As the Web becomes increasingly a focal point for economic and social activity, there is an urgent need for trustworthy, widely-applicable digital identity management. This includes the need for authentication and authorization to work across multiple web-sites, enterprises, devices, and browsers in a uniform and easy-to-use manner. For critical enterprise activity, effective government engagement, and sensitive social information accessed over the Web, a higher level of identity assurance, privacy protection, and security is required beyond simple username/password combinations. To address many of these issues, digital identity should become a core part of Web architecture, enabled by a combination of server and client-side solutions. Achieving this vision, however, requires addressing numerous technical, operational, policy, and legal issues. This workshop's purpose is to consider how the intersection of those issues with the use of browser technology can lead to this vision.
Many approaches to managing digital identity, such as SAML and OpenID, have been deployed without requiring special-purpose technology on the browser client. There is, however, a general understanding within the technical community that client-side mechanisms working together with the server will improve usability, security, and trust. Ideally, effective identity authentication and authorization shouldn't be tied to a single browser, but be capable of being switched across multiple devices such as phones and desktops in a privacy-respecting manner. At the same time, it would need to provide a level of assurance high enough to be suitable for use in financial, healthcare, and government-grade applications. Implementing digital identity technologies of this sort is an effort that crosses the boundary between server and client. Rather than starting from a blank slate, any new work should compliment existing technologies while enhancing usability, privacy, and security.
This workshop will investigate strategies to facilitate the development and deployment of improved identity authentication and authorization technologies across the Web. Solutions to be explored are effective enhancements to Web browsers that lead to trustworthy benefits that can be realized in the near term. Also included in the workshop will be explorations into the operational, policy, and legal issues that must be addressed by the solutions. Results from this workshop will provide input to existing and possible future co-ordination and standardization work at W3C. Among the relevant W3C Working Groups interested in this work include:
The workshop is attracting a broad set of stakeholders, including implementers of browsers, user-interface designers, as well as developers and operators of Web applications that rely on digital identities. Also participating are digital identity experts focused on legal, policy, privacy, and security considerations. The workshop will feature presentations of key ideas and from implementers, while also reserving significant time for effective open-space discussion with participants.
All participants are required to submit a position paper via Easychair by April 22nd 2011. W3C membership is not required to participate in this workshop.
Topics for position papers may include, but are not limited to:
The total number of participants will be limited. To ensure diversity, a limit might be imposed on the maximum number of participants per organization.
Instructions for how to register will be sent to submitters of accepted position papers. These instructions will also indicate a possible limit on the maximum number of participants per organization.
Workshop sessions and documents will be in English. Position papers, presentations, minutes and the workshop report will be public.
There is no fee to participate.
To help the organizers plan the workshop: If you wish to participate, please as soon as possible send a message to hha...@w3.org with a short (one paragraph) "expression of interest" stating:
Note: Sending that expression of interest does not mean that you registered for the workshop. It is still necessary to send a position paper (see below).
You paper must meet the following criteria:
Based on a review of all submitted position papers, the Program Committee will select the most relevant and invite the submitters of those papers to the Workshop. From among all accepted papers, the program committee will choose a small number of papers judged most appropriate for fostering discussion, and ask the authors of those papers to give short presentations about them at the Workshop. After the workshop, those presentations will then be published on the workshop home page. However, the primary focus of the workshop will not be on presentations, but on open discussion and consensus on future directions for identity in the browser.
|March 21st 2011||Call for Participation issued|
|April 22nd 2011||Deadline for position papers|
|May 9th 2010||Program released|
|May 16th 2011||Deadline for registration|
|May 24-25th 2011||Workshop|
Workshop sessions and documents will be in English.
The Workshop will be hosted in Mountain View by the Mozilla Foundation. More detailed venue information will be made available in due course.