Open Standards Forum 2008 - Security Challenges for the Information Society, 30 September - 1 October 2008, Ditton Manor, Near London

Thursday, 2 October

WEDNESDAY PROGRAMME / FRIDAY PROGRAMME

*subject to change


Forum Programme (Day 2)

08:30 Coffee & Registration
  PLENARY SESSION: WORKING ACROSS BORDERS
Session Chair: Pim van der Eijk, OASIS
09:00
Opening Remarks
Paul Lipton, Advisor and Sr. Architect, Industry Standards and Open Source, CA Inc.

 Working Jointly to Tackle e-Crimes
 Information Communication and Internet technology are evolving at a tremendous pace, and whilst this is providing vast opportunities for legitimate users, it is also giving criminals similar opportunities. The global cost of e-crime is currently estimated to be one trillion pounds sterling a year, and this type of crime has no regional, national or international boundaries.

It strikes at the heart of the economy and the transformation of business into an information society. It is a problem that will continue to grow and doing nothing to address the problem is not an option.

In partnership we need to:
  • Raise awareness and define what constitutes e-crime.
  • Make e-crime visible and encourage businesses to report e-crimes.
  • Encourage all to increase the resources available to tackle e-crimes.

It is a global problem and there should be multi-agency involvement and commitment, including private sector representatives, in setting e-security standards. One size does not fit all and a generic approach is entirely appropriate. Prevention is better than cure. Awareness raising, education, and technical support to prevent e-crime is essential, but without discouraging the development of e-commerce.

The main priority for us, as a small part of the global community must be to take steps that ensure the security of data and the systems that hold it, rather than on detecting crime once it has been committed. It is this proactive approach that can make a real difference.

Keynote Speaker: Paul Wright, e-Crimes Security Consultant and Detective Sergeant, City of London Police

09:45

Getting to Grips with e-ID Interoperability with a Perspective on the STORK LSP
This presentation will focus on the challenges presented by national e-ID schemes and the need for robust interoperability standards, both across Europe and globally.

Speaker: Roger Dean, Executive Director, eema
10:15
Mapping IDABC Assurance Levels to Authentication Context for OASIS SAML V2.0
The goal of this presentation is to demonstrate the XML schemas and possible extensions needed for mapping IDABC Authentication Assurance Levels (AAL) to OASIS Authentication Context for SAML v2.0. The conversation which will take place will focus on the results of a European Network and Information Security Agency's (ENISA) study on the use of IDABC Authentication Model expressed using a global standard. IDABC (Interoperable Delivery of European e-Government Services to public Administrations, Businesses and Citizens) is a pan-European program to encourage and support the delivery of cross-border public sector services to citizens and enterprises in Europe by means of IT and communication technologies.

Speaker: Konstantinos Moulinos, Seconded National Expert, ENISA
10:45 Break
  WORKING ACROSS BORDERS SESSION (CONTINUED)
Session Chair: John Borras, Pensive SA
11:00

Delivering Stronger Authentication in a Environment of SAML Federations

In New Zealand, the government uses OASIS SAML federations to deliver shared authentication and identity management services in a privacy positive manner to New Zealanders. This presentation looks at a risk based approach to improving the security of online services by adapting techniques such as context sensitive authentication and transaction authentication to a SAML based Identity Provider.

Speaker: Bill Young, Programme Architect, New Zealand All of Government Authentication Programme

11:30

eIdentity & Authentication
Governments internationally are working on solutions to perform online government transactions. The need for citizens to authenticate their electronic identity has increased strongly, as has the requirement to protect sensitive data and privacy. Interoperability across agencies requires adoption of standards from OASIS and other standards organizations, such as W3C. The panel will discuss and compare key issues and requirements from eIdentity projects globally.

Panelists:

  • Libor Neumann, IT /eGov Consultant, ANECT a.s.
  • Bill Young, Programme Architect, New Zealand All of Government Authentication Programme
  • Olivier Djololian, Director, Cap Gemini Consulting
  • José Manuel Alonso, eGovernment Lead, W3C
12:45 Luncheon
  BROWSER SECURITY & KEY MANAGEMENT SESSION
Session Chair: Anil Saldhana, Red Hat
13:45

Security Advances in Modern Browsers
The speaker of this presentation will look at browser security as it has evolved, and what security features are currently being added. The speaker will also review what the good and the bad sides are?

Speaker: Yngve Pettersen, Chief Security Architect, Opera
14:15
PKI or Symmetric Key-Based Case Study
Integrating a PKI in an organization usually involves using a large number of different standards and protocols, both open standards and proprietary protocols. More and more applications surrounding the PKI are now using web services for communication and the usage of web services are definitely increasing. Currently the only well known XML PKI protocol is XKMS, which has failed to gather wide acceptance in the market place. More wide-spread are binary protocols such as CMP and SCEP and more basic, usually home grown, HTTP protocols based on PKCS#10 and PKCS#7. The speaker of this session will address several case studies, as well as talk about the future of key management and how symmetric key management standardization efforts such as EKMI are beginning to specifying the messages and protocol for managing symmetric keys in a secure and scalable way.

Speaker: Tomas Gustavsson, Co-Founder, PrimeKey Solutions AB
14:45 Break
  PRIVACY & TRUST SESSION
Session Chair: John Sabo, CA, Inc.
15:00
New Developments in Open Reputation Management Systems
The use of the Internet as a medium for social interaction, commerce, and collaboration places new emphasis on the need for standard reputation mechanisms. This session provides an overview of the work of the OASIS on Open Reputation Management Systems that enable large sets of different and possibly contradictory opinions about a person, company, or product to be evaluated in a fair and meaningful way.

Speaker: Giles Hogben, Security Expert, European Network and Information Security Agency
15:00

Achieving Security, Privacy and Trust in Networked Systems
Customers and citizens expect that systems and networked applications ensure privacy, security and trust. Such expectations are reflected in international privacy law and regulatory policies; in security and IT governance standards; and the increasing concern for reputation management in the online world. This panel provides an overview of legal and societal expectations for secure, trusted, privacy-managed systems and updates the progress made by the International Security Trust and Privacy Alliance (ISTPA) as it undertakes a major revision to its privacy management Framework v1.1, addressing privacy policy management and operational interoperability.

Speakers: John Sabo, Director, Global Government Relations, CA, Inc., and Mike Small, Principal Consultant Security Management EMEA, CA, Inc.

16:15 Mini-Break
  PRIVACY & TRUST  SESSION (CONTINUED)
Session Chair: Pim van der Eijk, OASIS
16:30

Electronic Invoicing Panel: Confidentiality, Authentication, Reputation
Securing electronic invoicing and payments has always been a challenge in today's society. Speaker in this session will address many of the current concerns such as: protecting the integrity and confidentiality of invoices and payments, authenticating the identity of business partners, and using electronic signatures to provide non-repudiation.

Panelists:

  • Joao Frade, Principal Advisor, PricewaterhouseCoopers
  • Nick Pope, Principal Consultant, Thales-eSecurity
  • Peter Guldentops, Program Director, TWIST