CFP: Public Key Infrastructure Research Workshop

2nd Annual PKI Research Workshop - April 28-29, 2003

http://middleware.internet2.edu/pki03/

Jointly sponsored by NIH, NIST, and Internet2, in cooperation with
USENIX, the PKI Forum and IFIP TC8.

Most PKI implementations today are used to bind identities to public
keys and manage the revocation of the resulting certificates. This
workshop, however, considers the full range of public key technology
used for security decisions. At the "relying party" end, where the 
certificates are actually used, completing a transaction includes
discovery and interpretation of relevant security information the
validity of which is verified against appropriate roots of authority. 
There are many security decisions (concerning authentication and
authorization) to be made and they need to be made correctly. All of
this needs to occur with tools that are simple to use correctly (by
developers and by end-users) and pleasant enough that one would choose 
to use them.

This workshop among leading security researchers will explore the issues
relevant to this area of security management, and will seek to foster a
long-term research agenda for authentication and 
authorization in populations large and small via public key
cryptography. The workshop is intended to promote a vigorous and
structured discussion among the leading academic and corporate
developers and the user community---a discussion well-informed by the 
problems and issues in deployment today.

We solicit papers, panel proposals, and participation.

Dates:

Workshop: April 28-29, 2003. NIST, Gaithersburg MD, USA.

Papers and Proposals Due: January 31, 2003

Authors Notified: March 7, 2003

Final Materials Due: April 4, 2003

Workshop Goals

The goals of this workshop are to cross-pollinate existing research
efforts, to identify the key remaining challenges in deploying public
key authentication and authorization, and to develop a research agenda
addressing those outstanding issues.

        * What are the key areas in current PKI approaches that need
further work? 
        * For each area, what approaches appear most promising? 
        * How do the approaches in one area affect the methodologies in
other areas?

The results will be promulgated in several ways, including:

        * a published proceedings with refereed papers and summaries of
workshop discussions, 
        * the workshop web site:
>
http://middleware.internet2.edu/pki03/ 
        * experimental initiatives within higher education 

Outstanding papers will be invited for possible publication in ACM
TISSEC.

Presentation formats will include: 
* Refereed papers 
* Panel discussions 
* Invited talks 
* Work-in-progress updates

Submitted works for panels, papers and reports should address one or 
more critical areas of inquiry. Topics include (but not are not 
limited to): 
* Cryptographic methods in support of security decisions 
* The characterization and encoding of security decision data (e.g.,
name spaces, x509, SDSI/SPKI, PGP, XKMS, SAML, WSS), policy mappings and
languages, etc. 
* The relative security of alternative methods for supporting security
decisions. Risk management. 
* Correctly interpreting the results of a private key operation or a
public key operation. Interpreting signed objects that have active code.

* Key management and rollover, and certificate management and rollover 
* Privacy protection and implications of different approaches 
* Scalability of security systems - are there limits to growth? 
* Security of the various components of a system: private keys, root
authorities, certificate storage, communications channels, code,
directories, etc. 
* User interface issues with naming, multiple private keys, selective
disclosure 
* Mobility solutions 
* Approaches to attributes and delegation 
* Discussion of how the "public key infrastructure" may differ from the
"PKI" traditionally defined 
* User Interface issues in PKI tool construction, and the security
implications of different UI choices 
* Reports of real-world experience with the use and deployment of PKI,
especially where future research directions for PKI are indicated 
* What is missing? The gaps in PKI reasarch and standards from a systems
engineering point-of-view

Program Committee

Peter Alterman  NIH 
Matt Blaze              AT&T Labs Research 
Bill Burr               NIST 
Yassir Elley            Sun Microsystems 
Carl Ellison (chair)    Intel 
Stephen Farrell         Baltimore Technologies 
Richard Guida           Johnson and Johnson 
Peter Honeyman  University of Michigan 
Ken Klingenstein        University of Colorado 
Neal McBurnett  Internet2 
Clifford Neuman         USC 
Eric Norman             University of Wisconsin 
Tim Polk                NIST 
Ravi Sandhu             George Mason University 
Krishna Sankar  Cisco Systems 
Frank Siebenlist        Argonne National Laboratory 
Sean Smith              Dartmouth College 
Michael Wiener  independent

Submissions and Additional Information

Full instructions for electronic submission of papers will appear on
this site by December 2, 2002.

Papers should be submitted electronically, in PDF, formatted for
standard US letter-size paper (8.5 x 11 inches). The final version of
refereed papers should ideally be between 8 and 15 pages, and in nocase
more than 20 pages. Proposals for panels should be no longer than five
pages in length and should include possible panelists and an indication
of which of those panelists have confirmed participation.

When appropriate, authors should arrange for a release for publication
from their employer prior to submission. Papers accompanied by
non-disclosure agreement forms are not acceptable and will be returned
to the author(s) unread.

Submissions of papers must not substantially duplicate work that any of
the authors have published elsewhere or have submitted in parallel to
any other conferences or journals.
The registration fee will be waived for presenters. A limited number of
stipends are available to those unable to obtain funding to attend the
workshop. Further information will be available on the 
registration page in January.


Contacts

General Chair: 
Ken Klingenstein, University of Colorado. Ken.Klingenstein@Colorado.edu

Program Chair: 
Carl Ellison, Intel Corporation. cme@jf.intel.com

Steering Committee Chair: 
Neal McBurnett, Internet2. neal@bcn.boulder.co.us

Local Arrangements Chair: 
Nelson Hastings, NIST. nelson.hastings@nist.gov

Links: 
http://middleware.internet2.edu/pki03/ 
http://www.nih.gov/ 
http://www.nist.gov/ 
http://www.internet2.edu/ 
http://www.usenix.org/ 
http://pkiforum.org/ 
http://ifiptc8.cis.gsu.edu/ifip/