A full day seminar presented by Donald E. Eastlake, III, Motorola. This workshop is being coordinated by Dr. Vance Wilson, Assistant Professor of Management Information Systems at the School of Business Administration, University of Wisconsin-Milwaukee.

Overview

XML, the Extensible Markup Language, was designed as the next generation of data representation for the World Wide Web. It is oriented to extensible semantic labeling rather than appearance labeling. XML has become increasingly popular for use in applications level protocols, databases, and information exchange, as well as for web documents. As its popularity rises, efficiency and consistency require a standard way to specify authentication and encryption in XML. This workshop covers the XML security recommendations from the World Wide Web Consortium. These specify general mechanisms in XML syntax providing authentication and confidentiality. In particular, although the signature and encryption control structures are always in XML, they can be used for the authentication and confidentiality of arbitrary data, not just XML. Unfortunately, XML was originally designed without taking security into account. As a result, there are a number of special problems in secure XML. In particular, making XML digital signatures both secure and robust requires special canonicalization mechanisms to standardize the expression of XML. A variety of applications and additional facilities are being built in connection with XML security. The workshop will also cover "Advanced" digital signatures as specified by ETSI to meet the European Directive for enforceable signatures and the emerging W3C XML Key Management System standard to offload key lookup and verification from devices such as PDAs and telephone handsets.

Topics

Topics covered in this workshop will include: XML basics Digital cryptography basics XML signatures and authentication ETSI advanced signatures XML canonicalization XML encryption Combining encryption with signatures Keying and key management Profiling XML security for applications

About the speaker

Mr. Donald Eastlake III is a distinguished Member of Technical Staff at Motorola Laboratories and is co-author of the book "Secure XML: The New Syntax for Signatures and Encryption" published by Addison-Wesley last year. He was instrumental in the formation of and is co-chair of the joint IETF/W3C XML Digital Signature working group, the first and only joint IETF (Internet Engineering Task Force) and W3C (World Wide Web Consortium) working group. He is a document editor for the W3C XML Encryption working group and is a member of the W3C XML Key Management System working group. In addition, he co-authored the XML Digital Signature, XML Encryption, and XML Exclusive Canonicalization W3C Recommendations. Mr. Eastlake has been active in the area of computer security protocols for many years.

Who should Attend?

This workshop is designed for a range of people: anyone dealing with XML systems for which data authenticity, integrity, or confidentiality is a concern; anyone evaluating, managing, designing, or implementing such systems; and anyone interested in how the difficulties of securing XML were overcome. This includes Project Managers, Security Students and Researchers, Data Architects, Data Administrators, Systems Analysts, Webmasters, and Document Specialists.

Coordinator

This technology event is being coordinated by Dr. Vance Wilson, Assistant Professor of Management Information Systems at the School of Business Administration, University of Wisconsin-Milwaukee.