Final summary report on enterprise security

This report summarizes the Enterprise Security Workshop. Mainly, the emphasis of this workshop was on public key infrastructure and authorization: current practice and future trends. The workshop was divided into panels, paper presentations, and discussion groups. Two panels were organized: the first was on Authorization and Enterprise Security Policy, and the second was on PKI and Future Trends. Panelists and participants came from a wide variety of backgrounds, ranging from researcher (Founder and manager of Security Research Group at Sun Lab, IBM Watson), PKI vendor (Marketing director of Baltimore Technologies), independent developer (VP of engineering of XETI and VP of marketing at Coastek), government (DoD), industry (HP, FujiXerox, Oracle, Sun), as well as various universities. The panelists and presenters offered different views of the current status and vision for the future of PKI and enterprise security issues. A few questions that generated some controversy are worth pointing out: (1) whether PKI can be purchased as packaged software or must it be built from within the organization? (2) What is the killer application for PKI? (3) Can authentication and authorization be separated? (4) Technical merit Vs business needs. This report is aimed at summarizing the Workshop rather than offering any suggestions one way or another with respect to the above questions.