IDtrust 2009: 8th Symposium on Identity and Trust on the Internet, Gaithersburg, Maryland, USA, April 14-16, 2009. (Submissions due 17 November 2008) IDtrust is devoted to research and deployment experience related to making good security decisions based on identity information, especially when public key cryptography is used and the human elements of usability are considered. The success of any business strategy depends on having the right people gain access to the right information at the right time. This implies that an IT infrastructure has - among other things - an authorization framework in place that can respond to dynamic security conditions and regulatory requirements quickly, flexibly and securely. What are the authorization strategies that will succeed in the next decade? What technologies exist to address complex requirements today? What research is academia and industry pursuing to solve the problems likely to show up in the next few years? We solicit technical papers and panel proposals from researchers, systems architects, vendor engineers, and users. Suggested topics include but are not limited to: - Reports of real-world experience with the use and deployment of identity and trust applications for broad use on the Internet (where the population of users is diverse) and within enterprises who use the Internet (where the population of users may be more limited), how best to integrate such usage into legacy systems, and future research directions. Reports may include use cases, business case scenarios, requirements, best practices, implementation and interoperability reports, usage experience, etc. - Identity management protocols (SAML, Liberty, CardSpace, OpenID, and PKI-related protocols) - Identity metasystems, frameworks, and systems (Shibboleth, Higgins, etc.) - User-centric identity, delegation, reputation - Identity and Web 2.0, secure mash-ups, social networking, trust fabric and mechanisms of 'invited networks' - Identity management of devices from RFID tags to cell phones; Host Identity Protocol (HIP) - Federated approaches to trust - Trust management across security domains - Standards related to identity and trust, including X.509, SPKI/SDSI, PGP, S/MIME, XKMS, XACML, XRML, and XML signatures - Intersection of policy-based systems, identity, and trust; identity and trust policy enforcement, policy and attribute mapping and standardization - Attribute management, attribute-based access control - Trust path building and certificate validation in open and closed environments - Improved usability of identity and trust systems for users and administrators, including usability design for authorization and policy management, naming, signing, verification, encryption, use of multiple private keys, and selective disclosure - Identity and privacy - Levels of trust and assurance - Trust infrastructure issues of scalability, performance, adoption, discovery, and interoperability - Use of PKI in emerging technologies (e.g., sensor networks) - Application domain requirements: web services, grid technologies, document signatures, (including signature validity over time), data privacy, etc. For more information, please see http://middleware.internet2.edu/idtrust/