2009 Proceeding- Editors:
- Kent Seamons,
- Neal McBurnett,
- Tim Polk
Welcome to the 8th Symposium on Identity and Trust on the Internet (IDtrust 2009). This symposium brings together academia, government, and industry to explore all aspects of identity and trust. IDtrust is devoted to research and deployment experience related to making good security decisions based on identity information, especially when public key cryptography is used and the human elements of usability are considered. We aim to get practitioners in different sectors together to apply the lessons of real-world deployments to the latest research and ideas on the horizon.
The technical program includes 10 peer-reviewed papers that were accepted from 30 submissions, giving an acceptance rate of 33%. Each paper received an average of 4 reviews by members of the program committee. We especially thank members of the program committee that shepherded several papers during final revisions, continuing our tradition of quality peer review. In addition to the technical papers, the program also includes invited talks, panels, and a work-in-progress (RUMP) session.
The topics in this year's program cover a wide range of timely issues. Federations present challenging identity and trust issues, and we will explore high-level policy creation between organizations, usable technical approaches, and real-world use cases in incident response. We will also explore scalability issues in federations. Panel presentations will include lively discussions that compare alternative approaches to authentication and authorization. We will also explore strategies for designing systems that resist vulnerabilities in the underlying cryptography primitives. The browser has become the de facto client platform, and advances in browser security will be explored.
Proceeding Downloads
Identity, credential, and access management at NASA, from Zachman to attributes
To achieve the ultimate goal of attribute-based access control (ABAC), a robust architecture for Identity, Credential, and Access Management must first be established. The National Aeronautics and Space Administration (NASA) began formal development of ...
Personal identity verification (PIV) cards as federated identities: challenges and opportunities
In this paper, we describe the challenges in using Personal Identity Verification (PIV) cards and PIV-like cards as federated identities to authenticate to US Federal government facilities and systems. The current set of specifications and policies ...
A calculus of trust and its application to PKI and identity management
We introduce a formal semantics based calculus of trust that explicitly represents trust and quantifies the risk associated with trust in public key infrastructure (PKI) and identity management (IdM). We then show by example how to formally represent ...
Palantir: a framework for collaborative incident response and investigation
Organizations owning cyber-infrastructure assets face large scale distributed attacks on a regular basis. In the face of increasing complexity and frequency of such attacks, we argue that it is insufficient to rely on organizational incident response ...
Safeguarding digital identity: the SPICI (Sharing Policy, Identity, and Control Information) approach to negotiating identity federation and sharing agreements
To perform key business functions, organizations in critical infrastructure sectors such as healthcare or finance increasingly need to share identifying and authorization-related information. Such information sharing requires negotiation about identity ...
Usable trust anchor management
Security in browsers is based upon users trusting a set of root Certificate Authorities (called Trust Anchors) which they may know little or nothing about. Browser vendors face a difficult challenge to provide an appropriate interface for users. ...
Privacy-preserving management of transactions' receipts for mobile environments
Users increasingly use their mobile devices for electronic transactions to store related information, such as digital receipts. However, such information can be target of several attacks. There are some security issues related to M-commerce: the loss or ...
Quantum resistant public key cryptography: a survey
Public key cryptography is widely used to secure transactions over the Internet. However, advances in quantum computers threaten to undermine the security assumptions upon which currently used public key cryptographic algorithms are based. In this paper,...
FileSpace: an alternative to CardSpace that supports multiple token authorisation and portability between devices
This paper describes a federated identity management system based on long lived encrypted credential files rather than virtual cards and short lived assertions. Users obtain their authorisation credential files from their identity providers and have ...
Usable secure mailing lists with untrusted servers
Mailing lists are a natural technology for supporting messaging in multi-party, cross-domain collaborative tasks. However, whenever sensitive information is exchanged on such lists, security becomes crucial. We have earlier developed a prototype secure ...
