9th Symposium on Identity and Trust on the Internet (IDtrust 2010) April 13-15, 2010 NIST - Gaithersburg, Maryland http://middleware.internet2.edu/idtrust/2010/ Submission Deadline: November 22, 2009 Theme: Secure and convenient access control IDtrust is looking for papers related to all parts of the public-key mediated authentication and access control problem. All software systems, from enterprise data centers to small businesses and consumer-facing applications, must make access control decisions for protected data. IDtrust is a venue for the discussion of the complete access control process (authentication, authorization, provisioning and security decision workflow), addressing questions such as: "What are the authorization strategies that will succeed in the next decade?" "What technologies exist to address complex requirements today?" "What research is academia and industry pursuing to solve the problems likely to show up in the next few years?" Identity as used here refers to not just the principal identifier, but also to attributes and claims. Call for Papers We solicit technical papers and panel proposals from researchers, systems architects, vendor engineers, and users. Suggested topics include but are not limited to: * Analysis of existing identity management protocols and ceremonies (SAML, Liberty, CardSpace, OpenID, and PKI-related protocols) * Analysis or extension of identity metasystems, frameworks, and systems (Shibboleth, Higgins, etc.) * Design and analysis of new access control protocols and ceremonies * Cloud/grid computing implications on authorization and authentication * Assembly of requirements for access control protocols and ceremonies involving strong identity establishment * Reports of real-world experience with the use and deployment of identity and trust applications for broad use on the Internet (where the population of users is diverse) and within enterprises who use the Internet (where the population of users may be more limited), how best to integrate such usage into legacy systems, and future research directions. Reports may include use cases, business case scenarios, requirements, best practices, implementation and interoperability reports, usage experience, etc. * User-centric identity, delegation, reputation * Identity and Web 2.0, secure mash-ups, social networking, trust fabric and mechanisms of "invited networks" * Identity management of devices from RFID tags to cell phones; Host Identity Protocol (HIP) * Federated approaches to trust * Standards related to identity and trust, including X.509, S/MIME, PGP, SPKI/SDSI, XKMS, XACML, XRML, and XML signatures * Intersection of policy-based systems, identity, and trust; identity and trust policy enforcement, policy and attribute mapping and standardization * Attribute management, attribute-based access control * Trust path building and certificate validation in open and closed environments * Analysis and improvements to the usability of identity and trust systems for users and administrators, including usability design for authorization and policy management, naming, signing, verification, encryption, use of multiple private keys, and selective disclosure * Identity and privacy * Levels of trust and assurance * Trust infrastructure issues of scalability, performance, adoption, discovery, and interoperability * Use of PKI in emerging technologies (e.g., sensor networks, disaggregated computers, etc.) * Application domain requirements: web services, grid technologies, document signatures, (including signature validity over time), data privacy, etc. Important Dates Papers due: Nov 22, 2009 Notification to authors: Jan 15, 2010 Panel proposals due: Jan 24, 2010 Final papers due: Feb 21, 2010 Registration deadline: Apr 5, 2010 Symposium: Apr 13-15, 2010 Submissions Submissions should be provided electronically, in PDF, for standard US letter-size paper (8.5 x 11 inches). Paper submissions must not exceed 15 pages (single space, two column format with 1" margins using a 10 pt or larger font) and should adhere to the ACM SIG proceedings template at http://www.acm.org/sigs/pubs/proceed/template.html (LaTeX users should use template Option 2). Successful technical papers should clearly describe the contribution to the field and cite related work. Submissions of papers must not substantially duplicate work that any of the authors have published elsewhere or have submitted in parallel to any other conferences or journals. Proposals for panels should be no longer than five pages and include possible panelists and an indication of which panelists have confirmed participation. Detailed submission instructions can be found at our submissions page. All submissions will be acknowledged. Accepted papers will be published in a conference proceedings at the symposium. Accepted papers will also appear in the ACM Digital Library as part of the ACM International Conference Proceedings Series.