Workshop on

Open Trust Infrastructures 

 

December 11-12, 2002

Washington DC
Hosted By Carnegie Mellon University and the National Institute of Standards and Technology (NIST)  

Sponsored by Seagate Technologies and Wave Systems Corp.

 

Overview

The ability for any entity to ‘trust’ another entity is a fundamental prerequisite for virtually every services delivery network, certainly including the Internet itself.  The lack of trust mechanisms, broadly implemented, has resulted in dangerous vulnerabilities for most of the world’s critical infrastructures.  The white paper from last year's workshop that describes the various trust infrastructures and the need for communications among them may be found here.

While there are many proprietary, vertical solutions for providing identity and authentication of devices such as desktop and enterprise hosts, cable networks with set top boxes, cell-phone networks, and credit card networks, there has been little research done to develop standards for establishing trust between devices, applications, and entities that can utilize open, standard protocols, APIs, and interfaces.  Open trust standards are essential for the broad implementation and interoperability of secure infrastructures on a worldwide basis.  

But what shape should these take?  Also, should they be an XML protocol?  Should they be a low level protocol?  Should they be a polymorphic protocol?  What interoperability functions are necessary or desirable?  If not interoperability, what communications functions are necessary or desirable between foreign trust participants? What metrics are appropriate?  This is only a sample of the important questions that need discussion in a workshop environment.

This invited Workshop seeks to have thought leaders from industry, government, and academia come together to outline the requirements that must be addressed by Open Trust Infrastructures specifications across a broad range of security situations  where computers are involved.

The Workshop will also examine the most effective standards processes and appropriate standards organizations for pursuing this standards work.   Finally, workshop participants will provide a set of recommended actions for initiating this standards activity, including recommendations on research funding, government initiatives, technology development, and industry organizations.

Topics

The one and a half-day Open Trust Infrastructure Workshop, using a combination of panels, open discussions, presentations, and facilitated group interactions, will focus on the following topics:

- Overview of Trust Infrastructure Issues

- Current trust infrastructures and functions

  • Cable/Satellite

  • Finance Industry, Credit and Smart Cards

  • Consumer Electronics/Entertainment

  • Government: Critical Infrastructures

  • University Research Networks

  • Communications Networks

  • PC Platform and Trusted Computing

- Examples of trust infrastructures, including Microsoft Palladium

- Standards Processes and Organizations

- Technology and Trust Model Components

- PKI

- Trusted Hardware and Software

- APIs and Protocols

      Interoperability Between Infrastructure Components

      Trust Models: First and Third party, public and private trust models

      Abstract Trust Model: hierarchical, peer-to-peer

      Existing standards and organizations

      Standardization Roadmap

- Recommended Actions to Drive Standards Development and Adoption

- Scope of standard:

  • Industries

  • Worldwide

- Devices, services, applications, etc.

- Specifications, conformance and certification

- Participants in standards development:

  • Governments

  • Standards Groups (Existing, New)

  • Industry Groups/Associations

  • Companies

  • Universities

Best Processes for Defining a Standard:

  • Alliance/Consortium

  •  Government organization (NIST)

  • Targeted standards bodies

Funding (national research budgets, foundations, private donations, international)

The observations and recommendations resulting from the workshop will be distributed as a white paper by January 15, 2003.  

 

Workshop Details


Location: Washington, D.C

Hotel: Wyndham Washington, DC, 1400 M Street, NW, Washington DC 20005, Phone 202 429 1700.

Date and Schedule:

Wednesday, December 11, 2002, 8:30 am – 5:30 pm   (Scheduled Dinner, 7:00 pm)

Thursday, December 12, 2002, 8:30 – Noon

 

For Additional Information Contact John Bourgein at (925) 376-8772 or e-mail bourgein@cs.cmu.edu.

 

Invited Organizations

The following companies and organizations have been invited to participate in the Open Trust Infrastructure Workshop.  A limited number of additional representatives can be accommodated if appropriate.  

Government

  • Central Intelligence Agency

  • Department of Defense

  • Federal Bureau of Investigation

  • General Services Administration

  • Department of Homeland Security

  • National Institute of Standards and Technology

  • National Security Agency

Academia

  • Carnegie Mellon University

  • Massachusetts Institute of Technology

Standards, Industry, Trade Organizations

  • CableLabs

  • FinRead

  • IETF

  • MPAA

  • OASIS

  • PKI Forum

  • TCPA

  • W3C

Corporations

  • AMD

  • AOL/TimeWarner

  • Atmel

  • Cisco

  • Computer Associates

  • Dell

  • EchoStar

  • EDS

  • Gemplus

  • Hewlett Packard

  • IBM

  • Infineon

  • Intel  

  • Maximus

  • Microsoft

  • Motorola

  • National Semiconductor

  • Nokia

  • OneName

  • RSA

  • SSP Solutions

  • Schlumberger

  • Sema

  • Seagate Technologies

  • Thomson

  • Sony

  • SUN

  • Visa

  • Verisign

  • Wave Systems

  • Worldcom

 

The Security Research Consortium

  

John Bourgein at (925) 376-8772 or e-mail bourgein@cs.cmu.edu.

Series Developed By 
The Institute for Software Research International
School of Computer Science 
Carnegie Mellon University

Organizational Affiliates:

    International Security Trust & Privacy Alliance

InSITeS Home

 

 

[ OPEN TRUST HOME | SECURITY WORKSHOP SERIES HOME ]