Third W3C Security Workshop

Announcement

The meeting will be held Monday 10 July 1995 at MIT's Laboratory for Computer Science, NE43-518, at 545 Tech Square. The Lab is located two blocks up from the Kendall Square T station and the official hotel, the Cambridge Mariott. To reserve a room at the LCS rate, call 617-494-6600 and tell them you are attending the W3C Security Workshop.

• Announcement
• Participants
• Agenda
• Minutes

Participants

Confirmed Participants:

Tom Austin, <austin@zko.dec.com>

Strategic Relations Product Manager, Digital Throughout the past year, I've had the opportunity to work with companies such as Border Network Technologies (firewall), Firefox (Novell internet client), Spyglass (Mosaic), WAIS (text and search retrieval) and Quarterdeck (client, authoring, server).

Ali Bahreman, <ali@ctt.bellcore.com>

Investigating security related issues for technologies enabling Electronic Commerce including the Web. The Web technology is also being considered for the dissemination of information with proprietary or monetary value.

Tim Berners-Lee, <timbl@w3.org>

Director, W3C. Created the World-Wide-Web. Involved in developing W3C Security Protocol and software architecture.

Jason Bluming, <jason@netmarket.com>

Chief Technical Officer, NetMarket.

Roxana Bradescu, <roxanab@attmail.com>

I work at Bell Labs in the Info. Services Architecture Dept on Internet services. My focus is new service concepts and platform architecture. I am currently working on several projects dealing with electronic commerce and payment systems.

Adam Douglas Cain, <acain@ncsa.uiuc.edu>

Research Programmer at NCSA, involved in adding Mosaic/httpd support for security schemes such as S-HTTP, Kerberos, Message Digest Authentication, and others.

Diego Cassinera, <diego@delphi.com>

I will be attending the meeting on behalf of Delphi Internet Services.

Randy Catoe, <Randy@mci.net>

---

Gary Brown, <gsb@csi.compuserve.com>

CompuServe is involved in implementing SHTTP and the like in our web servers, and will be using the forthcoming standards, payment protocols, etc.

Tad Coburn, <tcoburn@vermeer.com>

Software Engineer - I am responsible for the security aspects of our remote Web authoring tool.

Dan Connolly, <connolly@w3.org>

Research Associate, W3C. Secretary, Third W3C Security Working Group meeting. Author of the HTML 2.x specifications, engineering research in mobile code and distributed objects.

Ben Cox, <thoth+@cmu.edu>

Works at Carnegie Mellon on NetBill.

Sean Donelan, <sean@dra.com>

DRA is involved with a variety of systems used by public, university and corporate libraries. These include payment systems with university "one card" (similar to debit cards) systems; document delivery to web browsers, network printers, or fax machines; and a wide variety of patron privacy issues.

Donald E. Eastlake 3rd, <dee@cybercash.com>

I've been working on security as it relates to payment systems and the protection of payment related communications. I'm also a member of the DNS-Security Working group and co-author of the current DNS security proposal.

Taher ElGamal, <elgamal@netscape.com>

Chief Scientist, Netscape. Inventor of the ElGamal cryptosystem. Senior Associate, RSA Laboratories.

Tony Eng, <tleng@lcs.mit.edu>

Doctoral candidate, security researcher, MIT/LCS.

Jim Gettys, <jg@w3.org>

DEC, on secondment to W3C. Designed the single most secure network-aware windowing system ever built.

Wayne C. Gramlich, <gramlich@eng.sun.com>

Will be attending in place of Chuck McManis. "Sun is working on a variety of security related products."

Phillip Hallam-Baker, <hallam@w3.org>

Security Consultant, W3C. Specializing in electronic payment protocols. Experimenting with several payment systems.

Amir Herzberg, <amir@watson.ibm.com>

Works on the iKP payment protocol at IBM.

Jeff Hostetler, <jeff@spyglass.com>

I am in charge of security/payment systems for Spyglass for Enhanced Mosaic. I co-authored the Digest Authentication proposal. I am currently working on an exportable, credit card based payment system for the web for the Electronic Business Co-op.

Ed Hurley, <hurley@mama-bear.lcs.mit.edu>

I'm a Research Specialist in the Spoken Language Systems group of LCS. I'm currently working on making our systems available over the web, and am concerned with the security issues of doing that.

Charlie Kaufman, <Charlie_Kaufman/Iris.IRIS@iris.com>

Chairman of the IETF Web Transaction Security working group. Works on groupware security issues at IRIS, a development arm of Lotus.

Rohit Khare, <khare@w3.org>

Security Maven, W3C. Central contact for development of W3C security proposals.

John Klensin, <Klensin@mail1.reston.mci.net>

IETF Applications Area Director

Alan Kotok, <kotok@ljo.dec.com>

We are developing Internet Security products, and are particularly interested in public key certificate management.

Dave Kristol, <dmk@allegra.att.com>

I started the www-buyinfo mailing list in August, 1994, to provide a forum where payment mechanisms for WWW could be discussed. As the "vision" for the mailing list states, I am interested in devising APIs for clients and servers that would facilitate a wide variety of payment mechanisms for information on the Web.

