Logo des Repositoriums

Auflistung nach Schlagwort "SSI"

1 - 10 von 14
  • Zeitschriftenartikel
    A Systematic Review of Identity and Access Management Requirements in Enterprises and Potential Contributions of Self-Sovereign Identity
    (Business & Information Systems Engineering: Vol. 66, No. 4, 2024) Glöckler, Jana; Sedlmeir, Johannes; Frank, Muriel; Fridgen, Gilbert
    Digital identity and access management (IAM) poses significant challenges for companies. Cyberattacks and resulting data breaches frequently have their root cause in enterprises’ IAM systems. During the COVID-19 pandemic, issues with the remote authentication of employees working from home highlighted the need for better IAM solutions. Using a design science research approach, the paper reviews the requirements for IAM systems from an enterprise perspective and identifies the potential benefits of self-sovereign identity (SSI) – an emerging, passwordless paradigm in identity management that provides end users with cryptographic attestations stored in digital wallet apps. To do so, this paper first conducts a systematic literature review followed by an interview study and categorizes IAM system requirements according to security and compliance, operability, technology, and user aspects. In a second step, it presents an SSI-based prototype for IAM, whose suitability for addressing IAM challenges was assessed by twelve domain experts. The results suggest that the SSI-based authentication of employees can address requirements in each of the four IAM requirement categories. SSI can specifically improve manageability and usability aspects and help implement acknowledged best practices such as the principle of least privilege. Nonetheless, the findings also reveal that SSI is not a silver bullet for all of the challenges that today’s complex IAM systems face.
  • Konferenzbeitrag
    Adapting the TPL Trust Policy Language for a Self-Sovereign Identity World
    (Open Identity Summit 2021, 2021) Alber, Lukas; More, Stefan; Mödersheim, Sebastian; Schlichtkrull, Anders
    Trust policies enable the automated processing of trust decisions for electronic transactions. We consider the Trust Policy Language TPL of the LIGHTest project [Mö19] that was designed for businesses and organizations to formulate their trust policies. Using TPL, organizations can decide if and how they want to rely on existing trust schemes like Europe’s eIDAS or trust scheme translations endorsed by them. While the LIGHTest project is geared towards classical approaches like PKI-based trust infrastructures and X.509 certificates, novel concepts are on the rise: one example is the self-sovereign identity (SSI) model that enables users better control of their credentials, offers more privacy, and supports decentralized solutions. Since SSI is based on distributed ledger (DL) technology, it is a question of how TPL can be adapted so that organizations can continue to enjoy the benefits of flexible policy descriptions with automated evaluation at a very high level of reliability. Our contribution is a first step towards integrating SSI and the interaction with a DL into a Trust Policy Language. We discuss this on a more conceptual level and also show required TPL modifications. We demonstrate that we can integrate SSI concepts into TPL without changing the syntax and semantics of TPL itself and have to add new formats and introduce a new built-in predicate for interacting with the DL. Another advantage of this is that the “business logic” aspect of a policy does not need to change, enable re-use of existing policies with the new trust model.
  • Konferenzbeitrag
    Applying assurance levels when issuing and verifying credentials using Trust Frameworks
    (Open Identity Summit 2021, 2021) Martinez Jurado, Victor; Vila, Xavier; Kubach, Michael; Henderson Johnson Jeyakumar, Isaac; Solana, Albert; Marangoni, Matteo
    Technical interoperability of the issuance, presentation, and verification of verifiable credentials (VC) across domains of trust is a current challenge for self-sovereign identity. We present an approach incorporating different levels of assurance and trust domains in an eIDAS compliant way. This is illustrated through a use case with real-world relevance: the issuance and cross-border usage of the European Health Insurance Card.
  • Konferenzbeitrag
    Combination of x509 and DID/VC for inheritance properties of trust in digital identities
    (Open Identity Summit 2022, 2022) Bastian, Paul; Stöcker, Carsten; Schwalm, Steffen
    The proposal for review of the eIDAS Regulation from 2021 has opened strong expectations for a deep change in traditional identity models. The user-centric identity model proposed starts with the creation of European Digital Identity Wallets that will enable citizens’ control over their data in identification and authentication processes without control by entities providing the identification services. Likewise digital identities and digital signatures are in place and interoperability between existing solutions mainly based on x509 certificates and decentralized PKI using DID/VC foreseeable. The paper provides various options to address different aspects in combining x509 and DID/VC approaches.
  • Konferenzbeitrag
    Economically Viable Identity Ecosystems: Value Capture and Market Strategies
    (Open Identity Summit 2024, 2024) Kubach, Michael; Roßnagel, Heiko
    Prevailing digital identity solutions are facing widespread dissatisfaction, prompting political and business stakeholders to advocate for the development of novel identity (ID) ecosystems. This paper diverges from the traditional focus on the usability, security, and privacy shortcomings of current solutions, directing attention instead to the economic dimensions that are critical for the successful adoption of digital identity management (IdM) systems. The analysis extends beyond the incentives for end-user adoption, considering the roles, motivations, and ability of other key stakeholders to capture value through the ecosystem, particularly service providers, who are anticipated to be the primary financial contributors to ID services. This examination leads to the pivotal inquiry of whether a market for digital identities can materialize and what strategies for market entry could be viable, especially in scenarios involving public sector participation.
