Auflistung P293 - Open Identity Summit 2019 nach Erscheinungsdatum
1 - 10 von 19
Treffer pro Seite
Sortieroptionen
- TextdokumenteIDAS eID & eSignature based Service Accounts at University environments for cross boarder/domain access(Open Identity Summit 2019, 2019) Strack, Hermann; Otto, Oliver; Klinner, Sebastian; Schmidt, AndréUniversity domain/scenario use cases based on eIDAS eID & eSignature extended user service accounts are implemented in the EU CEF projects TREATS and StudIES+, integrating hybrid ID concepts (legacy & eID). eNotar services will offer to integrate legacy binding in process and document flows, transfers to other areas are considered (Industry 4.0, ABAC).
- TextdokumentGTPL: A Graphical Trust Policy Language(Open Identity Summit 2019, 2019) Mödersheim, Sebastian Alexander; Ni, BihangWe present GTPL, a Graphical Trust Policy Language, as an easy-to-use interface for the Trust Policy Language TPL proposed by the LIGHTest project. GTPL uses a simple graphical representation where the central graphical metaphor is to consider the input like certificates or documents as forms and the policy author describes “what to look for” in these forms by putting constrains on the form’s fields. GTPL closes the gap between languages on a logical technical level such as TPL that require expertise to use, and interfaces like the LIGHTest Graphical-Layer that allow only for very basic patterns.
- TextdokumentBusiness Models for Open Digital Ecosystems of Trustable Assistants(Open Identity Summit 2019, 2019) Mihale-Wilson, Cristina; Kubach, MichaelDigital ecosystems (DEs) are self-organizing, robust and scalable environments where various stakeholders interact to solve complex problems. The idea of building digital ecosystems is not new. Thus, we can currently draw on an extensive body of literature on the topic. Although academics have addressed the technical and architectural challenges of building digital ecosystems as well as their desirability regarding innovativeness and privacy, research on how to ensure the economic viability and thus sustainability of such DEs remains scarce. In this study, we address this void in the literature and focus on the economic challenges of building open DE. We discuss this topic in the context of an open DE for trustable assistants in the Internet of Things (IoT) and vet the research question: “which are the business models an open DE must support to be economically viable?" Based on a structured research analysis we identify seven business models,which are most likely essential to the economic success of the analysed DE.
- TextdokumentSecurity Analysis of XAdES Validation in the CEF Digital Signature Services (DSS)(Open Identity Summit 2019, 2019) Engelbertz, Nils; Mladenov, Vladislav; Somorovsky, Juraj; Herring, David; Erinola, Nurullah; Schwenk, JörgWithin the European Union (EU), the eIDAS regulation sets legal boundaries for crossborder acceptance of Trust Services (TSs) such as Electronic Signatures. To facilitate compliant implementations, an open source software library to create and validate signed documents is provided by the eSignature building block of the Connecting Europe Facility (CEF). We systematically evaluated the validation logic of this library with regards to XML-based attacks. The discovered vulnerabilities allowed us to read server files and bypass XML Advanced Electronic Signature (XAdES) protections. The seriousness of the vulnerabilities shows that there is an urgent need for security best-practice documents and automatic security evaluation tools to support the development of security-relevant implementations.
- TextdokumentEnabling SMEs to comply with the complex new EU data protection regulation(Open Identity Summit 2019, 2019) Fähnrich, Nicolas; Kubach, MichaelThe European General Data Protection Regulation (GDPR) introduces privacy requirements that pose a complex challenge especially for small and medium sized enterprises (SMEs). In this paper, we present a software-supported process model developed by us that helps SMEs to establish processes ensuring the rights of the data subjects and prepare the documentation that is necessary to comply with the GDPR. Three small case studies illustrate the work with the process model and lessons learned from these practical applications of our tool give further insights into the topic.
- TextdokumentAnonymization Is Dead – Long Live Privacy(Open Identity Summit 2019, 2019) Zibuschka, Jan; Kurowski, Sebastian; Roßnagel, Heiko; Schunck, Christian H.; Zimmermann, ChristianPrivacy is a multi-faceted, interdisciplinary concept, with varying meaning to different people and disciplines. To most researchers, anonymity ist he “holy grail” of privacy research, as it suggests that it may be possible to avoid personal information altogether. However, time and time again, anonymization has been shown to be infeasible. Even de-facto anonymity is hardly achievable using state-of-the-art cryptographic anonymization techniques. Furthermore, as there are inherent tensions between the privacy protection goals of confidentiality, availability, integrity, transparency, intervenability and unlinkability, failed attempts to achieve full anonymization may make it impossible to provide data-subjects with transparency and intervenability. This is highly problematic as such mechanisms are required by regulation such as the General Data Protection Regulation (GDPR). Therefore, we argue for a paradigm shift away from anonymization towards transparency, accountability, and intervenability.
- TextdokumentBlockchain-based consent manager for GDPR compliance(Open Identity Summit 2019, 2019) Vargas; Juan CamiloThe General Data Protection Regulation represents great challenges for companies. This paper proposes a model of consent management for personal data that uses blockchain technology to help address part of these challenges. On the one hand, the model aims to facilitate compliance with the regulation and offer an agile tool for consent control and interaction between data subjects, controllers and processors. On the other hand, it aims to offer data subjects a tool to assert their rights and get bigger control over their consents and indirectly over personal data. A proof of concept was developed using Hyperledger Fabric and allowed to identify the benefits and challenges of the model.
- TextdokumentOpen Identity Summit 2019(Open Identity Summit 2019, 2019) Roßnagel, Heiko; Wagner, Sven; Hühnlein, Detlef
- TextdokumentPolicy-based Access Control for the IoT and Smart Cities(Open Identity Summit 2019, 2019) Omolola, Olamide; More, Stefan; Fasllija, Edona; Wagner, Georg; Alber, LukasThe Internet of Things (IoT) can revolutionise the interaction between users and technology. This interaction generates sensitive and personal data. Therefore, access to the information they provide should be restricted to only authorised users. However, the limited storage and memory in IoT make it impractical to deploy traditional mechanisms to control access. In this paper, we propose a new access control mechanism based on trust policies adapted from LIGHTest. The proposed protocol also handles delegations in the IoT context elegantly. We provide the protocol overview and discuss its practical applications in the IoT environment.
- TextdokumentLet’s Revoke! Mitigating Revocation Equivocation by re-purposing the Certificate Transparency Log(Open Identity Summit 2019, 2019) Mueller, Tobias; Stübs, Marius; Federrath, HannesDistributing cryptographic keys and asserting their validity is a challenge for any system relying on such keys, for example the World Wide Web with HTTPS or OpenPGP encrypted email. When keys get stolen or compromised, it is desirable to shorten the time during which an attacker can decrypt or sign messages. This is usually achieved by revoking the affected certificates. We investigate the security requirements for distributing key revocations in the context of asynchronous decentralised messaging and analyse the status quo with respect to these requirements. We show that equivocation, integrity protection, and non-repudiation pose a challenge in today’s revocation distribution infrastructure. We find that a publicly verifiable append-only data structure serves our purpose and notice that operating such an infrastructure is expensive. We propose a revocation distribution scheme that fulfils our requirements. Our scheme uses the already existing Certificate Transparency (CT) logs of the WebPKI as a publicly verifiable append-only data structure for storing revocations through specially crafted TLS certificates. The security of our system largely stems from the properties of these CT logs. Additionally, we analyse the computational and bandwidth requirements of our scheme and show limitations of the protocol we propose.