Mark Linehan, <linehan@ibm.com>

I represent Amir Herzberg's iKP group at IBM.

Michael McIlrath, <mbm@mit.edu>

Research Scientist, MIT EECS

Bede McCall, <bede@mitre.org>

May bring a few other MITRE/NSA types. "interest is in getting support for the NSA's FORTEZZA card integrated into the W3C security library software. In the longer term, our interest is in promoting adequate support for what I'll call "government style" security in the W3C software."

Chuck McManis, <cmcmanis@scndprsn.eng.sun.com>

Sigh, I really want to be there to talk about Java/HotJava security but I have a prior engagement. Would it be possible to mail in a position paper for distribution? [Yes, we will be distributing position papers]

Sam Meo, Prodigy

Works at Prodigy with Michael Smith.

Jim Miller, <jmiller@w3.org>

W3C Team Leader. Chairman, Third W3C Security Working Group meeting.

Henrik Frystyk-Nielsen, <frystyk@w3.org>

Responsible for the W3C Reference Library.

Hal Pomeranz, <hal@netmarket.com>

Site Security Officer / Senior Development Lead, NetMarket.

Dave Raggett, <dsr@w3.org>

Visiting Scientist, W3C/HP. Working on micropayments and 3rd party authentication based on keyed hash functions. Participated in design of W3C Security Architecture proposal.

Ron Rivest, <rivest@lcs.mit.edu>

Co-inventor of RSA public-key cryptography, principal in RSA, RSA Laboratories, professor, MIT-LCS. Will not be attending.

Douglas T. Ross, <dougross@mit.edu>

Lecturer, MIT Laboratory for Computer Science. Founder and Chairman Emeritus, Ret. of SofTech, Inc. Creator of Structured Analysis and Design Technique (SADT, tm) and its IDEF0 (Integrated Definition 0) government version, Federal Information Processing Standard FIPS#183, now in IEEE/ISO Stds process, as well. SADT was used in '80s for GM's Corporate Security Analysis, e.g. -- but my current interest is to get to know W3C's people and agenda to try to be helpful.

Peter Schweitzer, <peter@mcz.harvard.edu>

An independent crypgraphy expert from Ron Rivest's Cryptography Reading Group.

Harald Skardal, <harald@ftp.com>

Ftp Software

Michael Smith, <smithmi@dev.prodigy.com>

One area of concern to us is whether the Consortium has considered taking into account the GSS API work in the IETF in building its security and payments protocols.

Dave Solo, <solo@bbn.com>

I'm working mostly in the commerce net arena and also within BBN on the analysis, engineering, evaluation of web security techniques. Most recently I've been doing an assessment for Commerce Net on SSL and SHTTP with respect to a variety of requirements and EC scenarios.

Joe Stoy, MIT and Oxford

On the Faculty at Oxford University's Programming Research Group, and currently visiting MIT's Laboratory for Computer Science. Interested in the formal approach to computing problems.

Vipin Swarup, <swarup@linus.mitre.org>

MITRE

Win Treese, <treese@openmarket.com>

I will be attending for Open Market.

Peter Trei, <trei@process.com>

Process Software

John Visosky, <john@hummingbird.com>

Hummingbird Communications

Mary Ellen Zurko, <zurko@osf.org>

I'm working on the DCE Web project at OSF RI, bringing DCE security (and naming) to the web. I came to the last W3C security workshop. I gave a security tutorial at Darmstadt, and was on the security panel. I've worked on a PEM prototype, an A1 secure virtual machine monitor, easy-to-use access control lists, and did my SM at MIT on distributed user attributes for security.

Jim Miller will be chairing this workshop on July 10, 1995

8:30-9:00 Continental Breakfast (Provided)

9:00-9:30 Introductions / Jim Miller, W3C

9:30-10:30 W3C Security Status Report / Rohit Khare, W3C

10:30-10:45 Coffee Break (Provided)

10:45-11:00 Integrating Fortezza Smart Cards / TBA, National Security Agency

11:00-11:30 DNS Security & Using DNS for Key Management / Donald E. Eastlake, CyberCash

11:30-12:00 Lessons Learned From DCE / Mary Ellen Zurko, OSF/RI

12:00-12:30 NCSA Security Implementation Progress / Adam Cain, NCSA

12:30-1:30 Lunch (Provided)

1:30-2:15 W3C Experience with e-Payment / Phillip Hallam-Baker, W3C

2:15-3:00 Electronic Business Coop / Jeff Hostetler, Spyglass

3:00-3:45 NetBill Payments Architecture / Ben Cox, CMU

3:45-4:00 Coffee Break (Provided)

4:00-4:30 Discussion: Evaluating W3C Security Plans

4:30-5:00 Conclusions: Editorial Board Proposal

5:00-5:30 Discussion: Evaluating W3C Payment Plans

There may be an informal dinner afterward; please contact khare@w3.org for details.