[UKUUG Logo]
Copyright © 1995,1996,1997,1998,1999,2000 UKUUG Ltd.




13 & 14 December 1999

Queens' College, Cambridge

Programme & Speakers
some photos
Booking Form
Location & Travel
Index Page

Conference Programme

[2000-02-22: links have been added to slides/papers of the talks given]

Eddie Bleasdale, Netproject Ltd.
  Marketing Linux & Open Source
[slides/paper awaited]

The computer industry is bedevilled by too many people with the attitude 'no one got fired for buying the market leader.' This attitude is reinforced by the computer vendors and industry analysts. How should we go about educating those responsible for defining their organisations IT strategies that to achieve the stable, secure and reliable systems that Linux and Open Source technologies are essential for systems that enable e-business.

This presentation will examine the strengths, weaknesses, oportunities and threats of Linux and Open Source and will suggest ways of promoting its use within your organisation.

Aspassia Daskalopulu, The Open University

Towards a Formal Language for E-contracts


This paper presents a logic-based framework for representing pre-contractual messages exchanged between (at least) two parties. The paper argues that a formal language for such exchanges enables the manipulation of such messages within an e-commerce setting and the derivation of future behaviour for the parties.

Recent research has been concerned with the development of a formal language for business communication (FLBC) to facilitate electronic exchanges between parties engaging in trade relations. Messages exchanged between (at least) two parties are analysed and represented in first-order logic in terms of their content with a view to identify their primary function-for example, whether they are offers, acceptances to offers, promises, requests for services or goods, instructions for payment and so on. Such a representation of messages addresses their content rather than merely their structure and enables the development of further tools that might manipulate and respond to messages or analyse them to infer what actions are entailed for the parties of an exchange. Kimbrough has put forward a proposal for a formal language for business communication based on speech-act theory and event semantics.
This paper focuses on those exchanges between parties that result in contractual relations between them. Kimbrough‚s framework for FLBC is first explained. The paper then presents a number of extensions to his framework that are necessary in order to model pre-contractual exchanges adequately.

Andrew Findlay, Brunel University
  Secure Single Sign-on
[PostScript(12KB), PDF(24KB)]

The goal of each person having a single ID and password that gives access to all resources may seem rather distant in some organisations. Tales of staff having to juggle with ten or more IDs are quite common, yet other organisations get along fine with just one ID per person.
The whole problem gets much bigger when organisations start linking up their systems - staff may have IDs to access every trading partner! Some global system will eventually be required, but what can we do now?
This talk covers the basics of the Single Sign-On concept, maps out some routes that organisations can get started on straight away, and ends with some ideas about how a global system might eventually evolve.

Richard Francis, Manches Solicitors
  E-Commerce Law: Unsolicited Commercial E-Mail
[slides/paper awaited]

The UK Internet Industry's best current practice. LINX UBE BCP May '99. European Initiative: The European Coalition against Unsolicited Commercial EMail (EuroCAUCE). Civil Spam suits in the UK and US. Virgin Net Limited v A Paris; BiblioTech v Sam Khuri.

Shelagh J Gaskill, Masons Solicitors
  The Data Protection Act 1998
[PDF(283KB), slides]

The Data Protection Act 1998 is radically different from the Data Protection Act 1984. It is not just more of the same but provides for a brand new approach. No organisation, whether public sector or private sector (and however morally superior the motive) may process data any longer without finding a lawful justification under the Act for the processing. In addition if the organisation processes sensitive personal data it must also find a second lawful justification for that processing as well. The impact of this requirement on the public sector cannot be underestimated. The new Data Protection Act abolishes the concept of Crown prerogative in respect of processing. Processing is defined so widely as to include writing somebody’s name and address down on a piece a paper with a pencil, especially now that certain manual files are included within the ambit of the Act. Although the Act contains the usual provisions for payment of compensation to individuals for breach of the Act or fines for regulatory breaches, these are not the real sanctions. Failure to comply with the requirement to justify all processing and to give individuals comprehensive data protection notices will render all data unusable. This is the real sanction. For wholly computerised organisations there will be thirty five IT systems implications arising out of the new Act.

Philip Hazel, University of Cambridge


Exim & PCRE: How Free Software Hijacked my Life

[PostScript(20KB), PDF(33KB)]

The talk will discuss why Exim and PCRE got written, how they came to be released as free software, and some of the problems encountered.

