IDtrust 2011
10th Symposium on Identity and Trust on the Internet
Program with Presentations



There will be a shuttle bus leaving the Gaithersburg Holiday Inn at 8:00 a.m. Wednesday and Thursday morning to travel to NIST. The shuttle will return to the hotel at the end of the poster reception on Wednesday (7:30 PM) but there will not be a return shuttle bus on Thursday. NIST has regular shuttle service to the Shady Grove Metro station.


802.11b Wireless access points will be available.


Participants and observers are encouraged to use the tag "idtrust2011" when blogging and tweeting about the symposium.


Wednesday, April 6, 2011 - Full Day

8:00 Bus Departs from Gaithersburg Holiday Inn for NIST

8:30 - 9:00 Registration and Continental Breakfast

9:00 - 9:15 Welcome

How the World has Changed - IDtrust 10th Anniversary Retrospective: Ken Klingenstein, Internet2 (Slides: ppt )

9:15 - 9:45 Invited Talk

Whither Identity Management?: Tim Brown, CA Technologies (Slides: pdf )

Identity management has gone through a number of transitions and continues to evolve. This session will discuss: Where has identity management been? What have we learned? What are the challenges we face? Where is it going?

9:45 - 10:45 Panel - Usability Issues in Identity Management: Improving the engagement ceremony between users and services

Panel Moderator: Trent Adams, Internet Society (Slides: ppt )

Larry Drebes, JanRain (Slides: pdf )

Paul Trevithick, Azigo (Slides: pdf )

Ken Klingenstein, Internet2 (Slides: ppt )

Don Thibeau, Open ID Foundation

Asking users to know the protocol running a system's identity management solution is like asking them to list the constituent elements that make up the air we breathe. In most cases, users just want to get into a system quickly and easily (often to the detriment of security). This panel brings together cross-protocol practitioners (e.g. OpenID, SAML, OAuth) working on usable solutions that attempt to balance issues such as utility, efficiency, and security. Among the topics to be discussed are technical and usability issues surrounding identity provider discovery.

10:45 - 11:15 Break

11:15 - 12:45 Panel - Privacy: An Emerging Landscape

Panel Moderator: Carl Ellison, Independent (Slides: pptx )

Trent Adams, ISOC (Slides: pdf )

Al Zarate, National Center for Health Statistics (Slides: ppt )

Ken Klingenstein, Internet2 (Slides: ppt )

Brian LaMacchia, Microsoft (Slides: pptx )

Privacy, like security, is emerging as a broad and diverse landscape, and advances are happening in several areas. After an opening talk that describes this landscape, talks will drill down into the most important developments in technical and policy activities. We will look at the failure of anonymization technologies for large data sets and its consequence on research. Consent for the release of personal attributes is becoming real in federated and social identity and we will look at perspectives in both the US and Europe. We will also look at new technologies that provide selective personal information release and how they fit into the landscape.

12:45 - 1:45 Lunch

1:45 - 2:15 Keynote Talk

National Strategy for Trusted Identities in Cyberspace: Jeremy Grant, NIST (Slides: pptx )

The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a White House initiative to work collaboratively with the private sector, advocacy groups, public sector agencies, and other organizations to improve the privacy, security, and convenience of sensitive online transactions.

The Strategy calls for the development of interoperable technology standards and policies - an "Identity Ecosystem" - where individuals, organizations, and underlying infrastructure - such as routers and servers - can be authoritatively authenticated. The goals of the Strategy are to protect individuals, businesses, and public agencies from the high costs of cyber crimes like identity theft and fraud, while simultaneously helping to ensure that the Internet continues to support innovation and a thriving marketplace of products and ideas.

The Strategy was developed with substantial input from the private sector and the public. It calls for the effort to be led by the private sector, in partnership with the federal government, consumer advocacy organizations, privacy experts, state and local agencies, and others.

NIST has been asked by the White House to lead the implementation of NSTIC. NIST's Jeremy Grant will give an overview of the soon-to-be-released Strategy and detail the role NIST will play in collaborating with the private sector to move NSTIC forward.

2:15 - 3:30 Panel - Privacy and Security Research Challenges for Biometric Authentication

Panel Moderator: Elaine Newton, NIST (Slides: ppt )

Ross Micheals, CSC (Slides: pdf )

Stephanie Schuckers, Clarkson University (Slides: ppt )

Terrance Boult, University of Colorado (Slides: ppt )

For biometric technologies to be deployed in support of identity assurance, it is essential to distinguish between the role that biometric technologies can play in Identity Proofing (establishment of identity) versus Identity Authentication (affirmation of the holder of a credential or identifier by which the user is known to the system), as each of these functions typically have differing policies (i.e. in-person versus remote); technology availability (i.e. full desktop system versus embedded scanner); and security and privacy considerations.  Biometric systems are typically used as part of an overall security system.  Stolen biometric information are a security risk, may be non-revocable, and contain privately identifiable information.  Development of countermeasures is needed to minimize vulnerabilities of these systems.

