Electronic Signature and the Reality of implementation
David W Chadwick
David Chadwick is Professor of Information Systems Security at the University of Kent and Managing Director of TrueTrust Ltd. He is the leader of the Information Systems Security Research Group (http://www.cs.kent.ac.uk/research/groups/iss/index.html) and a member of IEEE and ACM. He has published widely, with over 140 publications in international journals, conferences and workshops, including 5 books, 14 book chapters, 25 journals (see http://www.cs.kent.ac.uk/people/staff/dwc8/pubs.html) and successfully managed over 25 research projects. He has served as a PC member of over 100 international conferences and been the PC Chair for 5 and co chair for 2.
He specialises in Public Key Infrastructures, Privilege Management Infrastructures, Trust Management, Identity Management, Privacy Management, Cloud Security and Internet Security research in general. Current research topics include: attribute aggregation, policy based authorisation, cloud security, the management of trust, recognition and delegation of authority and autonomic access controls. He actively participates in standardisation activities, is the UK BSI representative to X.509 standards meetings, the chair of the Open Grid Forum OGSA Authorisation Working Group, and a member of OASIS and the Kantara Initiative. He is the author of a number of Internet Drafts, RFCs and OGF documents.
His research group are the creators of PERMIS (www.openpermis.org), an open source X.509 and SAML supported RBAC authorisation infrastructure which has been hardened by the Swiss MOD and released as Open Source Hardened PERMIS at http://www.osor.eu/projects/openpermis. PERMIS is currently integrated with Globus Toolkit, Shibboleth, Apache, the OMII-UK, SAML and XACML
TrueTrust Ltd specialises in training, education and consultancy in the topics mentioned above. It has participated in a number of EC funded projects, including the current Tempus PalGov project with Birzeit University.
PKI – the solution or just the start of the problem?
This talk reviews PKI technology and then looks at some of the ways the existing public key infrastructures have successfully been attacked. The talk concludes by noting that even if you have a perfect PKI system, you still need a privilege management system in order to determine what the authenticated user is authorised to do.