[prev in list] [next in list] [prev in thread] [next in thread]
List: secevents
Subject: (forw) BoF session on Web user authentication at USENIX
From: aleph1 () securityfocus ! com
Date: 2002-04-29 21:18:55
[Download RAW message or body]
----- Forwarded message from Kevin Fu <fubob@MIT.EDU> -----
From: Kevin Fu <fubob@MIT.EDU>
To: aleph1@securityfocus.com
Subject: BoF session on Web user authentication at USENIX
Date: Mon, 29 Apr 2002 17:06:21 -0400
Message-Id: <200204292106.RAA11996@prowler.mit.edu>
Hi there,
[Here's some follow-up to a paper on Web user authentication. I
thought you might be interested.]
Last year's "Dos and Don'ts of Client Authentication of the Web" paper
<http://pdos.lcs.mit.edu/cookies/> discussed breaks of several flawed
Web user authentication schemes and offered advice on improving user
authentication.
Recognizing that there is rarely any in-person communication between
developers of Web authentication systems, we invite you to attend a
Birds-of-a-Feather (BoF) session at the USENIX Annual Technical
Conference in Monterey, CA on June 13.
The Web user authentication BoF will be an informal gathering to share
lessons learned and to help tear down technical, social, and political
roadblocks to better authentication. We hope to discuss best
practices to reduce the number of cryptographically insecure schemes
re-invented by countless Web sites.
Interested parties may include those who:
* Recently implemented a homebrew cookie authentication scheme
* Needlessly re-invented an insecure cookie authentication scheme
* Cannot require users to have of secure physical tokens, browser
plugins, or SSL client certificates without losing Web site patrons
* Are financial institutions offering online account access
* Rely on co-located Web servers to authenticate users
* Sell access-controlled Web content
* Personalize content
* Cope with multiple interacting (incompatible?) security systems for
user authentication
* Care about privacy of personalized Web services
* Have other gripes about user authentication on the Web
Who: The MIT Cookie Eaters <http://pdos.lcs.mit.edu/cookies/> and you
What: Improving the security of user authentication on the Web
Why: To discuss methods and best practices to improve the security of
user authentication, especially with respect to cookie
authenticators and session IDs.
Where: USENIX Annual Technical Conference
<http://www.usenix.org/events/usenix02/>;
Doubletree Hotel, Bonsai 2 Room; Monterey, CA
When: Thursday, June 13, 2002 6-7pm
Feel free to redistribute this email in any forum you feel is
appropriate.
--------
Kevin E. Fu (fubob@mit.edu)
----- End forwarded message -----
--
Elias Levy
SecurityFocus
http://www.securityfocus.com/
Si vis pacem, para bellum
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic