Auflistung P264 - Open Identity Summit 2016 nach Erscheinungsdatum
1 - 10 von 17
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragWhat's in a name: the conflicting views of pseudonymisation under eidas and the general data protection regulation(2016) Tsakalakis, Niko; Stalla-Bourdillon, Sophie; O'hara, KieronPseudonymisation is gaining traction among modern electronic identification systems as a privacy enhancing technique that can significantly reduce risks of personal data misuse. The recently agreed General Data Protection Regulation (the GDPR) encourages the use of pseudonymisation to comply with its requirement of privacy-by-design. Art. 5 of the European Regulation on electronic identification and trust services (eIDAS) on data processing and protection simply allows the use of pseudonyms in electronic transactions although the facilitation of the implementation of the principle of privacy by design is clearly among the aims listed by Art. 12 of eIDAS. This paper examines the concept of pseudonymisation under eIDAS and the GDPR and suggests that the two Regulations employ two very different, if not incompatible, notions of pseudonymisation. It concludes that a common terminalogy and approach would be preferable in order to ensure consistency and legal certainty.
- KonferenzbeitragAn interdisciplinary approach to develop secure, usable and economically successful software(2016) Hofer, Janina; Sellung, RachelleSome argue that software developers of security solutions often neglect the importance of incorporating usability and socio-economic aspects and focus more on security and privacy aspects. However, it can be observed that many solutions are not accepted by both the users and the market, even though they are technically sophisticated. This work-in-progress paper proposes an interdisciplinary approach and a prospective supportive tool that guides the developer through the process, which is referred to as the Wizard. It consists of selected, carefully analyzed and edited methods and standards from the fields of (a) Usability and User Experience, (b) Socioeconomics, and (c) IT-Security and other disciplines. The Wizard proactively recommends various methods according to the status of the development and assists in their selection and application.
- KonferenzbeitragAligning ABAC policies with information security policies using controlled vocabulary(2016) Kuhlisch, Raik; Bittins, SörenAttribute-based Access Control (ABAC) policies are based on mutually processable policy attributes. Assigned permissions in such policies need to be reflected or combined with organisational constraints. Best practice in information security dictates having the operational need to access a particular information artifact independent from the function of the specific application systems. Consequently, any policy regulating the behaviour towards information access must adhere to a minimum degree of mutual semantic expressiveness to be combined and processed with the matching ABAC policy. We show how to detect policy attribute conflicts between ABAC policies and information access policies by means of controlled vocabulary and Semantic Web technologies.
- KonferenzbeitragFuturetrust - future trust services for trustworthy global transactions(2016) Hühnlein, Detlef; Frosch, Tilman; Schwenk, Joerg; Piswanger, Carl-Markus; Sel, Marc; Hühnlein, Tina; Wich, Tobias; Nemmert, Daniel; Lottes, René; Somorovsky, Juraj; Mladenov, Vladislav; Condovici, Cristina; Leitold, Herbert; Stalla-Bourdillon, Sophie; Tsakalakis, Niko; Eichholz, Jan; Kamm, Frank-Michael; Kühne, Andreas; Wabisch, Damian; Dean, Roger; Shamah, Jon; Kapanadze, Mikheil; Ponte, Nuno; Martins, Jose; Portela, Renato; Karabat, Çağatay; Stojičić, Snežana; Nedeljkovic, Slobodan; Bouckaert, Vincent; Defays, Alexandre; Anderson, Bruce; Jonas, Michael; Hermanns, Christina; Schubert, Thomas; Wegener, Dirk; Sazonov, AlexanderAgainst the background of the regulation 2014/910/EU [EU1] on electronic identification (eID) and trusted services for electronic transactions in the internal market (eIDAS), the FutureTrust project, which is funded within the EU Framework Programme for Research and Innovation (Horizon 2020) under Grant Agreement No. 700542, aims at supporting the practical implementation of the regulation in Europe and beyond. For this purpose, the FutureTrust project will address the need for globally interoperable solutions through basic research with respect to the foundations of trust and trustworthiness, actively support the standardisation process in relevant areas, and provide Open Source software components and trustworthy services which will ease the use of eID and electronic signature technology in real world applications. The FutureTrust project will extend the existing European Trust Service Status List (TSL) infrastructure towards a “Global Trust List”, develop a comprehensive Open Source Validation Service as well as a scalable Preservation Service for electronic signatures and seals. Furthermore it will provide components for the eID-based application for qualified certificates across borders, and for the trustworthy creation of remote signatures and seals in a mobile environment. The present contribution provides an overview of the FutureTrust project and invites further stakeholders to actively participate as associated partners and contribute to the development of future trust services for trustworthy global transactions.
