IDtrust 2009: 8th Symposium on Identity and Trust on the Internet, 
Gaithersburg, Maryland, USA, April 14-16, 2009. (Submissions due 17 
November 2008)

IDtrust is devoted to research and deployment experience related to 
making good security decisions based on identity information, especially 
when public key cryptography is used and the human elements of usability 
are considered. The success of any business strategy depends on having 
the right people gain access to the right information at the right time. 
This implies that an IT infrastructure has - among other things - an 
authorization framework in place that can respond to dynamic security 
conditions and regulatory requirements quickly, flexibly and securely. 
What are the authorization strategies that will succeed in the next 
decade? What technologies exist to address complex requirements today? 
What research is academia and industry pursuing to solve the problems 
likely to show up in the next few years?

We solicit technical papers and panel proposals from researchers, 
systems architects, vendor engineers, and users. Suggested topics 
include but are not limited to:

- Reports of real-world experience with the use and deployment of 
  identity and trust applications for broad use on the Internet (where the 
  population of users is diverse) and within enterprises who use the 
  Internet (where the population of users may be more limited), how best 
  to integrate such usage into legacy systems, and future research 
  directions. Reports may include use cases, business case scenarios, 
  requirements, best practices, implementation and interoperability 
  reports, usage experience, etc.
- Identity management protocols (SAML, Liberty, CardSpace, OpenID, and 
  PKI-related protocols)
- Identity metasystems, frameworks, and systems (Shibboleth, Higgins, etc.)
- User-centric identity, delegation, reputation
- Identity and Web 2.0, secure mash-ups, social networking, trust fabric 
  and mechanisms of 'invited networks'
- Identity management of devices from RFID tags to cell phones; Host 
  Identity Protocol (HIP)
- Federated approaches to trust
- Trust management across security domains
- Standards related to identity and trust, including X.509, SPKI/SDSI, 
  PGP, S/MIME, XKMS, XACML, XRML, and XML signatures
- Intersection of policy-based systems, identity, and trust; identity 
  and trust policy enforcement, policy and attribute mapping and 
- Attribute management, attribute-based access control
- Trust path building and certificate validation in open and closed 
- Improved usability of identity and trust systems for users and 
  administrators, including usability design for authorization and policy 
  management, naming, signing, verification, encryption, use of multiple 
  private keys, and selective disclosure
- Identity and privacy
- Levels of trust and assurance
- Trust infrastructure issues of scalability, performance, adoption, 
  discovery, and interoperability
- Use of PKI in emerging technologies (e.g., sensor networks)
- Application domain requirements: web services, grid technologies, 
  document signatures, (including signature validity over time), data 
  privacy, etc.

For more information, please see