Specific R&D challenges that will be noted in this discussion include: biometric template protection algorithms, revocable/cancelable biometrics, anti-spoofing/liveness detection testing, and best practices for e-authentication and the treatment of biometrics in an identity assurance framework.

3:30 - 4:00 Break

4:00 - 5:15 Panel - Successful Implementation of Identity Management Systems Integration

Panel Moderator: Steve Whitlock, Boeing

Vijay Takanti, Exostar (Slides: pptx )

Mollie Shields-Uehling, SAFE-Biopharma (Slides: ppt )

Debbie Bucci, National Institutes of Health (Slides: pptx )

Over sixty years have passed since the discovery of public key concepts and thirty years since the development public key algorithms. In the last twenty years governments, corporations, universities and individuals have spent fortunes in resources and lifetimes in the process of conversion from concepts and ideals to technologies, products and services that enable e-services.

This panel will focus on success stories and examples of working implementations from several different communities.

5:15 - 7:30 Poster Session / Reception at NIST

IDtrust did not have a peer review process this year, but we did want to have a more informal process to let people offer some ideas to share. So we invited poster submissions, and the following will be at the reception.

Efficient Transmission of DoD PKI Certificates in Tactical Networks

Sean R. O'Melia, MIT Lincoln Laboratory

Roger I. Khazan, MIT Lincoln Laboratory

Dan Utin, MIT Lincoln Laboratory

Draft FIPS 201-2 Discussion Point

Bill MacGregor, NIST

Hildy Ferraiolo, NIST

Ketan Mehta, NIST

Sal Francomacaro, NIST

Ramaswamy Chandramouli, NIST

Towards a method for managing distributed access entitlement and access certification (Can we trust that AuthZ attribute?)

Corinne Irwin, NASA

Dennis Taylor, NASA/ASRC Primus Solutions

Trust in National Identity Systems: Exploring Citizen Risk Perception

Adrian Rahaman, University College London

Angela Sasse, University College London

PKAuth: A Social Login Protocol for Unregistered Apps

Francisco Corella, Pomcor

Karen Lewison, Pomcor

System Diagram of Federated Identity, Authentication and Authorization using X.509 Certificates and SAML

Robert Cope, Homeland Security Consultants

7:30 Bus Departs for Gaithersburg Holiday Inn

Thursday, April 7, 2011 - Half Day

8:00 Bus Departs from Gaithersburg Holiday Inn for NIST

8:30 - 9:00 Registration and Continental Breakfast

9:00 - 9:30 Invited Talk

Unified Identity for Access Control: Carl Ellison, Independent (Slides: ppt )

There is much debate over the nature of identity and how it relates to authenticators, identifiers, attributes, named groups, etc. Taken in isolation, these debates rely on near-philosophical concepts of identity. Rather than be another voice in those debates, on those terms, we look here at the functional needs of access control in large scale industrial environments. From those needs, we show a need for more than one form of identifier or attribute, but where each is established in a single statement from some authority on that particular statement. We also show that chains of such statements will be required in normal access control decisions. We then give a single representation of such statements that captures all of the different kinds of statement and an algorithm over chains of those representations that establishes the truth of a chain. The algorithm for proving validity of deductions is not confined to a single organization, so it gives implicit federation not just of identifier but of attributes.

9:30 - 11:00 Panel - 2 Factor Authentication and Higher Level-of-Assurance Issues

Panel Moderator: Ken Klingenstein, Internet2

Elaine Newton, NIST (Slides: ppt )

William MacGregor, NIST (Slides: ppt )

Paul Donfried, Verizon Business Solutions (Slides: pptx )

Invited Talk

Digital Signatures - Current Barriers: Simson Garfinkel, Naval Postgraduate School (Slides: pdf )

11:00 - 11:30 Break

11:30 - 12:45 Panel - Creating the Attribute Ecosystem

Panel Moderator: Peter Alterman, NIH

Jack Suess, InCommon Steering & UMBC (Slides: ppt )

Debbie Bucci, National Institutes of Health (Slides: pptx )

Ken Klingenstein, Internet2 (Slides: ppt )

With the focus of identity management shifting from authentication to the attributes being shared across the ecosystem, key issues around the creation and consumption of attributes are emerging. In those domains where regulation defines roles and permissions, such as pharmaceuticals and financials, attribute schema can be modeled in both syntactic and semantic standards by the federations that operate in those sectors. In the broader public sector, key attributes for many federated uses cases, including "over legal age", citizenship, physical limitations, and at least a few others lack a mechanism for such normalization. This session will look at key issues of the ecosystem (attribute LOA, sources of authority and delegation trails, query languages, inter-state and inter-national jurisdictional issues), the development of attribute schema in some verticals such as government and R&E, and discuss processes for normalization of public and marketplace attributes.

12:45 - 1:00 Wrap Up

Program Chair: Carl Ellison, Independent (Slides: pptx )

See Also

This workshop is part of the IDtrust Symposium Series
Gaithersburg, MD

National Institute of Standards and Technology


Internet Society

Kantara Initiative

OASIS IDtrust Member Section

Important Dates
Poster proposals due:
March 13, 2011
Notification to authors:
March 16, 2011
Apr 6-7, 2011