DIMACS Workshop on Security of Web Services and E-Commerce

Linda Casals lindac at dimacs.rutgers.edu
Tue Apr 5 09:44:24 EDT 2005


*********Pre-registration deadline: April 28, 2005*************
***************************************************************

DIMACS Workshop on Security of Web Services and E-Commerce

     May 5 - 6, 2005     
     DIMACS Center, Rutgers University, Piscataway, NJ

Organizer: 

      Brian LaMacchia, Microsoft, bal at microsoft.com 
   
Presented under the auspices of the Special Focus on Communication
Security and Information Privacy.

    ************************************************

 The growth of Web Services, and in particular electronic commerce
activities based on them, is quickly being followed by work on Web
Services security protocols. While core XML security standards like
XMLDSIG, XMLENC and WS-Security have been completed, they only provide
the basic building blocks of authentication, integrity protection and
confidentiality for Web Services. Additional Web Services standards
and protocols are required to provide higher-order operations such as
trust management, delegation, and federation. At the same time, the
sharp rise in "phishing" attacks and other forms of on-line fraud
simply confirms that all our work on security protocols is for naught
if we cannot make it both possible and easy for the average user to
discover when a security property has failed during a
transaction. This workshop aims to explore these areas as well as
other current and future security and privacy challenges for Web
Services applications and e-commerce.


**************************************************************
Workshop Program:
This is a preliminary program subject to change.

Thursday, May 5, 2005

 8:00 -  9:00 Breakfast and Registration

 9:00 -  9:15 Welcome & Opening Remarks

 9:15 -  9:45 On the relation between Web Services Security and traditional protocols
              Eldar Kleiner and A.W. Roscoe, Oxford University Computing Laboratory, UK

 9:45 - 10:15 Verification Tools for Web Services Security
              Cédric Fournet, Microsoft Research -- Cambridge, UK

10:15 - 10:30 Break

10:30 - 11:00 Flexible Regulation of Virtual Enterprises
              Naftaly Minsky, Rutgers University

11:00 - 11:30 Negotiated Security and Privacy Policies for Web Services
              George Yee, National Research Council
              
11:30 - 12:00 Regulating Synchronous Communication, and its Applications to Web-Services
              Constantin Serban, Rutgers University

12:00 -  1:30 Lunch

 1:30 -  2:00 Scalable Configuration Management For Secure Web Services Infrastructure
              Sanjai Narain, Telcordia Technologies, Inc., USA

 2:00 -  2:30 Automating Deployment Configuration of Web Services Security
              J. Micallef, B. Falchuk and C. Chung, Telcordia Technologies, Inc., USA
	
 2:30 -  3:00 Software Based Acceleration Methods for XML Signature
              Youjin Song and Yuliang Zheng, UNC-Charlotte, USA
 
 3:00 -  3:30 Analysis of aspects of XML & WS-* that make
              hardware optimizations harder or easier
              Eugene Kuznetsov, DataPower Technology, Inc., USA
 
 3:30 -  3:45 Break
 
 3:45 -  4:15 XACML and role-based access control
              Jason Crampton, Royal Holloway, University of London, UK
 
 4:15 -  4:45 Use of REL Tokens for Higher-order Operations
              Thomas DeMartini, ContentGuard, USA

 4:45 -  5:15 Electronic Document Authorization: A Case for 
              Practical, Secure Delegation and Authorization
              Young H. Etheridge

Friday, May 6, 2005

 8:00 -  9:00 Breakfast & Registration

 9:00 -  9:30 Towards Decentralized and Secure Electronic Marketplace
              Yingying Chen, Constantin Serban, Wenxuan Zhang and 
              Naftaly Minsky, Rutgers University

 9:30 - 10:00 A Negotiation-based Access Control Model for Web Services
              Elisa Bertino, Purdue University , A. C. Squicciarini and 
              L. Martino, University of Milano, Italy

10:00 - 10:30 Using Certified Policies to Regulate E-Commerce
              Victoria Ungureanu, Rutgers University
	
10:30 - 10:45 Break

10:45 - 11:15 Active Intermediaries in Web Service and E-Commerce Environments
              John Linn, RSA Laboratories
              
11:15 - 11:45 Web services and Federated Identity Management
              Birgit Pfitzmann, IBM Zurich Research Lab, Switzerland

11:45 - 12:15 Web Services Architecture and the Old World
              Philip Hallam-Baker
	
12:15 -  1:45 Lunch

 1:45 -  2:15 On-line Certificate Validation via LDAP Component Matching
              Jong Hyuk Choi, Sang Seok Lim, IBM T. J. Watson Research Center, and 
              Kurt D. Zeilenga, IBM Linux Technology Center
              
 2:15 -  2:45 A Convenient Method for Securely Managing Passwords
              Brent Waters, Stanford University, Alex Halderman, and 
              Ed Felten, Princeton University
	
 2:45 -  3:00 Break
 
 3:00 -  3:30 Identifying Malicious Web Requests through Changes 
              in Locality and Temporal Sequence
              Li-Chiou Chen, Pace University

 3:30 -  4:00 Tamper-Evident Digital Signatures: Protecting
              Certification Authorities Against Malware
              Jong Youl Choi, Markus Jakobsson, Indiana University and 
              Philippe Golle, Palo Alto Research Center
	
*********************************************************************
Registration:

Pre-registration deadline: April 28, 2005

Please see website for complete registration information:
http://dimacs.rutgers.edu/Workshops/Commerce/

*********************************************************************

Information on participation, registration, accomodations, and travel 
can be found at:

http://dimacs.rutgers.edu/Workshops/Commerce/

   **PLEASE BE SURE TO PRE-REGISTER EARLY**

********************************************************************



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list