Entrust Technologies, Inc.

Entrust's objective is to maintain and enhance its position as the leading  provider of comprehensive PKI solutions. The strategy to achieve this objective include the following:
MAINTAIN PRODUCT LEADERSHIP.  The Company's technological leadership is attributable in large part to its research and development team, which includes researchers with international reputations in their fields. The Company intends to maintain and enhance its technological leadership in the PKI solutions market by continuing to invest in product research and development, to extend the functionality and interoperability of its products, and to participate actively in industry standards-setting organizations.
TARGET VERTICAL MARKETS OFFERING BROAD DEPLOYMENT OPPORTUNITIES.  The Company targets organizations in the government, finance, health care, telecommunications and large manufacturing sectors, which have thousands of customers, subscribers and service recipients who will, directly or indirectly, benefit from the secure communications and transactions enabled by the Company's PKI solution.

Proposal: XML Access Control

As more and more information is made available in eXtensible Markup Language (XML) format, both on corporate Intranets and on the global Internet, concerns are being raised by developers and end-users about XML security problems. Early research work about XML was not directly related to access control and security, because XML was initially introduced as a data format for documents; therefore, many researchers assumed well-known techniques for securing documents to be straightforwardly applicable to XML data. But the way XML is being positioned has caused some to question if additional measures will be necessary.

For example, applications may want to control the distribution of documents from Web sites by only providing the information users are allowed to see, out of dynamically generated XML documents. However, different users may well have different interests or access authorizations, and XML enabled servers will need to know which data each user should get, at a finer level of granularity than whole documents. In other words, some applications will need to block or allow access to entire XML instances, while others will control access at the tag level. The control residing at the tag level is particularly important in the view of wider use of the XLink and XPointer standards, which enable applications to retrieve portions of documents. Indeed, a clean model for dynamic access control with granularity control is needed to allow XML documents to link against arbitrary XML chunks. It is interesting to remark that the same observation applies to authentication and encryption-based techniques, that naturally complement access control. With authentication, the server will know what information can be sent to the user based on that user's identity or certified property (e.g., group membership), whereas encryption will only let users with adequate decryption keys see the message. Therefore, XML security should support the entire range of coarse to fine grain granularity.

Resources for Students

Most of this project will be conducted at Entrust's offices in Manhattan; we may also use some resources belonging to students and at the Projects course lab in NYU's CAT center, 715 Broadway, 12th floor.
TBD - XML references

Intern Address

Entrust's office near 34th street and 6th Ave.  Some in projects course lab in NYU's CAT center.

Authorizing manager

Alex Berson
VP / CTO Portal Technologies & Applications
Entrust Technologies
Office: 408-222-7800 ext 7725
Direct: 732-967-9188

Project Managers

Marco Fanti, Marco.Fanti@entrust.com
W: 973-537-9539; Cell:  973-713-5657