  • Konferenzbeitrag
    eIDAS 2.0: Challenges, perspectives and proposals to avoid contradictions between eIDAS 2.0 and SSI
    (Open Identity Summit 2022, 2022) Schwalm, Steffen; Albrecht, Daria; Alamillo, Ignacio
    The proposal for review of the eIDAS Regulation from 2021 has opened strong expectations for a deep change in traditional identity models. The user-centric identity model proposed starts with the creation of European Digital Identity Wallets that will enable citizens’ control over their data in identification and authentication processes without control by entities providing the identification services. Likewise, with the proposed legal rules for giving legal certainty to electronic ledgers and blockchains, [eIDAS2]opens possibilities to decentralization, especially for the provision and management of user’s attributes. The implementation of qualified trust services for attestations or electronic ledgers limits decentralization by requirement of a trusted 3rd party. Standardization will be key in assuring interoperability at the EU level. What are the challenges and opportunities of eIDAS 2.0? And what are the main focuses and needs of (European) standardization? These and other questions will be analysed and discussed in the paper.
  • Konferenzbeitrag
    GRAIN: Truly Privacy-friendly and Self-sovereign Trust Establishment with GNS and TRAIN
    (Open Identity Summit 2024, 2024) Schanzenbach, Martin; Nadler, Sebastian; Johnson Jeyakumar, Isaac Henderson
    Robust and secure trust establishment is an open problem in the domain of self-sovereign identities (SSI). The TRAIN [KR21] concept proposes to leverage the security guarantees and trust anchor of the DNS to publish and resolve pointers to trust lists from DNS. While the DNS is a corner stone of the Internet, its continued use is primarily a consequence of inertia due to its crucial function as the address discovery system for existing Internet services. Research and development in the area of SSI is — for the most part — green field. The choice of DNS as a core building block appears fainthearted given its open security issues. Recently, the IETF paved the way to experiment with alternative name systems in real world deployments by reserving the special-use top-level domain “.alt” in the domain name space [KH23]. This allows us to use alternative name systems such as the GNU Name System (GNS) [SGF23a] without intruding into the domain name space reserved for DNS. In this paper, we show how we can use the GNS as a drop-in replacement for DNS in TRAIN. We show how TRAIN-over-GNS (GRAIN) can deliver security and privacy improvements the security concept of TRAIN-over DNS and show that it is practically feasible with limited modifications of existing software stacks.
  • Konferenzbeitrag
    Hyperledger Indy Besu as a permissioned ledger in Selfsovereign Identity
    (Open Identity Summit 2024, 2024) Shcherbakov, Alexander
    Self-sovereign Identity (SSI) represents an approach to digital identity that prioritizes privacy and empowers individuals to maintain control over the information associated with their identity. This approach aligns with GDPR and similar regulations and is gaining adoption across various governments, non-profit organizations, and commercial entities worldwide. A foundational element in SSI is a Verifiable Data Registry (VDR), which serves as a trusted repository for registering and accessing public keys, schemas, identifiers, and other data. A natural choice for a VDR is a distributed ledger or blockchain. Among the most stable and popular frameworks for SSI is Hyperledger Indy. Indy includes a custom implementation of a public permissioned ledger as a VDR. The Indy community has been developing a new experimental approach for a VDR in Indy: a permissioned ledger based on Hyperledger Besu. In this paper, we are going to discuss the importance, benefits, and technical details of this initiative.
  • Konferenzbeitrag
    Integration of Self-Sovereign Identity into Conventional Software using Established IAM Protocols: A Survey
    (Open Identity Summit 2022, 2022) Kuperberg, Michael; Klemens, Robin
    Self-Sovereign Identity (SSI) is an approach based on asymmetric cryptography and on decentralized, user-controlled exchange of signed assertions. Most SSI implementations are not based on hierarchic certification schemas, but rather on the peer-to-peer and distributed “web of trust” without root or intermediate CAs. As SSI is a nascent technology, the adoption of vendor-independent SSI standards into existing software landscapes is at an early stage. Conventional enterprise-grade IAM implementations and cloud-based Identity Providers rely on widely established pre-SSI standards, and both will not be replaced by SSI offerings in the next few years. The contribution of this paper is an analysis of patterns and products to bridge unmodified pre-SSI applications and conventional IAM with SSI implementations. Our analysis covers 40+ SSI implementations and major authentication protocols such as OpenID Connect and LDAP.
  • Konferenzbeitrag
    Lifting the Veil of Credential Usage in Organizations: A Taxonomy
    (Open Identity Summit 2023, 2023) Bochnia, Ricardo; Richter, Daniel; Anke, Jürgen
    With the emergence of self-sovereign identity (SSI) as a paradigm for digital identity management the handling of verifiable credentials (VCs) has become an important topic in organizations. Organizations process a wide variety of documents which can be considered credentials. Previous research shows that a challenge in developing SSI systems is a lack of understanding of the core aspects of the paradigm and their relation to existing organizational practices. Our research focuses on the different characteristics of credentials in organizations and maps the characteristics of VCs to physical credentials. Our findings indicate that credentials in organizations can be classified by ten dimensions. Additionally, VCs have many possible characteristics of physical credentials, althoughmplementation and support for certain features may be vendor-specific. Finally, we provide insights and suggestions for SSI researchers and developers.