Auflistung nach:
Auflistung Open Identity Summit nach Erscheinungsdatum
1 - 10 von 193
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragAn open source eID simulator(Open Identity Summit 2013, 2013) Funke, Holger; Senger, TobiasThe German BSI started a project for an open source eID simulator. It will allow a wide range of personalisation, is more flexible than real cards and is free to use.
- KonferenzbeitragCloud-based provisioning of qualified certificates for the German ID card(Open Identity Summit 2013, 2013) Selhorst, Marcel; Schwarz, CarstenIn November 2010 the German government introduced a new national ID card. The Bundesdruckerei GmbH was the responsible company for designing and producing the ID card including its highly sophisticated security features. Besides traditional means for visual identification, the card contains a wireless smartcard chip enabling online usage of the ID card. Thus citizens are now able to prove their identity, age or place of residence to an online service provider, e.g., through a web application. Additionally, the chip contains an inactive application for the generation of digital signatures based on elliptic curve cryptography (ECDSA) which - upon activation - can be used to digitally sign electronic documents (online as well as offline). The Bundesdruckerei GmbH is currently the only party able to perform online post-issuance personalization of qualified electronic signature certificates on the ID card. In order to do so, a new web application called “sign-me”1 has been developed enabling citizens to activate the signature application on the ID card. In order to diminish the technical challenges for the citizens, “sign-me” takes over the required steps of performing the required online identification of the citizen according to the German signature law by using the eID-application provided by the new ID card, generating a fresh signature key pair on the ID card, exporting the according public key to the certificate service provider “D-TRUST GmbH”, the trustcenter of the Bundesdruckerei GmbH, which is then responsible for binding the citizen's identity to the generated signature key pair by issuing the according X.509-certificate, and finally storing the issued qualified certificate on the citizen's ID card. This invited talk briefly introduces the German eID system and focuses on the organizational process as well as the infrastructure required for secure online issuance and management of the certificates. We will introduce the “sign-me” web application and show how citizens can activate the signature application on their ID card, how quickly it is possible to issue and store a qualified certificate on the ID card and how it can be used to finally sign documents. An outlook on envisioned further extensions of “sign-me” concludes the presentation.
- KonferenzbeitragA Novel Set of Measures against Insider Attacks – Sealed Cloud(Open Identity Summit 2013, 2013) Jäger, Hubert; Monitzer, Arnold; Rieken, Ralf; Ernst, EdmundSecurity and privacy have turned out to be major challenges of the further Internet evolution in general and cloud computing, in particular. This paper proposes a novel approach to safeguard against previously unimpeded insider attacks, referred to as Sealed Cloud. A canonical set of technical measures is described, which, in conjunction, sufficiently complicate and thus economically prevent insider access to unencrypted data. This paper shows the advantages versus end-to-end encryption relative to communication services. Another application of the Sealed Cloud, referred to as Sealed Freeze, provides a seminal solution to privacy issues pertaining to data retention.
- KonferenzbeitragPassword Management through PWM(Open Identity Summit 2013, 2013) Pieters, MennoThere have been many initiatives around open source identity and access management, federated authentication standards and products for the web. All of these products and standards require a user store with credential information. Most often this is an LDAP directory. The most common type of credentials still is the combination of a username and a password. Even though passwords have downsides and many alternatives to passwords exist [QRP], passwords are still here and probably will be for a long time. Passwords are forgotten and lost or expire due to password policies, requiring actions to reset or update passwords. People forgetting or losing their passwords is not just a problem for the people themselves, but also for your organization. Lost passwords result in cost and risk for your organization. A password management system can help reducing these risks and cost. PWM is a feature rich password management web application for LDAP, written in Java and JavaScript and published under the GNU GPLv2 license. PWM can help your organization by providing end user self service and supporting help desks in assisting their end users. The product has many features, including those that allow for better verification of the user’s identity, enforcing secure password and detect brute force attacks. The version currently under development has many new and useful features and lots of improvements. The presentation will show a short history of PWM and demonstrate how PWM’s rich featureset can help your organization improving password management.
