Auflistung P335 - Open Identity Summit 2023 nach Erscheinungsdatum
1 - 10 von 15
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragA shared responsibility model to support cross border and cross organizational federation on top of decentralized and self-sovereign identity: Architecture and first PoC(Open Identity Summit 2023, 2023) Kubach, Michael; Henderson, Isaac; Bithin, Alangot; Dimitrakos, Theo; Vargas, Juan; Winterstetter, Matthias; Krontiris, IoannisThis paper discusses the challenges of transitioning from legacy federated identity systems to emerging decentralized identity technologies based on self-sovereign identities (SSI) and verifiable credentials, which are being used in initiatives such as Gaia-X and Catena-X for secure and sovereign data sharing. The adoption of SSI and decentralized identity technologies requires a standardized reference model that addresses challenges around trust in cross-border and crossorganizational federations based on decentralized identities. To facilitate this transition, the paper proposes a new Fed2SSI architecture that introduces a middle layer of abstraction for the policybased transformation of credentials, enabling interoperability between legacy federated identity solutions and SSI/decentralized identity environments. The architecture is implemented in a prototype and an exemplary use case is presented to illustrate the added value of this approach.
- KonferenzbeitragEstablishing Trust in SSI Verifiers(Open Identity Summit 2023, 2023) Chadwick, David W.; Kubach, Michael; Sette, Ioram; Johnson Jeyakumar, Isaac HendersonWe present a conceptual model that enables a user/holder with a wallet holding W3C Verifiable Credentials (VCs) to determine if the verifier is trusted to conform to GDPR so that it might be given the user’s personal identifying information contained in their VCs. We describe the implementation of this model using the TRAIN trust infrastructure and how wallets might interoperate with verifiers using different trust infrastructures. This leverages the OIDC GAIN proof of concept network currently being built using the draft OIDC Federation specification. We briefly describe the experiments that we have undertaken to date and the research that is still outstanding
- KonferenzbeitragMANTRA: A Graph-based Unified Information Aggregation Foundation for Enhancing Cybersecurity Management in Critical Infrastructures(Open Identity Summit 2023, 2023) Fuxen, Philipp; Hackenberg, Rudolf; Heinl, Michael P.; Ross, Mirko; Roßnagel, Heiko; Schunck, Christian H.; Yahalom, RaphaelThe digitization of almost all sectors of life and the quickly growing complexity of interrelationships between actors in this digital world leads to a dramatically increasing attack surface regarding both direct and also indirect attacks over the supply chain. These supply chain attacks can have different characters, e.g., vulnerabilities and backdoors in hardware and software, illegitimate access by compromised service providers, or trust relationships to suppliers and customers exploited in the course of business email compromise. To address this challenge and create visibility along these supply chains, threat-related data needs to be rapidly exchanged and correlated over organizational borders. The publicly funded project MANTRA is meant to create a secure and resilient framework for real-time exchange of cyberattack patterns and automated, contextualized risk management. The novel graph-based approach provides benefits for automation regarding cybersecurity management, especially when it comes to prioriization of measures for risk reduction and during active defense against cyberattacks. In this paper, we outline MANTRA’s scope, objectives, envisioned scientific approach, and challenges.
- KonferenzbeitragLifting the Veil of Credential Usage in Organizations: A Taxonomy(Open Identity Summit 2023, 2023) Bochnia, Ricardo; Richter, Daniel; Anke, JürgenWith the emergence of self-sovereign identity (SSI) as a paradigm for digital identity management the handling of verifiable credentials (VCs) has become an important topic in organizations. Organizations process a wide variety of documents which can be considered credentials. Previous research shows that a challenge in developing SSI systems is a lack of understanding of the core aspects of the paradigm and their relation to existing organizational practices. Our research focuses on the different characteristics of credentials in organizations and maps the characteristics of VCs to physical credentials. Our findings indicate that credentials in organizations can be classified by ten dimensions. Additionally, VCs have many possible characteristics of physical credentials, althoughmplementation and support for certain features may be vendor-specific. Finally, we provide insights and suggestions for SSI researchers and developers.
