:: Digital Identity Managment ::

Half-day Seminar on Identity & Privacy
Sponsored by EPSRC Interact India Project
30th June 2008
2:00 – 5:00PM
Birley Lecture Theatre, City University, Northampton Square, London

2:00 – 2:30 Multi-Authority Attribute based authorisation

This talk will describe the latest research efforts in enabling attribute based authorisation using attributes from multiple attribute authorities (or identity providers) when the user is known by different identifiers at each authority, and only the user knows what these are

Professor David W. Chadwick
Information Systems Security, University of Kent

2:30 – 3:00 Interoperation between identity management systems [download]

A significant number of identity management systems have been proposed in recent years, including Liberty, CardSpace, OpenID and Shibboleth. However, it is far from clear how the different systems will interoperate, not least because of varying objectives and differing uses of fundamental technologies (e.g. SAML). In this talk the functioning and scope of a selection of such systems will be reviewed, and challenges for possible interoperation will be highlighted

Professor C Mitchell
Information Security Group, Royal Holloway, University of London

	3:00 – 3:30 Automatic Obligation Enforcement for Privacy Policy Compliance It is becoming increasingly important for enterprises to have a well-defined privacy policy, to establish customer trust and to prevent misuse of privacy data and avoid litigation. Many standards exist for the publication of the privacy policy of an enterprise, which may be more complex than a simple 'allow' or 'deny' rule. The privacy policy may have rules that specify obligations to be executed in the case of certain data access. Currently these obligations are executed manually, with the inherent defects of not being scalable or auditable. In this presentation, we discuss the architecture and technology for the automated execution of the obligations associated with a privacy policy that has been developed at IBM India Research Lab. We also present a prototype solution for the obligation enforcement, using IBM Content Manager as the data repository and IBM Record Manager for the obligation enforcement. The system also logs audit information and generates audit trails, to support auditing of the obligation enforcement. We also present a generic architecture for obligation execution associated with different kinds of policies. Dr. Mukesh Mohania IBM Research Labs, India 3:30 – 4:00 Laws of identity: Jurisprudential reflections on (digital) identity and difference Since Science is a transnational endeavour, and the internet itself a global phenomenon, it is natural for scientists concerned with internet security to think in terms of universal answers to universal problems. Lawyers by contrast are used to work in a much more fragmented environment, shaped by contingent historical and cultural trajectories, Attempts by the law to conceptualise the notion of identity can vary considerably between jurisdictions, and even within jurisdiction, we find a high degree of context dependency. The paper discusses some of the issues this legal pluralism raises for technology, reporting some first results from a comparative legal study in the conceptualisation and regulation of identity in the UK and India, and a EU project on computer based fraud detection in a multi-jurisdiction environment. Dr Burkhard Schafer School of Law, Edinburgh University 4:00 – 4:30 Tea 4:30 - 5:00 Defence Against Next Generation e-Crime Threats As the future use of Information Communications Technology (ICT) infrastructure increases and evolves, incidents of technology-enabled e-crimes are likely to continue. Some of these technology-enabled threats include infrastructure risks, the use of wireless and mobile technologies, sophisticated malware, Web 2.0 vulnerabilities, identity theft, computer-facilitated fraud, intellectual property infringement, outsourcing and industrial espionage. Mitigation of these threats, on a large-scale especially in the electronic layer, will increasingly become a challenge. Information carrying capacity is now exceeding a terabit per second and doubling every twenty months, whereas information processing capacity is already in the region of 10 gigabit per second and doubling every thirty-six months. Implementing security algorithms to mitigate these threats, for large volumes of information or traffic using electronic processing will become a challenge. Scaling of high-end middleboxes (including IPS, IDS and Firewalls) in large-scale ICT infrastructures is becoming untenable as data rates and processing requirements increase. Efficient power handling and low environmental impact of larger and faster processors is becoming a high priority for a number of network carriers and network service providers. The ability for next generation security platforms to consolidate, virtualize and simplify security services delivery, while preserving the choice of best-of-breed security applications at very high-speeds, will become a key component in mitigating future ICT infrastructure threats. The development of simple level wire-speed optical processing to act as primary information/traffic filter in front of these middleboxes (e.g. IDS, IPS and firewalls), might be ideal in addressing future limitations of electronic processing of large volumes of traffic. Security algorithms deployed in optical hardware can enable scaleable mitigation against next generation ICT infrastructure security threats. Dr Martin Koyabe Security Research BT, Ipswich Further Information Dr. M. Rajarajan Email: r.muttukrishnan@city.ac.uk Phone: 0207 040 4073 Mobile: 07962402609 *The attendance is free. However, for catering please drop an email if you are planning to attend*