Exim (a Message Transfer Agent for Unix) and PCRE (a Perl-Compatible Regular Expression library) were written to fill local needs, but escaped into the wider world as a result of word-of-mouth publicity.
Exim was written to replace Smail 3 with something similar but with more features, and PCRE was written to use in Exim instead of the 1986 Henry Spencer library, though it is entirely freestanding and is now used in many other programs. So far, development of both of them has remained entirely under my control, which has both advantages and disadvantages.
The main technical problems have been in the differences between the various operating systems on which Exim runs and in finding ways of effectively testing an MTA. Finding time to provide effective documentation and other help for those less-experienced people who are now running MTAs has also been difficult.
There are a number of things that have been re-thought during the development of Exim, and there are several things I would do differently if I were starting again, but on the whole it has been a great experience.

Stuart McRobert, Imperial College
  Migration to Gigabit Ethernet - How? and Why?

Experiences of moving from shared 10 Mbit Ethernet backbones to Gigabit Ethernet with wire speed Layer 2 switching and Layer 3 IP routing - benefits etc.

Alec Muffett, Sun Microsystems

SENSS "Bruce", a Java-based Security Auditing Framework

[PDF(665KB)] http://www.sun.com/software/communitysource/senss/

"SENSS Bruce" is a new security tool, being made available for free download (and most forms of use) by Sun Microsystems, under the terms of the Sun Community Source License.

Bruce provides a high-integrity, highly-trustworthy, hierarchical and scalable framework for pro-active security/integrity checking on an network-wide basis; this technical presentation will describe Bruce's functionality, and discuss the benefits and weaknesses of Java (the Bruce implementation language) when used as a language for writing systems tools.
Martin Poole

LSSD - The Linux Secure Server Distribution


LSSD (Linux Secure Server Distribution) is a unix distribution which can be used as a known safe platform on which host network based applications in both simple and complex network architectures.

LSSD is an attempt to create a unix distribution which can be used as a known safe platform on which host network based applications. Founded on the observation that most security approaches are based on the subtractive principle, (make sure this doesn't run, make sure the permissions on this are set up like so), the distribution was developed with the aim of providing only those utilities and facilities that allow correct booting, administration and maintenance.
The basic platform is a reduced set of core utilities which allow the system to boot, configure the network connection and the provide secure remote access for administration. The second element of the distribution is the provision of a selection of the most common applications in a format that provides the most obvious best-working-practice configuration.
The talk will examine the design philosophy that was used and the decisions that occurred during the life of the distribution so far. It will also examine exactly how it has been deployed in a number of private and commercial situations and how these have affected the distribution and suggested other tools which provide solutions for interesting problems.

Robert Zimmer, Brunel University
  Modelling E-Commerce
Using Model Checking to Debug and Verify Electronic Trade Protocols

Model checking is a semi-automated formal verification technique that has proved to be remarkably successful in verifying and debugging micro-electronic (and software) designs. In this paper, it is shown (using a case study) how model checking can be applied to e-commerce, providing assurances of safety of trade procedures and protocols before they are put into practice.

Safe and effective use of business-to-business electronic commerce requires that the trade procedures and expectations of the companies involved in an exchange be well understood and modelled. This modelling will allow possible conflicts to be discovered and resolved in negotiation, before they occur in practice. Over the last several years, a technique called model checking has proved remarkably successful in doing exactly this kind of reasoning about micro-electronic hardware (and software) design. For example, we have used model checking to find bugs in published circuit designs; and model checking has been used to find errors in cache coherence protocols for multiprocessors. In this paper, we argue that the same techniques are applicable to inter-organisational electronic commerce, and that, in fact, some microelectronic design debugging and verification software-interacting Petri net systems and model checkers-can be used to debug and verify trade procedures. We believe this can lead to safer and more powerful forms of electronic interaction in a commercial setting, as it has in an electronic design setting. In this paper, a case study is carried out in an attempt to spread this belief.

E-mail specific conference queries to winter99@ukuug.org

E-mail booking queries to the UKUUG Office

Tuesday, 22-Feb-2000 00:00:00 GMT
Tel: 01763 273 475
Fax: 01763 273 255
Web: Webmaster
Queries: Ask Here
Join UKUUG Today!

UKUUG Secretariat