Workshop Call for Position Papers
	     W2SP 2007: Web 2.0 Security and Privacy 2007
  Sponsored by the IEEE Technical Committee on Security and Privacy
Held in conjunction with the 2007 IEEE Symposium on Security and Privacy
     Thursday, May 24, The Claremont Resort, Oakland, California

The goal of this one day workshop is to bring together researchers and
practitioners from academia and industry to focus on understanding Web
2.0 security and privacy issues, and establishing new collaborations
in these areas.

Web 2.0 is about connecting people and amplifying the power of working
together.  The goal of connecting people is bringing together a broad
range of technologies and social forces.  We have witnessed a rapid
proliferation of social computing web sites and content.  This mixing
of technology and social interaction is also occurring in the context
of a wave of technologies supporting rapid development of these
interpersonal interactions.

Many of these new web technologies rely on the composition of content
and services from multiple sources. On one end of the technology
spectrum we have simple services such as blogs and wikis. However
there are far more complex technology composition (mash-up) examples.
The content composition trend is likely to continue. The lure is the
promise of inexpensive and easy ways to compose software service and

However, there are issues with respect to management of identities,
reputation, privacy, anonymity, transient and long term relationships,
and composition of function and content, both on the server side and
inside the web browser.  While the security and privacy issues are not
new (many of these issues already exist with portal servers and
browsers), the security issue is increasingly becoming acute as the
technologies are adopted and adapted to appeal to a wider developer
audience. Some of these technologies deliberately bypass existing
security mechanisms.  This workshop is intended to discuss the
limitations of the current technologies and explore alternatives.

The scope of W2SP 2007 includes, but is not limited to:

    -- Identity, privacy, reputation and anonymity
    -- End-to-end security architectures
    -- Security of content composition
    -- Security and privacy policy definition and modeling of 
       content composition
    -- Provenance and governance
    -- Usable security and privacy models
    -- Static and dynamic analysis for security
    -- Security as a service

Workshop Co-Chairs:
            Larry Koved,  IBM T. J. Watson Research Center
            Dan Wallach,  Rice University

Program committee:

Drew Dean (Yahoo)
Simone Fischer-Hubner (Karlstad University)
Larry Koved (IBM)
Shriram Krishnamurthi (Brown University)
John C. Mitchell (Stanford University)
Alex Russell (
Dan Wallach (Rice University)
Helen Wang (Microsoft)

Due to space limitations of the workshop venue registration is limited
to 40 participants.  While not required, potential workshop
participants should submit a 1-2 page position statement on topics
relevant to Web 2.0 security and privacy issues.  This will help the
workshop organizers organize the day around topics of common interest,
and choose panels / papers to be presented.  Should the workshop be
oversubscribed, the program committee will strive to select
participants in a way that is balanced between academia and industry,
as well as across topics.  The program committee will also select
workshop position statements to appear on the workshop web site.

Important dates:
    Position statement submission deadline: March 23, 2007
    Workshop acceptance notification date: March 30, 2007
    Workshop date: Thursday May 24, 2007

Workshop position statement submission web site:

Workshop registration will only be available via the