Logo des Repositoriums

Auflistung nach Autor:in "More, Stefan"

1 - 4 von 4
  • Konferenzbeitrag
    Adapting the TPL Trust Policy Language for a Self-Sovereign Identity World
    (Open Identity Summit 2021, 2021) Alber, Lukas; More, Stefan; Mödersheim, Sebastian; Schlichtkrull, Anders
    Trust policies enable the automated processing of trust decisions for electronic transactions. We consider the Trust Policy Language TPL of the LIGHTest project [Mö19] that was designed for businesses and organizations to formulate their trust policies. Using TPL, organizations can decide if and how they want to rely on existing trust schemes like Europe’s eIDAS or trust scheme translations endorsed by them. While the LIGHTest project is geared towards classical approaches like PKI-based trust infrastructures and X.509 certificates, novel concepts are on the rise: one example is the self-sovereign identity (SSI) model that enables users better control of their credentials, offers more privacy, and supports decentralized solutions. Since SSI is based on distributed ledger (DL) technology, it is a question of how TPL can be adapted so that organizations can continue to enjoy the benefits of flexible policy descriptions with automated evaluation at a very high level of reliability. Our contribution is a first step towards integrating SSI and the interaction with a DL into a Trust Policy Language. We discuss this on a more conceptual level and also show required TPL modifications. We demonstrate that we can integrate SSI concepts into TPL without changing the syntax and semantics of TPL itself and have to add new formats and introduce a new built-in predicate for interacting with the DL. Another advantage of this is that the “business logic” aspect of a policy does not need to change, enable re-use of existing policies with the new trust model.
  • Textdokument
    DNS-based Trust Scheme Publication and Discovery
    (Open Identity Summit 2019, 2019) Wagner, Georg; Wagner, Sven; More, Stefan; Hoffmann, Martin
    Trust infrastructures are at the heart of a digital world. Within those trust infrastructures, trust schemes play an important role and often represent legal or organizational entities. Right now, trust schemes are published in the form of lists. Those lists enumerate all the trust services and their level of assurance. Trusted discovery only works if the URI of the trust list is known to the verifying party. In this paper, we introduce a Trust Scheme Publication Authority for arbitrary trust schemes. Our approach uses the Domain Name System (DNS) and its security extensions (DNSSEC) to publish discovery data securely.
  • Textdokument
    Harmonizing Delegation Data Formats
    (Open Identity Summit 2017, 2017) Wagner, Georg; Omolola, Olamide; More, Stefan
    Delegations are an integral part of daily transactions. A delegation is the process of authorizing one entity to act on behalf of another. For the delegation to work, the claim that an entity is authorized to act on behalf of another entity needs to be verified. Verifying an analog delegation can be done by checking if the name of a user is on a list of authorized persons. In contrast, in electronic transactions the implementation of a delegation and its verification can be a difficult task. A user logging into a system or signing documents with an electronic signature involving a delegation may be required to show this delegation within the signature. This delegation needs to be discovered and verified during the transaction. Many solutions using eXtensible Markup Language (XML) have been proposed to represent delegations; unfortunately, most of these schemes are designed to be used for one specific domain. In this paper, we propose a delegation scheme that fills this gap by providing a general representation for delegation that can be easily extended to different domains.
  • Textdokument
    Policy-based Access Control for the IoT and Smart Cities
    (Open Identity Summit 2019, 2019) Omolola, Olamide; More, Stefan; Fasllija, Edona; Wagner, Georg; Alber, Lukas
    The Internet of Things (IoT) can revolutionise the interaction between users and technology. This interaction generates sensitive and personal data. Therefore, access to the information they provide should be restricted to only authorised users. However, the limited storage and memory in IoT make it impractical to deploy traditional mechanisms to control access. In this paper, we propose a new access control mechanism based on trust policies adapted from LIGHTest. The proposed protocol also handles delegations in the IoT context elegantly. We provide the protocol overview and discuss its practical applications in the IoT environment.