W3C Workshop on Identity in the Browser 24/25th May 2011, Mountain View (USA)

• About W3C
• Report
• Call for Participation
• Papers
• Agenda
• Nearby Events
• Venue

Hosted by Mozilla
in Mountain View (USA)

Workshop sponsors:

Call For Participation

Background

As the Web becomes increasingly a focal point for economic and social activity, there is an urgent need for trustworthy, widely-applicable digital identity management. This includes the need for authentication and authorization to work across multiple web-sites, enterprises, devices, and browsers in a uniform and easy-to-use manner. For critical enterprise activity, effective government engagement, and sensitive social information accessed over the Web, a higher level of identity assurance, privacy protection, and security is required beyond simple username/password combinations. To address many of these issues, digital identity should become a core part of Web architecture, enabled by a combination of server and client-side solutions. Achieving this vision, however, requires addressing numerous technical, operational, policy, and legal issues. This workshop's purpose is to consider how the intersection of those issues with the use of browser technology can lead to this vision.

Many approaches to managing digital identity, such as SAML and OpenID, have been deployed without requiring special-purpose technology on the browser client. There is, however, a general understanding within the technical community that client-side mechanisms working together with the server will improve usability, security, and trust. Ideally, effective identity authentication and authorization shouldn't be tied to a single browser, but be capable of being switched across multiple devices such as phones and desktops in a privacy-respecting manner. At the same time, it would need to provide a level of assurance high enough to be suitable for use in financial, healthcare, and government-grade applications. Implementing digital identity technologies of this sort is an effort that crosses the boundary between server and client. Rather than starting from a blank slate, any new work should compliment existing technologies while enhancing usability, privacy, and security.

Goals and Scope

This workshop will investigate strategies to facilitate the development and deployment of improved identity authentication and authorization technologies across the Web. Solutions to be explored are effective enhancements to Web browsers that lead to trustworthy benefits that can be realized in the near term. Also included in the workshop will be explorations into the operational, policy, and legal issues that must be addressed by the solutions. Results from this workshop will provide input to existing and possible future co-ordination and standardization work at W3C. Among the relevant W3C Working Groups interested in this work include:

• the W3C Web Applications Working Group;
• the W3C Federated Social Web Incubator Group;
• the W3C Geolocation Working Group;
• the W3C Device API and Policy Working Group.

The workshop is attracting a broad set of stakeholders, including implementers of browsers, user-interface designers, as well as developers and operators of Web applications that rely on digital identities. Also participating are digital identity experts focused on legal, policy, privacy, and security considerations. The workshop will feature presentations of key ideas and from implementers, while also reserving significant time for effective open-space discussion with participants.

Participation Requirements

All participants are required to submit a position paper via Easychair by April 27th 2011. W3C membership is not required to participate in this workshop. Submissions are currently closed.

Topics for position papers may include, but are not limited to:

• mutually beneficial relationships between server-side and client-side identity approaches;
• novel and existing approaches toward digital identity on the Web that could be integrated across browsers;
• interactions between identity in the browser and the use of identity across multiple devices;
• the relationship between the Web and enterprise identity;
• How websites communicate their account management interfaces and their requirements for authentication;
• user experience and interface issues for identity and security in the browser;
• APIs for identity management and security tokens;
• statements of interest and implementation experience from browser vendors, Web application developers, and plug-in developer;
• analysis of current digital identity solutions in terms of security and privacy;
• anonymity, reputation, and zero-knowledge proofs;
• assuring trustworthy results, including obligations and responsibilities of both users and browsers;
• use-cases and requirements from enterprise, online banking, government, health, business, regulatory bodies, and activist groups;
• social, policy, and legal regulatory issues relating to identity, security, and privacy as they potentially impact any of the above;
• proposals for co-ordination between standards bodies long active in the digital identity space and the W3C.

The total number of participants will be limited. To ensure diversity, a limit might be imposed on the maximum number of participants per organization.

Instructions for how to register will be sent to submitters of accepted position papers. These instructions will also indicate a possible limit on the maximum number of participants per organization.

Workshop sessions and documents will be in English. Position papers, presentations, minutes and the workshop report will be public.

There is no fee to participate.

Expression of Interest

To help the organizers plan the workshop: If you wish to participate, please as soon as possible send a message to hhalpin@w3.org with a short (one paragraph) "expression of interest" stating:

• that a representative from your organization plans to submit a position paper
• how many participants your organization is sending
• whether or not you wish to make a presentation

Note: Sending that expression of interest does not mean that you registered for the workshop. It is still necessary to send a position paper (see below).