3:00 – 3:30 Automatic Obligation Enforcement for Privacy Policy Compliance

It is becoming increasingly important for enterprises to have a well-defined privacy policy, to establish customer trust and to prevent misuse of privacy data and avoid litigation. Many standards exist for the publication of the privacy policy of an enterprise, which may be more complex than a simple 'allow' or 'deny' rule. The privacy policy may have rules that specify obligations to be executed in the case of certain data access. Currently these obligations are executed manually, with the inherent defects of not being scalable or auditable. In this presentation, we discuss the architecture and technology for the automated execution of the obligations associated with a privacy policy that has been developed at IBM India Research Lab. We also present a prototype solution for the obligation enforcement, using IBM Content Manager as the data repository and IBM Record Manager for the obligation enforcement. The system also logs audit information and generates audit trails, to support auditing of the obligation enforcement. We also present a generic architecture for obligation execution associated with different kinds of policies.

Dr. Mukesh Mohania
IBM Research Labs, India

3:30 – 4:00 Laws of identity: Jurisprudential reflections on (digital) identity and difference

Since Science is a transnational endeavour, and the internet itself a global phenomenon, it is natural for scientists concerned with internet security to think in terms of universal answers to universal problems. Lawyers by contrast are used to work in a much more fragmented environment, shaped by contingent historical and cultural trajectories, Attempts by the law to conceptualise the notion of identity can vary considerably between jurisdictions, and even within jurisdiction, we find a high degree of context dependency. The paper discusses some of the issues this legal pluralism raises for technology, reporting some first results from a comparative legal study in the conceptualisation and regulation of identity in the UK and India, and a EU project on computer based fraud detection in a multi-jurisdiction environment.

Dr Burkhard Schafer
School of Law, Edinburgh University

4:00 – 4:30 Tea

4:30 - 5:00 Defence Against Next Generation e-Crime Threats

As the future use of Information Communications Technology (ICT) infrastructure increases and evolves, incidents of technology-enabled e-crimes are likely to continue. Some of these technology-enabled threats include infrastructure risks, the use of wireless and mobile technologies, sophisticated malware, Web 2.0 vulnerabilities, identity theft, computer-facilitated fraud, intellectual property infringement, outsourcing and industrial espionage. Mitigation of these threats, on a large-scale especially in the electronic layer, will increasingly become a challenge. Information carrying capacity is now exceeding a terabit per second and doubling every twenty months, whereas information processing capacity is already in the region of 10 gigabit per second and doubling every thirty-six months.

Implementing security algorithms to mitigate these threats, for large volumes of information or traffic using electronic processing will become a challenge. Scaling of high-end middleboxes (including IPS, IDS and Firewalls) in large-scale ICT infrastructures is becoming untenable as data rates and processing requirements increase. Efficient power handling and low environmental impact of larger and faster processors is becoming a high priority for a number of network carriers and network service providers. The ability for next generation security platforms to consolidate, virtualize and simplify security services delivery, while preserving the choice of best-of-breed security applications at very high-speeds, will become a key component in mitigating future ICT infrastructure threats.

The development of simple level wire-speed optical processing to act as primary information/traffic filter in front of these middleboxes (e.g. IDS, IPS and firewalls), might be ideal in addressing future limitations of electronic processing of large volumes of traffic. Security algorithms deployed in optical hardware can enable scaleable mitigation against next generation ICT infrastructure security threats.

Dr Martin Koyabe
Security Research
BT, Ipswich

Further Information
Dr. M. Rajarajan
Email: r.muttukrishnan@city.ac.uk
Phone: 0207 040 4073
Mobile: 07962402609

The attendance is free. However, for catering please drop an email if you are planning to attend