DIMACS Workshop on Security of Web Services and E-Commerce
*Pre-registration deadline: April 28, 2005* *** DIMACS Workshop on Security of Web Services and E-Commerce May 5 - 6, 2005 DIMACS Center, Rutgers University, Piscataway, NJ Organizer: Brian LaMacchia, Microsoft, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. The growth of Web Services, and in particular electronic commerce activities based on them, is quickly being followed by work on Web Services security protocols. While core XML security standards like XMLDSIG, XMLENC and WS-Security have been completed, they only provide the basic building blocks of authentication, integrity protection and confidentiality for Web Services. Additional Web Services standards and protocols are required to provide higher-order operations such as trust management, delegation, and federation. At the same time, the sharp rise in "phishing" attacks and other forms of on-line fraud simply confirms that all our work on security protocols is for naught if we cannot make it both possible and easy for the average user to discover when a security property has failed during a transaction. This workshop aims to explore these areas as well as other current and future security and privacy challenges for Web Services applications and e-commerce. ** Workshop Program: This is a preliminary program subject to change. Thursday, May 5, 2005 8:00 - 9:00 Breakfast and Registration 9:00 - 9:15 Welcome & Opening Remarks 9:15 - 9:45 On the relation between Web Services Security and traditional protocols Eldar Kleiner and A.W. Roscoe, Oxford University Computing Laboratory, UK 9:45 - 10:15 Verification Tools for Web Services Security Cédric Fournet, Microsoft Research -- Cambridge, UK 10:15 - 10:30 Break 10:30 - 11:00 Flexible Regulation of Virtual Enterprises Naftaly Minsky, Rutgers University 11:00 - 11:30 Negotiated Security and Privacy Policies for Web Services George Yee, National Research Council 11:30 - 12:00 Regulating Synchronous Communication, and its Applications to Web-Services Constantin Serban, Rutgers University 12:00 - 1:30 Lunch 1:30 - 2:00 Scalable Configuration Management For Secure Web Services Infrastructure Sanjai Narain, Telcordia Technologies, Inc., USA 2:00 - 2:30 Automating Deployment Configuration of Web Services Security J. Micallef, B. Falchuk and C. Chung, Telcordia Technologies, Inc., USA 2:30 - 3:00 Software Based Acceleration Methods for XML Signature Youjin Song and Yuliang Zheng, UNC-Charlotte, USA 3:00 - 3:30 Analysis of aspects of XML & WS-* that make hardware optimizations harder or easier Eugene Kuznetsov, DataPower Technology, Inc., USA 3:30 - 3:45 Break 3:45 - 4:15 XACML and role-based access control Jason Crampton, Royal Holloway, University of London, UK 4:15 - 4:45 Use of REL Tokens for Higher-order Operations Thomas DeMartini, ContentGuard, USA 4:45 - 5:15 Electronic Document Authorization: A Case for Practical, Secure Delegation and Authorization Young H. Etheridge Friday, May 6, 2005 8:00 - 9:00 Breakfast & Registration 9:00 - 9:30 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Constantin Serban, Wenxuan Zhang and Naftaly Minsky, Rutgers University 9:30 - 10:00 A Negotiation-based Access Control Model for Web Services Elisa Bertino, Purdue University , A. C. Squicciarini and L. Martino, University of Milano, Italy 10:00 - 10:30 Using Certified Policies to Regulate E-Commerce Victoria Ungureanu, Rutgers University 10:30 - 10:45 Break 10:45 - 11:15 Active Intermediaries in Web Service and E-Commerce Environments John Linn, RSA Laboratories 11:15 - 11:45 Web services and Federated Identity Management Birgit Pfitzmann, IBM Zurich Research Lab, Switzerland 11:45 - 12:15 Web Services Architecture and the Old World Philip Hallam-Baker 12:15 - 1:45 Lunch 1:45 - 2:15 On-line Certificate Validation via LDAP Component Matching Jong Hyuk Choi, Sang Seok Lim, IBM T. J. Watson Research Center, and Kurt D. Zeilenga, IBM Linux Technology Center 2:15 - 2:45 A Convenient Method for Securely Managing Passwords Brent Waters, Stanford University, Alex Halderman, and Ed Felten, Princeton University 2:45 - 3:00 Break 3:00 - 3:30 Identifying Malicious Web Re
DIMACS Workshop on Security of Web Services and E-Commerce
***CFP DEADLINE EXTENDED to Friday, February 11, 2005*** *** DIMACS Workshop on Security of Web Services and E-Commerce May 5 - 6, 2005 DIMACS Center, Rutgers University, Piscataway, NJ Organizer: Brian LaMacchia, Microsoft, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. The growth of Web Services, and in particular electronic commerce activities based on them, is quickly being followed by work on Web Services security protocols. While core XML security standards like XMLDSIG, XMLENC and WS-Security have been completed, they only provide the basic building blocks of authentication, integrity protection and confidentiality for Web Services. Additional Web Services standards and protocols are required to provide higher-order operations such as trust management, delegation, and federation. At the same time, the sharp rise in "phishing" attacks and other forms of on-line fraud simply confirms that all our work on security protocols is for naught if we cannot make it both possible and easy for the average user to discover when a security property has failed during a transaction. This workshop aims to explore these areas as well as other current and future