Workshop Call for Position Papers W2SP 2007: Web 2.0 Security and Privacy 2007 Sponsored by the IEEE Technical Committee on Security and Privacy Held in conjunction with the 2007 IEEE Symposium on Security and Privacy Thursday, May 24, The Claremont Resort, Oakland, California The goal of this one day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and establishing new collaborations in these areas. Web 2.0 is about connecting people and amplifying the power of working together. The goal of connecting people is bringing together a broad range of technologies and social forces. We have witnessed a rapid proliferation of social computing web sites and content. This mixing of technology and social interaction is also occurring in the context of a wave of technologies supporting rapid development of these interpersonal interactions. Many of these new web technologies rely on the composition of content and services from multiple sources. On one end of the technology spectrum we have simple services such as blogs and wikis. However there are far more complex technology composition (mash-up) examples. The content composition trend is likely to continue. The lure is the promise of inexpensive and easy ways to compose software service and content. However, there are issues with respect to management of identities, reputation, privacy, anonymity, transient and long term relationships, and composition of function and content, both on the server side and inside the web browser. While the security and privacy issues are not new (many of these issues already exist with portal servers and browsers), the security issue is increasingly becoming acute as the technologies are adopted and adapted to appeal to a wider developer audience. Some of these technologies deliberately bypass existing security mechanisms. This workshop is intended to discuss the limitations of the current technologies and explore alternatives. The scope of W2SP 2007 includes, but is not limited to: -- Identity, privacy, reputation and anonymity -- End-to-end security architectures -- Security of content composition -- Security and privacy policy definition and modeling of content composition -- Provenance and governance -- Usable security and privacy models -- Static and dynamic analysis for security -- Security as a service Workshop Co-Chairs: oakland07-workshop@ieee-security.org Larry Koved, IBM T. J. Watson Research Center Dan Wallach, Rice University Program committee: Drew Dean (Yahoo) Simone Fischer-Hubner (Karlstad University) Larry Koved (IBM) Shriram Krishnamurthi (Brown University) John C. Mitchell (Stanford University) Alex Russell (DojoToolkit.org) Dan Wallach (Rice University) Helen Wang (Microsoft) Due to space limitations of the workshop venue registration is limited to 40 participants. While not required, potential workshop participants should submit a 1-2 page position statement on topics relevant to Web 2.0 security and privacy issues. This will help the workshop organizers organize the day around topics of common interest, and choose panels / papers to be presented. Should the workshop be oversubscribed, the program committee will strive to select participants in a way that is balanced between academia and industry, as well as across topics. The program committee will also select workshop position statements to appear on the workshop web site. Important dates: Position statement submission deadline: March 23, 2007 Workshop acceptance notification date: March 30, 2007 Workshop date: Thursday May 24, 2007 Workshop position statement submission web site: http://continue.cs.brown.edu/servlets/w2sp07/continue.ss Workshop registration will only be available via the