- KonferenzbeitragService providers' requirements for eID solutions: Empirical evidence from the leisure sector(Open Identity Summit 2013, 2013) Kubach, Michael; Roßnagel, Heiko; Sellung, RachelleAlthough eID technology has undergone several development cycles and eID have been issued to citizens of various European countries, it is still not as broadly used as originally expected. One reason is the absence of compelling use cases besides eGovernment. Current Research focuses mainly on the needs of the user and technical aspects. The economic perspective is often disregarded. This is especially the case for the service providers that play a fundamental role in the adoption of the technology. The requirements of these stakeholders certainly have to be considered in the development of viable business models. So far, however, little empirical evidence on these requirements exists. We therefore performed a survey-based empirical analysis in two industries from the leisure sector to gain first insights into this topic. Results show that the service providers in our sample don't see a pressing need to change their currently used authentication method. However, they think that certain eID features could be valuable for their services. Our analysis of the hurdles showed that there is no ultimate reason that keeps service providers from implementing the eID technology.
- KonferenzbeitragThe eID-Terminology Work of FutureID(Open Identity Summit 2013, 2013) Bruegger, Bud P.; Müller, Moritz-ChristianThe paper reports on the experience of the FutureID project in the creation and use of an eID terminology so far. A major part of work has reviewed the state of the art in eID Terminologies. Five existing terminologies have been compared and analyzed in detail to yield unexpected and surprising results. On this basis, FutureID has designed its approach for creation and use of an eID terminology that is currently being implemented in the project. It is hoped that the terminology, its approach, and the related infrastructure will constitute a general community resource, well beyond the scope and duration of the project.1 Section heading
- KonferenzbeitragUsing Trusted Execution Environments in Two-factor Authentication: comparing approaches(Open Identity Summit 2013, 2013) Rijswijk-Deij, Roland van; Poll, ErikClassic two-factor authentication has been around for a long time and has enjoyed success in certain markets (such as the corporate and the banking environment). A reason for this success are the strong security properties, particularly where user interaction is concerned. These properties hinge on a security token being a physically separate device. This paper investigates whether Trusted Execution Environments (TEE) can be used to achieve a comparable level of security without the need to have a separate device. To do this, we introduce a model that shows the security properties of user interaction in two-factor authentication. The model is used to examine two TEE technologies, Intel's IPT and ARM TrustZone, revealing that, although it is possible to get close to classic two-factor authentication in terms of user interaction security, both technologies have distinct drawbacks. The model also clearly shows an open problem shared by many TEEs: how to prove to the user that they are dealing with a trusted application when trusted and untrusted applications share the same display.
- KonferenzbeitragApproaches and challenges for a single sign-on enabled extranet using Jasig CAS.(Open Identity Summit 2013, 2013) Holzschuher, Florian; Peinl, RenéIn this paper we describe our experiences with setting up a single signon enabled intranet with open source software and then making it accessible over the internet using a reverse proxy. During this process, we encounter several issues. We describe those, discuss possible solutions and present our final setup.
- KonferenzbeitragUpcoming specifications from the openID Foundation(Open Identity Summit 2013, 2013) Biering, Henrik; Nennker, AxelThe OpenID Foundation (OIDF), is an international non-profit organization of individuals and companies committed to enabling, promoting and protecting OpenID technologies. Currently OIDF is finalizing the third generation of OpenID Single Sign-On protocols under the brand name ”OpenID Connect”. In parallel with this effort OIDF has also launched Working Groups for solving other problems that arise when users interact with an ecosystem of interoperable service providers rather than a single service provider. The presentation will cover the status, features, and benefits of OpenID Connect, Account Chooser, and the Backplane Protocol supplemented by feedback collected from various stakeholder groups.
- KonferenzbeitragUnlinkability Support in a Decentralised, Multiple-identity Social Network(Open Identity Summit 2013, 2013) Thiel, Simon; Hermann, Fabian; Heupel, Marcel; Bourimi, MohamedProviding support for unlinkability in a decentralized, multiple-identity social network is a complex task, which requires concepts and solutions on the technical as well as on the user-interface level. Reflecting these diverse levels of an application, this paper presents three scenarios to impede the linkability of multiple identities in decentralized social networking. Solutions cover a communication infrastructure which allows referencing to multiple identities; analysis of user content and sharing history to present linkability warnings; and user interface means allow for a privacy-ensuring management of partial identities. The di.me userware research prototype of the EU FP7 funded digital.me (di.me) is introduced to show the integration of the solutions accordingly.