- KonferenzbeitragPrivate Authentication with Alpha-Beta Privacy(Open Identity Summit 2023, 2023) Fernet, Laouen; Mödersheim, SebastianAlpha-beta privacy is a new approach for security protocols that aims to provide a logical and intuitive way of specifying privacy-type goals. Recently the tool noname was published that can automatically analyze specifications for a bounded number of sessions, but ships only with a few simple examples. This paper models two more complicated case studies, namely the ICAO 9303 BAC and the Privacy Authentication protocol by Abadi and Fournet, and applies the noname tool to analyze them, reproducing known vulnerabilities and verifying the corresponding fixes, as well as providing a better understanding of the privacy properties they provide
- KonferenzbeitragAnalysing user’s privacy preferences in smart-home environments with situational contexts(Open Identity Summit 2023, 2023) Ruff, Christopher; Benthien, Benedict; Orlowski, AlexanderDue to the increasing adoption of smart home devices and technologies, implications for privacy gain importance. In this paper, correlations between specific characteristics of people and their preferences regarding the activity status of components in smart home devices are investigated. In addition, said preferences are analysed for inherent patterns to assist people in their decisions by suggesting preferences, which often occur together. A special focus of this work is the differentiation of preferences according to situational contexts. An online survey was conducted, and the results were analysed. The results imply strong correlations within the preferences and differences in preferences across different contexts.
- KonferenzbeitragA more User-Friendly Digital Wallet? User Scenarios of a Future Wallet(Open Identity Summit 2023, 2023) Krauß, Anna-Magdalena; Kostic, Sandra; Sellung, Rachelle A.Identity wallets enable the management and use of digital identities and verification documents stored in one app. Users manage their data independently and decide for themselves which data they want to disclose for identification purposes. Recent research shows that current digital wallets face many usability problems, which makes it difficult for users to grasp their concept and how to use them. This paper presents an enhanced concept of a wallet, where its functionality is presented with user scenarios that have a user centric approach. The user scenarios illustrate a variety of possible uses of the wallet. For example, the new wallet concept envisions, how data can be transferred from one wallet to another person's wallet, how data can be managed by different people in one wallet, or how only individual pieces of information from credentials can be shared to maintain greater privacy for users.
- KonferenzbeitragX out of N Credential Requests using Presentation Exchange(Open Identity Summit 2023, 2023) Otto, Sarah; Meisel, MichaelSelf-sovereign identity (SSI) is a new management model for digital identities. Here, the exchange of so-called verifiable credentials - digitally signed pieces of (personal) data - is one of the main aspects of "using" such an identity. Therefore, one party called a verifier requests credentials from another one holding them. We note that the main problem is to find a way to formulate a credential request in such a way that the holding party can choose which credentials to be sent from a predefined pool. Using the Presentation Exchange specification in its current version 2.0.0 is the only way to achieve this directly. Finally, we describe a sample implementation that supports such a mechanism using this specification as part of DIDComm messages.
- KonferenzbeitragOpen Identity Summit 2023 - Complete proceedings(Open Identity Summit 2023, 2023) Chadwick, David W.; Kubach, Michael; Sette, Ioram; Johnson Jeyakumar, Isaac Henderson; Bochnia, Ricardo; Richter, Daniel; Anke, Jürgen; Sellung, Rachelle; Kubach, Michael; Otto, Sarah; Meisel, Michael; Fernet, Laouen; Mödersheim, Sebastian; Krauß, Anna-Magdalena; Kostic, Sandra; Sellung, Rachelle A.; Pöhn, Daniela; Grabatin, Michael; Hommel, Wolfgang; Kubach, Michael; Henderson, Isaac; Bithin, Alangot; Dimitrakos, Theo; Vargas, Juan; Winterstetter, Matthias; Krontiris, Ioannis; Schwalm, Steffen; Fuxen, Philipp; Hackenberg, Rudolf; Heinl, Michael P.; Ross, Mirko; Roßnagel, Heiko; Schunck, Christian H.; Yahalom, Raphael; Ruff, Christopher; Benthien, Benedict; Orlowski, Alexander; Astfalk, Stefanie; Schunck, Christian H.; Fritsch, Lothar; Fähnrich, Nicolas; Köster, Kevin; Renkel, Patrick; Huber, Richard; Menz, Nadja
- KonferenzbeitragElectronic identity mass compromize: Options for recovery(Open Identity Summit 2023, 2023) Fritsch, LotharA National Digital Identity Framework should be designed in a proactive manner, should focus on a resilience-oriented approach, and should be aimed at limiting the risks that may originate from identity data management [IT18]. What is the preparedness of digital identity providers for recovery from compromise that affects large numbers of identities? Failures or attacks may destroy authenticators, data or trust chains that are the foundations of large identity ecosystems. The re-issuance of digital identities, of authenticators or the re-enrollment of the user base should get planned as contingency measures. Important parameters will be recovery time, complexity of re-registering subjects, distribution of effort between certification authorities, registrars and relying parties, and the availability of alternative technologies and staff resources. The article will, based on a review of standards and requirements documents, present evidence for a shortage of recovery readiness that endangers relying parties and identity ecosystems. From a review of standards and practice, we extract recovery procedures as far as they are planned for.