Tim Moses

Tim Moses is the Senior Director of the Advanced Security Technology group at Entrust Inc., where he is responsible for Entrust’s research and standards activities. He holds BSc and PhD degrees in electronic engineering and has over 30 years experience in industry. He has worked in the field of information security, in both product design and consulting capacities, for the past twenty years. His current research interests include enhancing the trustworthiness of SSL, for which he is the chair of the CA/Browser Forum, and risk-based authentication frameworks. Recently, he was the editor of the XACML policy language standard for access control, for which he developed a security negotiation technique for service-oriented architectures. He has also been involved in the development of standards for electronic passports. The team under Dr Moses> direction participates in the leading industry forums where standards for interoperability of large-scale identity, authorization, security and privacy management systems are defined. These include ANSI, IETF, ITU, OASIS, OATH and others. 1st Day Presentation: PKI: A Status Report Public-key technology was first applied to the Internet-scale authentication problem in the mid-90s. From the outset, two main branches of the technology were pursued. The first addressed the needs of e-commerce on the Web, and used trust-third-parties and browser software to secure on-line credit-card purchases. The second addressed the needs of enterprise authentication for email, remote access and other applications. These two branches developed along different lines making different technological choices. Now, with the importance of the browser as a client environment both inside and outside the enterprise, the two PKI branches are converging. And, the different technological choices they made have become obvious and an obstacle to progress. This talk examines the differences in technological approach taken by the two mainstream PKI models and the difficulties that have emerged as they converge. The speaker speculates about how the industry will overcome those obstacles. 2nd Day Presentation: Access-control for Biometric Authentication Data Carried in Electronic Passports Countries around the world are investing to improve the reliability of their travel documents. Perhaps the most significant development is the inclusion of a secure biometric template in electronic passports. Unique amongst authentication data, it is not possible to withdraw compromised biometric credentials. Therefore, disclosure of Eng. Fawaz Al Bassam Dr. Tim Moses 14 15 biometric data should be limited to trustworthy systems: systems that will use the data solely for the intended purpose and delete copies once they have been used. The European Union has developed a PKI authentication architecture that is uniquely suited to the requirements of biometric passports. This talk gives an overview of the architecture and summarizes the current state of implementation.