Security Program Group
Current work that will be progressed includes:
- PKI - a critical underpinning for secure electronic commerce
- CDSA - securing electronic commerce and other business applications with cryptographic, certificate management, trust policy management and key recovery services
- Information Labelling - aiming to enable businesses to exchange and handle information according to agreed policies
- Single Sign-on - providing the cost and effefiency benefits of enabling users to log-on once to the enterprise, instead of requiring log-on to each individual system for which access is required
Advanced Authorization Services, a new project, will also feature heavily on the agenda. Advanced Authorization Services is an initiative to address complex, yet real-world, authorization requirements which may be sensitive to many factors, (e.g. time, location, history, other current or past activities, etc.). The objective is to enable businesses to implement authorization policies which allow for context or environmentally sensitive decisions to be made, and which they may be forced to implement in any case, due to regulatory, legal or other pressures.
The Group will also be discussing how the building of trust on the Internet could be formalized. Trust in an infrastructure and its characteristics, e.g. security, is a critical element in the development of the Internet and e-commerce. The Security Program Group meeting will cover these issues and will explore current industry approaches to retaining or improving trust in the context of migrating business practices onto the net. All of the speakers represent industries that are in the forefront of trying to enable and establish trustworthy and economic secure commercial services over the net. The aim is to deliver an action plan for achieving the necessary agreements to enable the building of trust on the net.
