Logo des Repositoriums

Auflistung nach Schlagwort "Accountability"

1 - 5 von 5
  • Konferenzbeitrag
    Accountable Banking Transactions
    (Open Identity Summit 2024, 2024) Mödersheim, Sebastian; Chen, Siyu
    This paper shows how to apply the idea of Three branches of Accountability by Mödersheim and Cuellar to make banking transactions accountable, i.e., neither can the customer later deny to have placed the order, nor can the bank execute a transaction that the customer did not order. This is done in a general way that deliberately gives freedom to instantiate the system in several different ways, as long as it follows a few basic principles, and we show accountability holds in every instance.
  • Konferenzbeitrag
    Accountable Trust Decisions: A Semantic Approach
    (Open Identity Summit 2020, 2020) Schlichtkrull, Anders; Mödersheim, Sebastian
    This paper is concerned with the question of how to obtain the highest possible assurance on trust policy decisions: when accepting an electronic transaction of substantial value or significant implications, we want to be sure that this did not happen because of a bug in a policy checker. Potential bugs include bugs in parsing documents, in signature checking, in checking trust lists, and in the logical evaluation of the policy. This paper focuses on the latter kind of problems and our idea is to validate the logical steps of the trust decision by another, complementary method. We have implemented this for the Trust Policy Language of the LIGHTest project and we use the completely independently developed FOL theorem prover RP_X as a complementary method.
  • Konferenzbeitrag
    Adapting the TPL Trust Policy Language for a Self-Sovereign Identity World
    (Open Identity Summit 2021, 2021) Alber, Lukas; More, Stefan; Mödersheim, Sebastian; Schlichtkrull, Anders
    Trust policies enable the automated processing of trust decisions for electronic transactions. We consider the Trust Policy Language TPL of the LIGHTest project [Mö19] that was designed for businesses and organizations to formulate their trust policies. Using TPL, organizations can decide if and how they want to rely on existing trust schemes like Europe’s eIDAS or trust scheme translations endorsed by them. While the LIGHTest project is geared towards classical approaches like PKI-based trust infrastructures and X.509 certificates, novel concepts are on the rise: one example is the self-sovereign identity (SSI) model that enables users better control of their credentials, offers more privacy, and supports decentralized solutions. Since SSI is based on distributed ledger (DL) technology, it is a question of how TPL can be adapted so that organizations can continue to enjoy the benefits of flexible policy descriptions with automated evaluation at a very high level of reliability. Our contribution is a first step towards integrating SSI and the interaction with a DL into a Trust Policy Language. We discuss this on a more conceptual level and also show required TPL modifications. We demonstrate that we can integrate SSI concepts into TPL without changing the syntax and semantics of TPL itself and have to add new formats and introduce a new built-in predicate for interacting with the DL. Another advantage of this is that the “business logic” aspect of a policy does not need to change, enable re-use of existing policies with the new trust model.
  • Konferenzbeitrag
    On the Search for Trust: Self-Sovereign Identity and the Public Sector
    (6. Fachtagung Rechts- und Verwaltungsinformatik (RVI 2023), 2023) Richter, Daniel; Krauß, Anna-Magdalena; Ebert, Sarah; Handke, Stefan
    Trust in the government can be seen both as a prerequisite as well as an outcome for public sector digitization. Recently, Self-sovereign Identity (SSI) has been pursued as a means to provide an infrastructure for the secure exchange of digital credentials to public services. To enable SSI’s potentially trust-enhancing properties in digital public services, we gather necessary design factors from the perspective of the system’s user experience (UX) and the governance of technical artifacts and users. We provide a concretization of generic antecedents to trust found in the literature by using them as an analytical lens for the case of a digital public service utilizing SSI: the implementation of the direct-democratic instrument of the citizen’s initiative (“Bürgerbegehren”) in the city of Dresden, Germany. We highlight gaps in the case and literature and give recommendations concerning both the UX and credential governance to foster trust-enhancing implementations of SSI in public services.
  • Konferenzbeitrag
    Role of Identity, Identification, and Receipts for Consent
    (Open Identity Summit 2021, 2021) J. Pandit, Harshvardhan; Jesus, Vitor; Ammai, Shankar; Lizar, Mark; D’Agostino, Salvatore
    This article outlines issues in the current ecosystem of data sharing based on consent and the role of identity and identification. It argues how the consent mechanism is hostile to individuals in the form of: (a) inscrutable third parties who remain largely unknown; (b) denying ability to identify and manage consent; and (c) lack of technological solution. The article discusses the role and feasibility of Consent Receipts, and presents its role in the Privacy as Expected: Consent Gateway (PaE:CG) project for the future of accountable identity and identification mechanisms for consent.