PLENARY SESSION: WORKING ACROSS BORDERS Session Chair: Pim van der Eijk, OASIS
09:00
Opening Remarks Paul Lipton, Advisor and Sr. Architect, Industry Standards and Open Source, CA Inc.
Working Jointly to Tackle e-Crimes
Information Communication and Internet technology are
evolving at a tremendous pace, and whilst this is providing vast opportunities
for legitimate users, it is also giving criminals similar opportunities. The
global cost of e-crime is currently estimated to be one trillion pounds
sterling a year, and this type of crime has no regional, national or
international boundaries.
It strikes at the heart of the economy
and the transformation of business into an information society. It is a problem
that will continue to grow and doing nothing to address the problem is not an
option.
In partnership we need to:
Raise awareness and define what constitutes e-crime.
Make e-crime visible and encourage
businesses to report e-crimes.
Encourage all to increase the resources available to tackle e-crimes.
It is a global problem and there should be
multi-agency involvement and commitment, including private sector
representatives, in setting e-security standards. One size does not fit all and
a generic approach is entirely appropriate.
Prevention is better than cure. Awareness raising,
education, and technical support to prevent e-crime is essential, but without
discouraging the development of e-commerce.
The main priority for us, as a small part of the global community must
be to take steps that ensure the security of data and the systems that hold it,
rather than on detecting crime once it has been committed. It is this proactive
approach that can make a real difference.
Keynote Speaker: Paul Wright, e-Crimes Security Consultant and Detective Sergeant, City of London Police
09:45
Getting to Grips with e-ID Interoperability with a Perspective on the STORK LSP
This presentation will focus on the challenges presented by national e-ID schemes and the need for robust interoperability standards, both across Europe and globally.
Speaker: Roger Dean, Executive Director, eema
10:15
Mapping IDABC Assurance Levels to Authentication Context for OASIS SAML V2.0
The goal of this presentation is to demonstrate the XML schemas and possible
extensions needed for mapping IDABC Authentication Assurance Levels (AAL) to OASIS
Authentication Context for SAML v2.0. The conversation which will take place will
focus on the results of a European Network and Information Security Agency's (ENISA)
study on the use of IDABC Authentication Model expressed using a global standard.
IDABC (Interoperable Delivery of European e-Government Services to public
Administrations, Businesses and Citizens) is a pan-European program to encourage and
support the delivery of cross-border public sector services to citizens and
enterprises in Europe by means of IT and communication technologies.
Speaker: Konstantinos Moulinos, Seconded National Expert, ENISA
10:45
Break
WORKING ACROSS BORDERS SESSION (CONTINUED)
Session Chair: John Borras, Pensive SA
11:00
Delivering Stronger Authentication in a Environment of SAML Federations
In New Zealand, the government uses OASIS SAML federations to deliver shared
authentication and identity management services in a privacy positive manner to
New Zealanders. This presentation looks at a risk based approach to improving
the security of online services by adapting techniques such as context sensitive
authentication and transaction authentication to a SAML based Identity
Provider.
Speaker: Bill Young, Programme Architect, New Zealand All of Government
Authentication Programme
11:30
eIdentity & Authentication
Governments internationally are working on solutions to perform online
government transactions. The need for citizens to authenticate their
electronic identity has increased strongly, as has the requirement to
protect sensitive data and privacy. Interoperability across agencies
requires adoption of standards from OASIS and other standards organizations, such as W3C.
The panel will discuss and compare key issues and requirements from
eIdentity projects globally.
Panelists:
Libor Neumann, IT /eGov
Consultant,ANECT a.s.
Bill Young, Programme Architect, New Zealand All of Government Authentication Programme
Olivier Djololian, Director, Cap Gemini Consulting
José Manuel Alonso, eGovernment Lead, W3C
12:45
Luncheon
BROWSER SECURITY & KEY MANAGEMENT SESSION Session Chair: Anil Saldhana, Red Hat
13:45
Security Advances in Modern Browsers
The speaker of this presentation will look at browser security as it has evolved,
and what security features are currently being added. The speaker will also review
what the good and the bad sides are?
Speaker: Yngve Pettersen, Chief Security Architect, Opera
14:15
PKI or Symmetric Key-Based Case Study
Integrating a PKI in an organization usually involves using a large number of
different standards and protocols, both open standards and proprietary protocols.
More and more applications surrounding the PKI are now using web services for
communication and the usage of web services are definitely increasing. Currently the
only well known XML PKI protocol is XKMS, which has failed to gather wide acceptance
in the market place. More wide-spread are binary protocols such as CMP and SCEP and
more basic, usually home grown, HTTP protocols based on PKCS#10 and PKCS#7. The
speaker of this session will address several case studies, as well as talk about the
future of key management and how symmetric key management standardization efforts
such as EKMI are beginning to specifying the messages and protocol for managing
symmetric keys in a secure and scalable way.
Speaker: Tomas Gustavsson, Co-Founder, PrimeKey Solutions AB
14:45
Break
PRIVACY & TRUST SESSION Session Chair: John Sabo, CA, Inc.
15:00
New Developments in Open Reputation Management Systems
The use of the Internet as a medium for social interaction, commerce, and
collaboration places new emphasis on the need for standard reputation mechanisms.
This session provides an overview of the work of the OASIS on Open Reputation
Management Systems that enable large sets of different and possibly contradictory
opinions about a person, company, or product to be evaluated in a fair and
meaningful way.
Speaker: Giles Hogben, Security Expert, European Network and Information Security Agency
15:00
Achieving Security, Privacy and Trust in Networked Systems
Customers and citizens expect that systems and networked applications ensure
privacy, security and trust. Such expectations are reflected in international
privacy law and regulatory policies; in security and IT governance standards; and
the increasing concern for reputation management in the online world. This panel
provides an overview of legal and societal expectations for secure, trusted,
privacy-managed systems and updates the progress made by the International Security
Trust and Privacy Alliance (ISTPA) as it undertakes a major revision to its privacy
management Framework v1.1, addressing privacy policy management and operational
interoperability.
Speakers: John Sabo, Director, Global Government Relations, CA, Inc., and Mike Small, Principal Consultant Security Management EMEA, CA, Inc.
16:15
Mini-Break
PRIVACY & TRUST SESSION (CONTINUED)
Session Chair: Pim van der Eijk, OASIS
16:30
Electronic Invoicing Panel: Confidentiality, Authentication, Reputation
Securing electronic invoicing and payments has always been a challenge in today's
society. Speaker in this session will address many of the current concerns such as:
protecting the integrity and confidentiality of invoices and payments,
authenticating the identity of business partners, and using electronic signatures to
provide non-repudiation.
Panelists:
Joao Frade, Principal Advisor, PricewaterhouseCoopers