Position Papers

Your paper must meet the following criteria:

• explains your interest in the Workshop
• aligned with the Workshop's stated goals as outlined above.
• Maximum of 5 pages long
• formatted in (valid) HTML/XHTML, PDF, or plain text

Based on a review of all submitted position papers, the Program Committee will select the most relevant and invite the submitters of those papers to the Workshop. From among all accepted papers, the program committee will choose a small number of papers judged most appropriate for fostering discussion, and ask the authors of those papers to give short presentations about them at the Workshop. After the workshop, those presentations will then be published on the workshop home page. However, the primary focus of the workshop will not be on presentations, but on open discussion and consensus on future directions for identity in the browser.

Important dates

Date	Event
March 21st 2011	Call for Participation issued
April 27th 2011	Deadline for position papers
May 13th 2011	Program released
May 16th 2011	Deadline for registration
May 24-25th 2011	Workshop

Workshop Organization

Workshop sessions and documents will be in English.

Chairs

• J. Trent Adams, ISOC
• Harry Halpin, W3C

Program Committee

• Siddharth Bajaj, Symantec
• Wendell Craig Baker, Yahoo!
• Aaron Brauer-Rieke, Center for Democracy and Technology
• Joni Brennan, Kantara Initiative
• David Crocker, Brandenberg InternetWorking
• Matthew Gardiner, CA Technologies
• Kaliya Hamlin, Identity Commons
• Mike Hanson, Mozilla
• Dick Hardt
• Sam Hartmann, Painless Security
• Ashish Jain, Paypal
• John Linn, RSA
• Ben Laurie, Google
• Mark Masse, Disney
• RL "Bob" Morgan, University of Washington / InCommon Federation
• Eve Maler, Forrester Research
• Prateek Mishra, Oracle
• Deirde Mulligan, UC Berkeley
• Yutaka Oiwa, AIST
• Mike Perry, Tor Project
• Yngve Pettersen, Opera
• Aza Raskin, MassiveHealth
• David Recordon, Facebook
• David Singer, Apple
• Tom Smedinghoff, Wildman Harrold
• Hannes Tschofenig, Nokia Siemens Networks
• Don Thibeau, OpenID Foundation
• Paul Trevithick, Azigo
• John Tolbert, Boeing
• Rigo Wennig, W3C
• Craig Wittenberg, Microsoft

Venue

The workshop will be hosted in Mountain View by the Mozilla Foundation at their headquarters at 650 Castro St. Suite 300, Mountain View, CA 94041. The 650 building is a five-story office building, with a Le Boulanger and UPS Store at the ground level. From the main lobby, take the elevator to the second floor. On exiting the elevator, turn right into the Mozilla lobby (look for the giant metal dinosaur). Snacks and lunch will be provided both days, with dinner provided on the 24th.

The building is near the south end of the street, close to El Camino Real. Caltrain access is convenient; the train stop is at the north end of Castro, about a six-block walk to the building.

For those coming by car, parking on Castro is limited to two hours, but there are numerous city lots located within three blocks. The Mountain View City Hall/Performing Arts Center has a large street lot behind the building. Castro Avenue's cross streets also have all-day street parking.

There are numerous hotels within either walking distance or a short taxi ride away, such as:

• Holiday Inn Express. 93 El Camino Real, Mountain View, 94040, 1-800-445-7774, http://www.hitowncenter.com.
• Hotel Avante. 860 El Camino Real, Mountain View 94040, 1-800-538-1600, http://www.hotelavante.com.
• Hilton Garden Inn. 840 East El Camino Real. Mountain View 94040, 1-650-964-1700, http://www.hiltongardeninn.com/en/gi/hotels/index.jhtml?ctyhocn=SJCMVGI.
• Comfort Inn. 1561 West El Camino Real. Mountain View 94040, 1-650-967-7888, http://www.hotelmountainview.com.
• Hotel Zico. 200 East El Camino Real. Mountain View 94040, 1-650-967-8200, http://www.hotelzico.com/.
• County Inn. 850 Leong Dr. Mountain View 94043, 1-877-784-6835, http://www.countyinn.com/.
• Ramada Limited. 55 Fairchild Drive. Mountain View 94043, 1-650-967-6856, http://www.ramadasiliconvalley.com/.

Nearby Events

Coming up earlier in the month of May is the 12th Internet Identity Workshop May 3-5 in Mountain View, which will include discussions about identity in the browser (and other agents) along with identity on the web generally. "IDBrowser" will give attendees of the W3C Workshop on Identity in the Browser 30% the regular registration price.

Our W3C workshop is partially overlapping with the IEEE Symposium on Privacy and Security and right before the Web 2.0 Privacy and Security workshop in Oakland. So, feel free to register for both these international security events as well as the W3C workshop.

Deliverables

Position papers, agenda, accepted presentations, and report will also be published online.