- KonferenzbeitragAn eid mechanism built along privacy by design principles using secure elements, pseudonyms and attributes(2016) Pinkas, DenisThis eID mechanism has been built taking into consideration Privacy by Design principles. It uses some of the basic principles of the FIDO model (Fast Identification On-line) adding certain constraints and extending the model to push user attributes. It allows a user to open an anonymous account on a server using a random pseudonym and then to push one or more attributes contained in an access token that has been obtained from an Attribute Issuer. In order to prevent the forwarding of an access token between collaborative users, a Secure Element must be used. That Secure Element shall conform to specific requirements, e.g. defined using a Protection Profile. This eID mechanism will be worldwide usable as soon as the providers of such Secure Elements publish information that can verify the genuineness of these secure elements.
- KonferenzbeitragChallenging eID \& eIDAS at University Management(2016) Strack, Hermann; Wefel, SandroBased on national eID solutions for university scenarios, in this paper eIDAS extensions will be discussed, with benefits and Challenges (from eID to eIDAS)
- KonferenzbeitragOne mobile ID to secure physical and digital identity(2016) Terbu, Oliver; Vogl, Stefan; Zehetbauer, SebastianIn this paper a mobile ID solution called My Identity App (MIA) is shown that combines traditional printed ID documents and electronic identities (eID) into a platform independent smartphone app embedded in an ID ecosystem. MIA aims for transparent identification and authentication in the physical and digital world while security, privacy, data protection, usability and user trust are at equilibrium. Security is built upon secure processes rather than hardware like secure elements, thus providing the fundament for broad adoption including technically challenged people. Scaleable architecture, standard future-proven technologies like OpenID Connect and FIDO authentication build the framework for secure, failsafe and large deployments.
- KonferenzbeitragArchitecture for controlled credential issuance enhanced with single sign-on (ACCESSO)(2016) Nemmert, Daniel; Hühnlein, Detlef; Wich, Tobias; Hühnlein, TinaAs more than half of the EU Member States already have rolled out electronic identity cards (eIDs) [Le13], it seems to be a rewarding approach to investigate whether and how eIDs may be used for the purpose of controlling the log-on process for operating systems and similar local access control facilities. While this paper shows that all currently rolled out eIDs may be used for such access control purposes, our investigation also reveals that for some types of eIDs it is significantly harder to support this kind of use case.
- KonferenzbeitragRisk-centred role engineering within identity data audits - continuous improvement of the rights structure and possible risk accumulations(2016) Kurowski, SebastianSuccess and costs of audits in identity management largely depend on the structure of the underlying access control model. Auditing access rights includes the determination of actuality and adequacy of provided access rights. In order to ease audit and administration of access rights, role mining approaches have provided several solutions for identifying a minimal set of roles based upon either existing usage data, or business data. However, these approaches have focused on homogeneous, static environments. When facing dynamic, heterogeneous environments, such as infrastructure administration or smart systems, the accompanied noise of access rights provisioning hinder the determination of adequacy and actuality of access rights. With application of static approaches, accumulation of access risks at users may arise due to inadequate access rights, or aggregation of access roles. These issues are however mostly neglected by current approaches. Within this contribution we propose a method based upon the design structure matrix approach, which enables the identification of role aggregations, and examination of access risk accumulation within aggregated roles, and their assigned users throughout continuous audits of the access control model.
- KonferenzbeitragPassword Policy Markup Language(2016) Horsch, Moritz; Schlipf, Mario; Haas, Stefan; Braun, Johannes; Buchmann, JohannesPassword-based authentication is the most widely used authentication scheme for granting access to user accounts on the Internet. Despite this, there exists no standard implementation of passwords by services. They have different password requirements as well as interfaces and procedures for login, password change, and password reset. This situation is very challenging for users and often leads to the choice of weak passwords and prevents security-conscious behavior. Furthermore, it prevents the development of applications that provide a fully-fledged assistance for users in securely generating and managing passwords. In this paper, we present a solution that bridges the gap between the different password implementations on the service-side and applications assisting users with their passwords on the client-side. First, we introduce the Password Policy Markup Language (PPML). It enables a uniformly specified Password Policy Description (PPD) for a services. A PPD describes the password requirements as well as password interfaces and procedures of a service and can be processed by applications. It enables applications to automatically (1) generate passwords in accordance with the password requirements of a service, (2) perform logins, (3) change passwords, and (4) reset passwords. Second, we present a prototypical password manager which uses PPDs and is capable of generating and completely managing passwords on behalf of users.