Abstracts

 

Juan Carlos Cruellas

'Digital Signature Security / European Telecommunications Standards Institute'

The session summarizes the work performed by two standardization organizations in the area of electronic signatures, namely OASIS (and more specifically its DSS and DSS-X TCs) and ETSI (European Telecommunications Standards Institute) in the area of electronic signatures. Firstly, it will review the work developed by the now closed OASIS Digital Signature Services TC and the continuation work that the recently created OASIS Digital Signature Services eXtended, has started. This part will focus on the already existing standards produced by the DSS TC and the new standards that are being developed within DSS-X TC. Secondly, this session will review the work performed by the ETSI's Electronic Signatures and Infrastructure (ESI) TC, a committee devoted to develop European Standards for electronic signatures. This part will review the major contributions of this committee in this area, which includes, among others, certificate profiles, time-stamp profiles, XAdES, etc, and will show relationships with current OASIS standards.


Andre Durand

'Opening Keynote - Unlocking the potential of identity federation'

2007 has been a very exciting year for security professionals, federated identity management finds itself on the cusp of industry-wide breakout. With the promise of true identity portability, privacy and user control in the balance, now more than ever is a time for us to work collaboratively towards achieving the nirvana of "identity dial-tone."

Achieving a tipping point in federation hasn't come easy, but this session will explore the underlying forces at play and provide a perspective on how several seemingly competitive approaches simultaneously attacking the same problem has accelerated what will be the inevitable outcome.

 

Martin Euchner

'Filling the Gaps of IdM in Third and in Next Generation Networks - Standardized Network-centric IdM as an enabler for secure applications'

Strong identities are a prerequisite for secure and trustworthy e-business in third and next generation networks (NGN). Those NGNs need to leverage such identities for the purpose of secure identification and authentication (user/device), towards establishing secure communications and for protection of the network infrastructure. Network-centric IdM is an approach where NGN providers host identity management (or use identity services from third party identity providers) for enabling access to the NGN. Application-centric IdM enables applications and services and when linked to network-based IdM, yields consistent provider-centric IdM.
The Generic Authentication Architecture (GAA) and the Generic Bootstrapping Architecture (GBA) developed by the Third Generation Partnership Project (3GPP) lay down a standardized approach for network-centric IdM using 3G security and xSIM-based identity infrastructure in third generation mobile networks, and with applied interworking extensions towards foreseen NGN applications.

 

Anthony Nadalin

'Eclipse Project Higgins'

Almost all online activities – sending emails, filing tax declarations, managing bank accounts, buying goods, playing games, connecting to a company intranet, meeting people in a virtual world, etc., etc. – require identity information to be given from one party to another. The abundance of different situations and types of identity information suggests the need for a flexible and user-centric identity management infrastructure. It must be flexible to support the multitude of identity mechanisms and protocols that exist and are still emerging, and the different types of platforms, applications and service-oriented architecture patterns in use. It must be user-centric since the end users are at the core of identity management: the infrastructure must empower the end users to execute effective controls over their identity information. These requirements have far reaching consequences, not only on the user-interfaces of the identity management system but also on the infrastructure itself and how it must be built.

Major technology suppliers such as IBM, Novell, Microsoft, Verisign, major financial institutions, and governments are placing large bets in this area to gain advantage.This presentation provides a analysis of the business requirements and technical options for a flexible and user-centric identity management infrastructure, and outlines an open architecture for meeting these requirements. There is the strong need for all parties, including industry and end users, to agree on such a common layer, bridging the existing islands of identity management systems, and encouraging the development and easy deployment of new systems with improved security and privacy properties. This sesssion will discuss what the Eclopse Higgins project is doing relative to open source projects in this space.

 

Eve Maler

'Mashing Up, Wiring Up, Gearing Up: Solving Multi-Protocol Problems in Identity'

It's a fact of life. Today's deployers have a veritable cornucopia of technologies available for federated identity -- including several that seem to do similar jobs. The Project Concordia community has been canvassing enterprise-level users to identify improvements that could be made to the interworking of specific technologies they care (or worry!) about, and is facilitating the creation of API-level and protocol-level solutions.Eve will describe the hottest topics uncovered by Concordia and the next steps being undertaken.

 

Arshad Noor

'Enterprise Key Management Infrastructure (EKMI)'

For over two decades, companies have been focused on protecting the perimeter through the use of firewalls, intrusion prevention systems and other access control mechanisms. This hard exterior and soft center of the vast majority of companies now haunts the industry as one company after another divulges breaches to sensitive customer data in every consumer focused sector - financial, retail, healthcare, education and government. Securing the core - the data - through enterprise-wide encryption has not been an option for most companies due to the lack of standards in symmetric key-management. The OASIS Enterprise Key Management Infrastructure Technical Committee (EKMI TC) has accepted the challenge to standardize the Symmetric Key Services Markup Language (SKSML), to create implementations and Operations Guidelines for the creation of enterprise-scale EKMI, to create Audit Guidelines for Information Security Auditors to audit EKMIs, and to create an interoperability test-suite for conformance testing of SKSML implementations.

In this session, you will hear of an architecture and see an open-source implementation of an SKMS implementing the proposed SKSML standard. You will understand how to secure your data across the entire enterprise while controlling access to its decryption keys froma single focal point.

 

John Sabo

'Strange Bedfellows: Challenges for Identity Management and Trust in Data Privacy and in Government-Private Sector Information Sharing Systems for Critical Infrastructure Protection'


Identity management challenges are rapidly emerging from two distinct, but converging public policy operational areas: the networked sharing of sensitive information for critical infrastructure protection and data privacy. Although data privacy tensions exist in the use of personally identifiable information for ‘national security’ purposes, data privacy policies and information sharing systems can co-exist with a trusted and interoperable identity management policy and implementation foundation. For business and government managers, IT security professionals and the standards community, understanding the relationship among identity and identity management systems, information sharing systems and core information privacy requirements is both a critical challenge and an opportunity. But work must begin now, or the information sharing infrastructures being designed will have serious security and privacy vulnerabilities.


Marcus T. Salo

'Digital Trust and Shared Identity Management Across Company Borders - Policies, Processes and Agreement Issues to be Considered'

Identity Management projects are the textbook examples demonstrating the need to address policies, processes and agreements in parallel with technical issues in order to succeed. These aspects become even more pronounced when identity management responsibility is shared with another, foreign organization. The Nokia case study will discuss how these non-technical issues were addressed alongside the technology deployment in a shared Identity and Access Management environment.