security and privacy challenges for Web Services applications and e-commerce. ** Participation: The workshop will be open to the public (no submission is necessary to attend but please register online). If you'd like to give a presentation please send a title and abstract to: [EMAIL PROTECTED] by February 11, 2005. Submissions may describe ongoing or planned work related to the security of Web Services and electronic commerce, or they may discuss important research problems or propose a research agenda in this area. Also, we intend this to be a participatory and interactive meeting so we hope you will be able to contribute to the meeting even without giving an announced talk. * Registration: Pre-registration deadline: April 28, 2005 Please see website for complete registration information: http://dimacs.rutgers.edu/Workshops/Commerce/ * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/Commerce/ **PLEASE BE SURE TO PRE-REGISTER EARLY** - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
DIMACS Workshop on Security of Web Services and E-Commerce
Call for Participation Deadline January 17, 2005 *** DIMACS Workshop on Security of Web Services and E-Commerce May 5 - 6, 2005 DIMACS Center, Rutgers University, Piscataway, NJ Organizer: Brian LaMacchia, Microsoft, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. The growth of Web Services, and in particular electronic commerce activities based on them, is quickly being followed by work on Web Services security protocols. While core XML security standards like XMLDSIG, XMLENC and WS-Security have been completed, they only provide the basic building blocks of authentication, integrity protection and confidentiality for Web Services. Additional Web Services standards and protocols are required to provide higher-order operations such as trust management, delegation, and federation. At the same time, the sharp rise in "phishing" attacks and other forms of on-line fraud simply confirms that all our work on security protocols is for naught if we cannot make it both possible and easy for the average user to discover when a security property has failed during a transaction. This workshop aims to explore these areas as well as other current and future security and privacy challenges for Web Services applications and e-commerce. ** Participation: The workshop will be open to the public (no submission is necessary to attend). If you'd like to give a presentation please send a title and abstract to: [EMAIL PROTECTED] by January 17, 2005. Submissions may describe ongoing or planned work related to the security of Web Services and electronic commerce, or they may discuss important research problems or propose a research agenda in this area. Also, we intend this to be a participatory and interactive meeting so we hope you will be able to contribute to the meeting even without giving an announced talk. * Registration: Pre-registration deadline: April 28, 2005 Please see website for complete registration information: http://dimacs.rutgers.edu/Workshops/Commerce/ * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/Commerce/ **PLEASE BE SURE TO PRE-REGISTER EARLY** - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
DIMACS Workshop on Security of Web Services and E-Commerce
Call for Participation Deadline January 17, 2005 *** DIMACS Workshop on Security of Web Services and E-Commerce May 5 - 6, 2005 DIMACS Center, Rutgers University, Piscataway, NJ Organizer: Brian LaMacchia, Microsoft, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. The growth of Web Services, and in particular electronic commerce activities based on them, is quickly being followed by work on Web Services security protocols. While core XML security standards like XMLDSIG, XMLENC and WS-Security have been completed, they only provide the basic building blocks of authentication, integrity protection and confidentiality for Web Services. Additional Web Services standards and protocols are required to provide higher-order operations such as trust management, delegation, and federation. At the same time, the sharp rise in "phishing" attacks and other forms of on-line fraud simply confirms that all our work on security protocols is for naught if we cannot make it both possible and easy for the average user to discover when a security property has failed during a transaction. This workshop aims to explore these areas as well as other current and future security and privacy challenges for Web Services applications and e-commerce. ** Participation: The workshop will be open to the public (no submission is necessary to attend). If you'd like to give a presentation please send a title and abstract to [EMAIL PROTECTED] by January 17, 2005. Submissions may describe ongoing or planned work related to the security of Web Services and electronic commerce, or they may discuss important research problems or propose a research agenda in this area. Also, we intend this to be a participatory and interactive meeting so we hope you will be able to contribute to the meeting even without giving an announced talk. * Registration: Pre-registration deadline: April 28, 2005 Please see website for complete registration information: http://dimacs.rutgers.edu/Workshops/Commerce/ * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/Commerce/ **PLEASE BE SURE TO PRE-REGISTER EARLY** - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
