Auflistung P277 - Open Identity Summit 2017 nach Erscheinungsdatum
1 - 10 von 16
Treffer pro Seite
Sortieroptionen
- TextdokumentA meta-heuristic for access control test data creation in access control model testing(Open Identity Summit 2017, 2017) Winterstetter, Matthias; Kurowski, SebastianUser to Document Access data is in most cases protected and as such difficult to acquire for research purposes. This work seeks to circumvent this problem by creating research data on the basis of reference processes through the evolutionary Algorithm. Data created through this method, while not as accurate as real data, still has it’s foundation in reality through the reference process and can as such be used as a replacement.
- TextdokumentA Mechanism for Discovery and Verification of Trust Scheme Memberships: The Lightest Reference Architecture(Open Identity Summit 2017, 2017) Roßnagel, HeikoElectronic transactions are an integral component of private and business life. For this purpose, a certification of trustworthy electronic identities supported from authorities is often required. Within the EU-funded LIGHTest project, a global trust infrastructure based on DNS is built, where arbitrary authorities can publish their trust information. A high level description of the LIGHTest reference architecture is presented. Then, the Trust Scheme Publication Authority, which enables discovery and verification of trust scheme memberships is introduced.
- TextdokumentHarmonizing Delegation Data Formats(Open Identity Summit 2017, 2017) Wagner, Georg; Omolola, Olamide; More, StefanDelegations are an integral part of daily transactions. A delegation is the process of authorizing one entity to act on behalf of another. For the delegation to work, the claim that an entity is authorized to act on behalf of another entity needs to be verified. Verifying an analog delegation can be done by checking if the name of a user is on a list of authorized persons. In contrast, in electronic transactions the implementation of a delegation and its verification can be a difficult task. A user logging into a system or signing documents with an electronic signature involving a delegation may be required to show this delegation within the signature. This delegation needs to be discovered and verified during the transaction. Many solutions using eXtensible Markup Language (XML) have been proposed to represent delegations; unfortunately, most of these schemes are designed to be used for one specific domain. In this paper, we propose a delegation scheme that fills this gap by providing a general representation for delegation that can be easily extended to different domains.
- TextdokumentPrivacy dark patterns in identity management(Open Identity Summit 2017, 2017) Fritsch, LotharThis article presents three privacy dark patterns observed in identity management. Dark patterns are software design patterns that intentionally violate requirements, in the given case privacy requirements for identity management. First, the theoretical background is presented, and then next, the observed patterns are documented, described and formalized. The resulting dark patterns show how security is used as obfuscation of data collection, how the seemingly harmless collection of additional data is advertised to end users, and how the use of anonymization technology is actively discouraged by service providers.
- TextdokumentDesign and Implementation Aspects of Mobile Derived Identities(Open Identity Summit 2017, 2017) Träder, Daniel; Zeier, Alexander; Heinemann, AndreasWith the ongoing digitalisation of our everyday tasks, more and more eGovernment services make it possible for citizens to take care of their administrative obligations online. This type of services requires a certain assurance level for user authentication. To meet these requirements, a digital identity issued to the citizen is essential. Nowadays, due to the widespread use of smartphones, mobile user authentication is often favoured. This naturally supports two-factor authentication schemes (2FA). We use the term mobile derived identity to stress two aspects: a) the identity is enabled for mobile usage and b) the identity is somehow derived from a physical or digital proof of identity. This work reviews 21 systems and publications that support mobile derived identities. One subset of the considered systems is already in place (public or private sector in Europe), another subset is subject to research. Our goal is to identify prevalent design and implementation aspects for these systems in order to gain a better understanding on best practises and common views on mobile derived identities. We found, that research prefers storing identity data on the mobile device itself whereas real world systems usually rely on cloud storage. 2FA is common in both worlds, however biometrics as second factor is the exception.
