Logo des Repositoriums

P264 - Open Identity Summit 2016

https://dl.gi.de/handle/20.500.12116/21000
Auflistung nach:

Auflistung P264 - Open Identity Summit 2016 nach Erscheinungsdatum

Zu einem Punkt im Index springen:
1 - 10 von 17
  • Editiertes Buch
  • Konferenzbeitrag
    Non-technical challenges of building ecosystems for trustable smart assistants in the Internet of things: A socioeconomic and legal perspective
    (2016) Kubach, Michael; Görwitz, Caterina; Hornung, Gerrit
    In this position paper, we present non-technical challenges that arise while building ecosystems for trustable smart assistants in the Internet of Things. Such non-technical challenges are often neglected in the development process of information systems, even though they are important elements for their success. Only if the assistants are technically effective and fit into the non-technical framework conditions of their application area (e.g. the market structure, stakeholder, liability, and data-protection requirements), they will be able to become successful innovations. We will support this argument in our position paper, focusing on the socioeconomic and legal perspective.
  • Konferenzbeitrag
    Towards a decentralized identity management ecosystem for Europe and beyond
    (2016) Bruegger, Bud P.; Roßnagel, Heiko
    The objective of the FutureID project was to build an identity management infrastructure for Europe in support of a single market of online services. This requires the availability and large-scale use of trusted and secure identities that replace current password credentials. In the FutureID concept the number and topology of intermediary components is not fixed and static. FutureID rather adopts an ecosystem-approach by creating a free market for identity intermediation services. This provides for the flexibility to: scale according to need, adapt to market needs, support special needs of market sectors including niche markets, adapt to established contractual relationships, and easily adapt to various possible business models that render the infrastructure sustainable. This paper summarizes the results from the 3 year EU-funded project.
  • Konferenzbeitrag
    Risk-centred role engineering within identity data audits - continuous improvement of the rights structure and possible risk accumulations
    (2016) Kurowski, Sebastian
    Success and costs of audits in identity management largely depend on the structure of the underlying access control model. Auditing access rights includes the determination of actuality and adequacy of provided access rights. In order to ease audit and administration of access rights, role mining approaches have provided several solutions for identifying a minimal set of roles based upon either existing usage data, or business data. However, these approaches have focused on homogeneous, static environments. When facing dynamic, heterogeneous environments, such as infrastructure administration or smart systems, the accompanied noise of access rights provisioning hinder the determination of adequacy and actuality of access rights. With application of static approaches, accumulation of access risks at users may arise due to inadequate access rights, or aggregation of access roles. These issues are however mostly neglected by current approaches. Within this contribution we propose a method based upon the design structure matrix approach, which enables the identification of role aggregations, and examination of access risk accumulation within aggregated roles, and their assigned users throughout continuous audits of the access control model.
  • Konferenzbeitrag
    Password Policy Markup Language
    (2016) Horsch, Moritz; Schlipf, Mario; Haas, Stefan; Braun, Johannes; Buchmann, Johannes
    Password-based authentication is the most widely used authentication scheme for granting access to user accounts on the Internet. Despite this, there exists no standard implementation of passwords by services. They have different password requirements as well as interfaces and procedures for login, password change, and password reset. This situation is very challenging for users and often leads to the choice of weak passwords and prevents security-conscious behavior. Furthermore, it prevents the development of applications that provide a fully-fledged assistance for users in securely generating and managing passwords. In this paper, we present a solution that bridges the gap between the different password implementations on the service-side and applications assisting users with their passwords on the client-side. First, we introduce the Password Policy Markup Language (PPML). It enables a uniformly specified Password Policy Description (PPD) for a services. A PPD describes the password requirements as well as password interfaces and procedures of a service and can be processed by applications. It enables applications to automatically (1) generate passwords in accordance with the password requirements of a service, (2) perform logins, (3) change passwords, and (4) reset passwords. Second, we present a prototypical password manager which uses PPDs and is capable of generating and completely managing passwords on behalf of users.
  • Konferenzbeitrag
    Identity mining vs identity discovering: a new approach
    (2016) Caruso, Costantina; Dimitri, Andrea; Mecella, Massimo
    The economy of an advanced country is, every day more, based on complex information systems and interconnected networks that made its cyberspace. Security in this cyberspace is an essential requirement. In Italy a national lab for Italian government has been constituted. In this framework identity and identity management systems has been studied. The depicted scenario defines new open questions and new challenges. In this paper we propose to deal with identity management in complex systems using analytical tools coming from anomaly detection for big data.
  • Konferenzbeitrag
    Public online services at the age of mydata: a new approach to personal data management in Finland
    (2016) Rissanen, Teemu
    MyData is a framework and model for a human-centric approach for managing and processing personal information in the context of online services. The MyData approach is based on the right of individuals to access all data collected about them in public and commercial records. The core principle driving the MyData effort is that individuals should be in control of their own data. The MyData approach aims at strengthening digital human rights while opening new opportunities for businesses to develop innovative personal data based services built on mutual trust and respect of digital privacy rights in a positive way. The Finnish Trust Network (FTN) is a circle of trust composing of nationally notified Identity Providers (IDP) and notified identity service Brokers. It is a technical and legal framework under which different notified IDP's are mandated to provide strong authentication services for Finnish citizens and residents that can access public online services in Finland, in compliance with the provisions of the eIDAS regulation. As a whole, the FTN and MyData networks offer a new platform for reorganising public online services for the 21st century.
  • Konferenzbeitrag
    Lightest - A lightweight infrastructure for global heterogeneous trust management
    (2016) Bruegger, Bud P.; Lipp, Peter
    LIGHTest is a project that is partially funded by the European Commission as an Innovation Action as part of the Horizon2020 program under grant agreement number 700321. LIGHTest`s objective is to create a Lightweight Infrastructure for Global Heterogeneous Trust management in support of an open Ecosystem of Stakeholders and Trust schemes. We show supported scenarios, motivate the necessity for global trust management and discuss related work. Then we present how LIGHTest addresses the challenges of global trust management, its reference architecture and the pilot applications.
  • Konferenzbeitrag
    One mobile ID to secure physical and digital identity
    (2016) Terbu, Oliver; Vogl, Stefan; Zehetbauer, Sebastian
    In this paper a mobile ID solution called My Identity App (MIA) is shown that combines traditional printed ID documents and electronic identities (eID) into a platform independent smartphone app embedded in an ID ecosystem. MIA aims for transparent identification and authentication in the physical and digital world while security, privacy, data protection, usability and user trust are at equilibrium. Security is built upon secure processes rather than hardware like secure elements, thus providing the fundament for broad adoption including technically challenged people. Scaleable architecture, standard future-proven technologies like OpenID Connect and FIDO authentication build the framework for secure, failsafe and large deployments.
  • Konferenzbeitrag
    Architecture for controlled credential issuance enhanced with single sign-on (ACCESSO)
    (2016) Nemmert, Daniel; Hühnlein, Detlef; Wich, Tobias; Hühnlein, Tina
    As more than half of the EU Member States already have rolled out electronic identity cards (eIDs) [Le13], it seems to be a rewarding approach to investigate whether and how eIDs may be used for the purpose of controlling the log-on process for operating systems and similar local access control facilities. While this paper shows that all currently rolled out eIDs may be used for such access control purposes, our investigation also reveals that for some types of eIDs it is significantly harder to support this kind of use case.