Auflistung P312 - Open Identity Summit 2021 nach Erscheinungsdatum
1 - 10 von 22
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragComplexities of Identity Provenance Metadata(Open Identity Summit 2021, 2021) Semančík, RadovanData provenance information is an important part of personal data protection mechanisms. However, capabilities of existing identity management systems are severely limited when it comes to maintaining and processing data provenance information. This paper describes an effort to design and implement capability to process provenance information in midPoint, an open source identity management and governance system. The solution used value metadata for the purposes of storage and processing of provenance information. Resulting prototype was fully integrated into midPoint code base. The solution dealt with all layers of provenance information processing, from data acquisition to user interface. The prototype uncovered a relation between provenance information and other metadata types, as well as potential use of provenance-enriched metadata in conjunction with data protection mechanisms.
- KonferenzbeitragWhy should they care? Conceptualizing the challenges of information security training(Open Identity Summit 2021, 2021) Kurowski, Sebastian; Cetin, Fatma; Fischer, RudolfMost organizations rely on individuals without or with little security knowledge to participate in information security tasks. Intending to enable them, information security trainings are usually used. But their effectiveness is debatable. In this contribution we combine descriptive analysis with the social systems theory and current literature on organizational learning and change management to conceptualize the challenges of information security training. We find that the challenges of security training are rooted within a basic dilemma of security: its value-promise (addressing of risks) is not suitable for communication within an organization. These findings are part of an ongoing research project on trainings for IoT security.
- KonferenzbeitragSelf-sovereign identity systems and European data protection regulations: an analysis of roles and responsibilities(Open Identity Summit 2021, 2021) Chomczyk Penedo, AndrésDecentralized identity systems have taken a key role in the identity management landscape. Self-sovereign identity management systems have promised to return control over identity to individuals. However, these promises still need to be assessed against the existing regulatory framework. As identity attributes can be considered personal data, rules such as the General Data Protection Regulation are applicable. The existing legal literature has still not delivered an analysis of who is a controller and who is a processor in the context of a self-sovereign identity system for the process of identity creation. As such, the purpose of this contribution is to tackle this challenge.
- KonferenzbeitragOn the Market for Self-Sovereign Identity: Structure and Stakeholders(Open Identity Summit 2021, 2021) Kubach, Michael; Sellung, RachelleFor SSI solutions to make a significant impact, they need to be designed to cater to the requirements of the market to be adopted. Therefore, this paper proposes a structure of the market for SSI solutions, analyses its stakeholders, and surveys its current state.
- KonferenzbeitragDecentralized Identities for Self-sovereign End-users (DISSENS)(Open Identity Summit 2021, 2021) Schanzenbach,Martin; Grothoff, Christian; Wenger, Hansjürg; Kaul, MaximilianThis paper describes a comprehensive architecture and reference implementation for privacy-preserving identity management that bucks the trend towards centralization present in contemporary proposals. DISSENS integrates a technology stack which combines privacy-friendly online payments with self-sovereign personal data management using a decentralized directory service. This enables users to be in complete control of their digital identity and personal information while at the same time being able to selectively share information necessary to easily use commercial services. Our pilot demonstrates the viability of a sustainable, user-centric, standards-compliant and accessible use case for public service employees and students in the domain of retail e-commerce. We leverage innovative technologies including self-sovereign identity, privacy credentials, and privacy-friendly digital payments in combination with established standards to provide easy-to-adapt templates for the integration of various scenarios and use cases.
