Principles & Standards for Secure Internet E-Commerce

Mark D. Wood, Eastman Kodak

Wednesday, January 22, 2003

Summary:  This interactive lecture discusses how to analyze the behavioral requirements of a complex software-intensive system and express those requirements with UML-based use cases.

Abstract:  Are you curious as to how "SSL" works and what "PKI" is? Do you wonder if the emerging Web Services paradigm can be trusted? Do you need to build, plan or understand Web-based electronic commerce? If so, then this presentation is for you. I will begin by discussing basic security principles: authentication, authorization, non-repudiation, data integrity and privacy. I will give a primer on general Internet security techniques, including public-key cryptography and the Secure Sockets Layer (SSL) protocol. In the last portion of this talk, I will focus on techniques for making Web services secure. New standards have recently been issued or proposed for securing XML-based interactions. XML Digital Signature provides an XML-based encoding for digital signatures; XML Encryption defines a mechanism for encrypting all or portions of an XML document. These specifications may be used directly with basic public-key infrastructure and SSL building blocks or used as components of new frameworks such as WS-Security. I will summarize by giving an example of how these technology pieces can be put together to provide secure e-commerce via Web services.

Biography:  Mark D. Wood leads a web and networking technologies group in Kodak's Research Labs, focusing on XML and security related technologies. He represents Kodak to the World Wide Web Consortium. Mark obtained a B.S. degree from the University of Vermont, and M.S. and Ph.D. degrees from Cornell University.

This announcement is available for download in PDF format:  Principles & Standards for Secure Internet E-Commerce.