Check out the new USENIX Web site.
 1998 USENIX Annual Technical Conference - June 15-19, 1998 - Marriott Hotel, New Orleans, Louisiana
Jump to Conference Home Page Jump to Registration Information
Table of Contents
M10   Security Around the World Wide Web  Updated
Daniel Geer, CertCo, LLC, and
Jon Rochlis, SystemExperts Corp.

Who should attend: Anyone responsible for running a Web site who wants to understand the tradeoffs in making it secure. Anyone seeking to understand how the Web is likely to be secured. Anyone responsible for systems where the browser is becoming the universal client.

The World WideWeb is perhaps the most important enabler (so far) of electronic commerce and the long-predicted information economy. Because it "just happened," its initial design gave little or no thought to industrial strength security. Numerous proposals and products have surfaced to secure the Web. This course will survey them with the goal of understanding the strengths and weaknesses of each.

Topics will include:

-    Fast, tight review of network security

-    How commomplace Web technology works out of the box

-    Architectural alternatives for security
*    Network stack insertion points for security: IPsec, SHTTP/SMIME, SSL/STLP, SET/PGP, etc.
*    Application approaches from the blunt to the subtle: BasicAuth, cookies, client certificates

-    Computational models and how they get serviced securely: JAVA/applets, helper apps, statefulness in a Web world, etc.

-    Where the money is
*    Payment protocols: Cybercash, Digicash, Open Market, First Virtual, SET, etc.
*    Operational assurance: Configuration, firewalls, replication, proxies, logging, etc.
*    Continuing education: Where to pay attention, how to help yourself

Dan Geer  is a vice president of CertCo, LLC, a market leader in digital certification for electronic commerce. He has a long history in network security and distributed computing management as an entrepreneur, consultant, teacher, and architect. He is a co-author of the Web Security Sourcebook. He is a member of the Board of Directors of the USENIX Association.

Jon Rochlis  (M10, T8is a senior consultant for SystemExperts which provides high level advice to businesses on network security, distributed systems design and management, high-availability, and electronic commerce. Before joining SystemExperts, Mr. Rochlis was engineering manager with BBN Planet, a major national Internet service provider.


Program at-a-Glance - Tutorials - Technical Program - Registration -
Birds-of-a-Feather - Conference Activities - Hotel & Travel Info - Conference Home
Conference Index
Events Calendar