVP)" wrote:
[Quoted Text] > As people rely more on OneNote for official business, I can see a scenario
> where notes taken during a meeting might be called into evidence. With the
> product in its current form, it would be easy for a defense attorney to say
> "That's not my client's ON notebook where the notes say 'I plan to embezzle
> from the company and retire in Fiji.' Someone opened up the file, put my
> client's name in the Options dialog box and wrote that!"
>
> I don't know how one balances that corporate use (where an authenticated
> user token can be validated, etc.) from the home/school use (where there
> typically is no authentication).
>
> Emails are extremely difficult to spoof without detection. Might ON notes
> someday become as important as a type of business record?
>
> Ilya Koulchin <ikoulchine[ at ]hotmail.com> wrote in
> news:e93664AVJHA.5920[ at ]TK2MSFTNGP06.phx.gbl:
>
> <snip>
> > My guess is that you're worried about someone spoofing some other
> > user, or pretending to be Mickey Mouse?
> >
> > At a fundamental level, it is impossible to prevent - if the user has
> > write access to the file, they can write whatever they want to it.
> > Even if OneNote were to prevent changing user names, or somehow
> > enforce pre-approved user names, it likely wouldn't take long for a
> > tool to show up to "fix" the names to whatever the user wanted.
> >
> > On a more practical level, if you ask users to use their real names
> > and not spoof others it tends to work pretty well. If you need a
> > greater level of verifiability, you should probably consider some
> > other system with builtin auditing and change-tracking capabilities.
> >
>
|
|
Erik, this is exactly what I had in mind when suggesting an authentication
mechanism.
May be that OneNote is currently not in common use in the business world,
but this could change rapidly. Combined with a pen tablet or even a TabletPC
the difference between writing down a note on a sheet of paper and creating a
note in OneNote disappears. But at the same time the need for making multiple
copies of records as part of the preparation of a meeting disappears. In a
scenario like that, to get ready for a meeting is nearly the same as
distributing records. That's really economical. Therefore, for my opinion
it's only a matter of time until people in the business world go tapping the
full potential of OneNote.
The point is: As long as OneNote is used only for personal notes, privacy
laws is a heavyweight lock for notebooks, - at least in Germany (This is
where I come from; what about the situation in the U.S.?). But using OneNote
to exchange ideas and drafts is what opens this lock immediately. And there
you are: The notebook turns into a collection of mental snapshots and is
reflecting a network of responsibilities.
So, what does this say to us? I think, the true potential of OneNote lies in
the sharing features of this program. But there are two sides of this coin.
Ilya emphasizes the team work in "good times": In "good times" every member
of a team is every member's friend. And what about the "bad times"? In "bad
times" all filed business data could be of value for a war at the law court.
And where big money is involved there is only a small step to record
manipulations. So, what we really need is the OPTION to authenticate users, -
just like in Outlook. And this option should be given the host of a live
sharing session resp. the creator of a shared OneNote ressource. It's his
responsibility to define the need for authentication. It's the same as in the
physical world: Usually you want to know who made a contribution. If not:
What is it good for to store the name of the contributor in the properties of
a note? The implementation of this property is a natural reflection of our
desire for knowing our counterpart while interchanging ideas in a business
context.
Ricco.
"Erik Sojka (MVP)" wrote:
[Quoted Text] > As people rely more on OneNote for official business, I can see a scenario
> where notes taken during a meeting might be called into evidence. With the
> product in its current form, it would be easy for a defense attorney to say
> "That's not my client's ON notebook where the notes say 'I plan to embezzle
> from the company and retire in Fiji.' Someone opened up the file, put my
> client's name in the Options dialog box and wrote that!"
>
> I don't know how one balances that corporate use (where an authenticated
> user token can be validated, etc.) from the home/school use (where there
> typically is no authentication).
>
> Emails are extremely difficult to spoof without detection. Might ON notes
> someday become as important as a type of business record?
>
> Ilya Koulchin <ikoulchine[ at ]hotmail.com> wrote in
> news:e93664AVJHA.5920[ at ]TK2MSFTNGP06.phx.gbl:
>
> <snip>
> > My guess is that you're worried about someone spoofing some other
> > user, or pretending to be Mickey Mouse?
> >
> > At a fundamental level, it is impossible to prevent - if the user has
> > write access to the file, they can write whatever they want to it.
> > Even if OneNote were to prevent changing user names, or somehow
> > enforce pre-approved user names, it likely wouldn't take long for a
> > tool to show up to "fix" the names to whatever the user wanted.
> >
> > On a more practical level, if you ask users to use their real names
> > and not spoof others it tends to work pretty well. If you need a
> > greater level of verifiability, you should probably consider some
> > other system with builtin auditing and change-tracking capabilities.
> >
>
|
|
Ricco Reimann wrote:
[Quoted Text] > One more question. In another thread you differentiated between two forms of
> rejoinig a session: by using the taskpane, or by using the infobar at the top
> of
> the section from the previous session. What's the difference, when the
> previous session keeps running, i. e. the host didn't close the session?
Theoretically, there shouldn't be any difference. IIRC, the OP was
having problems rejoining a section from a previous session, and I was
wondering if rejoining from the taskpane might discard/ignore the
previous session ID, while rejoining via the infobar might allow to
rejoin with the section from the previous session.
|
|
|