- TextdokumentTowards Privacy-Preserving and User-Centric Identity Management as a Service(Open Identity Summit 2017, 2017) Dash, Pritam; Rabensteiner, Christof; Hörandner, Felix; Roth, SimonIdentification, authentication and the exchange of users’ identity information are key factors in protecting access to online services. Especially cost-effectiveness is a considerable incentive to move identity management models into the public cloud. As cloud environments are not fully trusted, the users’ sensitive attributes must not be stored or transmitted in plain, while it still has to be possible to share them. One approach is to employ proxy re-encryption, which enables the identity provider to transform a user’s encrypted attributes into ciphertext for an authorized service provider. However, for adoption, the user’s perspective must not be neglected. In this paper, we propose a user-friendly and user-centric identity management solution that employs cryptographic mechanisms to protect the users’ privacy and keep them in control of the data sharing process. We integrate proxy re-encryption into the widely-adopted OpenID Connect protocol to achieve end-to-end confidentiality. To make this concept user-friendly, we introduce a mobile app that handles the involved cryptographic operations which rely on keys securely stored in a trusted execution environment.
- TextdokumentA Comparison of Payment Schemes for the IoT(Open Identity Summit 2017, 2017) Bohli, Jens-Matthias; Dietrich, Aljoscha; Petrlic, Ronald; Sorge, ChristophTechnologies for the IoT have reached a high level of maturity, and a large-scale deployment will soon be possible. For the IoT to become an economic success, easy access to all kinds of real-world information must be enabled. Assuming that not all services will be available for free, an IoT infrastructure should support access control, accounting, and billing. We analyze available access control and payment schemes for their potential as payment schemes in the IoT. In addition to security and privacy, we discuss suitability for direct client to sensor communication and efficiency. We show shortcomings of existing protocols that need to be addressed by future research.
- TextdokumentPassword Assistance(Open Identity Summit 2017, 2017) Horsch, Moritz; Braun, Johannes; Buchmann, JohannesFor decades, users are not able to realize secure passwords for their user accounts at Internet services. Users’ passwords need to fulfil general security requirements and the password requirements of services. Furthermore, users need to cope with different password implementations at services. Finally, users need to perform a multitude of tasks to properly manage their large password portfolios. This is practically impossible. In this paper, we introduce the vision of a password assistant. It supports users in all duties and tasks with regard to their passwords, from the creation of secure passwords to the recovery of them in case of loss. Moreover, it provides an extensive automatization of all password tasks that reduces the users’ efforts and activities to deal with passwords to a minimum. A password assistant enables high security for passwords as well as improves their ease of use. First, we provide a detailed description of the problem of users to realize secure passwords for their accounts in practice. Second, we outline the vision of a password assistant, describe its technical foundation, and introduce the related open-source project starting to realize the first password assistant.
- TextdokumentOpen ecosystem platforms for assistants and IoT-devices: a look into corporate practice(Open Identity Summit 2017, 2017) Fähnrich, Nicolas; Kubach, MichaelPlatforms are becoming an increasingly important part of today’s and future innovations. However, from a privacy and security, as well as from a societal perspective, closed proprietary platforms, the currently dominant form, possess certain potentially problematic features. This is why many call for open ecosystem approaches that so far have had only limited success on the market. In order to design an open ecosystem platform in a way that is attractive to companies, we therefore analyze the role platforms and related aspects play in companies’ strategies. This is achieved through an analysis of the annual corporate reports of large companies. Results show that platforms are a common topic in all industry sectors, with closed proprietary approaches prevailing. This illustrates that open ecosystem approaches are still hardly considered by the big industry players and more efforts are needed to make them economically attractive.
- TextdokumentTowards secure and standard-compliant implementations of the PSD2 Directive(Open Identity Summit 2017, 2017) Wich, Tobias; Nemmert, Daniel; Hühnlein, DetlefThe present article provides a compact overview of the most important requirements of the so-called “Payment Services Directive 2” (PSD2) [Di15], together with the related Regulatory Technical Standard on authentication and communication [Eu17] according to Article 98, and outlines how the pivotal “Access-to-Account-Interface” can be securely implemented based on widely acknowledged international standards.