- KonferenzbeitragRecords Management and Long-Term Preservation of Evidence in DLT(Open Identity Summit 2021, 2021) Kusber, Tomasz; Schwalm, Steffen; Dr. Korte, Ulrike; Schamburger, KalindaDLT improves decentralized business models and transactions from supply chain or cryptocurrencies to shared mobility, electronic registries or proof of origin. The planned enhancement of European Blockchain Service Infrastructure approximately 2021-2022 is expected to accelerate these developments based on a scalable, standardized framework. Like any infrastructure or IT-system used for business relevant transactions also in DLT is has to be possible to make decisions and processes evident against 3rd parties such as courts, auditors or regulative authorities. This leads to the challenge to fulfil requirements on a valid records management acc. to current standards [IS20b] [IS16] as well as to preserve the evidences of electronic records as long as they are needed according to current regulations and standards [eIDAS] [ETS19b] [VDG]. Based on international standardization the authors are taking part in, this paper focuses on the challenges and requirements for records management and preservation of evidence in DLT as well as possible solutions and needs for further standardization.
- KonferenzbeitragTowards the COSCA framework for “COnseptualing Secure CArs”.(Open Identity Summit 2021, 2021) Bella, Giampaolo; Biondi, Pietro; Costantino, Gianpiero; Matteucci, Ilaria; Marchetti, MircoCyber risks associated with modern cars are often referred to safety. However, modern cars expose a variety of digital services and process a variety of personal data, at least of the driver’s. This paper unfolds the argument that car (cyber-)security and drivers’ privacy are worthy of additional consideration, and does so by advancing “COSCA”, a framework for “COnceptualising Secure CArs” as interconnected nodes of the Next Generation Internet. COSCA adopts an innovative socio-technical approach. It crowdsources drivers’ perceptions on core privacy topics and it classifies the data collected by cars and processed by manufacturers pursuant the General Data Protection Regulation. These steps inform a risk assessment which highlights the more relevant mitigation strategies and cyber security technologies. Finally, COSCA aims at designing novel interfaces to enable drivers to exercise their rights about personal data collection and processing.
- KonferenzbeitragApplying assurance levels when issuing and verifying credentials using Trust Frameworks(Open Identity Summit 2021, 2021) Martinez Jurado, Victor; Vila, Xavier; Kubach, Michael; Henderson Johnson Jeyakumar, Isaac; Solana, Albert; Marangoni, MatteoTechnical interoperability of the issuance, presentation, and verification of verifiable credentials (VC) across domains of trust is a current challenge for self-sovereign identity. We present an approach incorporating different levels of assurance and trust domains in an eIDAS compliant way. This is illustrated through a use case with real-world relevance: the issuance and cross-border usage of the European Health Insurance Card.
- KonferenzbeitragFAPI 2.0: A High-Security Profile for OAuth and OpenID Connect(Open Identity Summit 2021, 2021) Fett, DanielA growing number of APIs, from the financial, health and other sectors, give access to highly sensitive data and resources. With the Financial-grade API (FAPI) Security Profile, the OpenID Foundation has created an interoperable and secure standard to protect such APIs. The first version of FAPI has recently become an official standard and has already been adopted by large ecosystems, such as OpenBanking UK. Meanwhile, the OpenID Foundation’s FAPI Working Group has started the work on a the second version of FAPI, putting a focus on robust interoperability, simplicity, a more structured approach to security, and improved non-repudiation. In this paper, we give an overview of the FAPI profiles, discuss the learnings from practice that influence the development of the latest version of FAPI, and show how formal security analysis helps to shape security decisions.
- KonferenzbeitragRole of Identity, Identification, and Receipts for Consent(Open Identity Summit 2021, 2021) J. Pandit, Harshvardhan; Jesus, Vitor; Ammai, Shankar; Lizar, Mark; D’Agostino, SalvatoreThis article outlines issues in the current ecosystem of data sharing based on consent and the role of identity and identification. It argues how the consent mechanism is hostile to individuals in the form of: (a) inscrutable third parties who remain largely unknown; (b) denying ability to identify and manage consent; and (c) lack of technological solution. The article discusses the role and feasibility of Consent Receipts, and presents its role in the Privacy as Expected: Consent Gateway (PaE:CG) project for the future of accountable identity and identification mechanisms for consent.
- «
- 1 (current)
- 2
- 3
- »