Logo des Repositoriums

Auflistung nach Schlagwort "eIDAS"

1 - 10 von 19
  • Konferenzbeitrag
    Accountable Trust Decisions: A Semantic Approach
    (Open Identity Summit 2020, 2020) Schlichtkrull, Anders; Mödersheim, Sebastian
    This paper is concerned with the question of how to obtain the highest possible assurance on trust policy decisions: when accepting an electronic transaction of substantial value or significant implications, we want to be sure that this did not happen because of a bug in a policy checker. Potential bugs include bugs in parsing documents, in signature checking, in checking trust lists, and in the logical evaluation of the policy. This paper focuses on the latter kind of problems and our idea is to validate the logical steps of the trust decision by another, complementary method. We have implemented this for the Trust Policy Language of the LIGHTest project and we use the completely independently developed FOL theorem prover RP_X as a complementary method.
  • Konferenzbeitrag
    Adapting the TPL Trust Policy Language for a Self-Sovereign Identity World
    (Open Identity Summit 2021, 2021) Alber, Lukas; More, Stefan; Mödersheim, Sebastian; Schlichtkrull, Anders
    Trust policies enable the automated processing of trust decisions for electronic transactions. We consider the Trust Policy Language TPL of the LIGHTest project [Mö19] that was designed for businesses and organizations to formulate their trust policies. Using TPL, organizations can decide if and how they want to rely on existing trust schemes like Europe’s eIDAS or trust scheme translations endorsed by them. While the LIGHTest project is geared towards classical approaches like PKI-based trust infrastructures and X.509 certificates, novel concepts are on the rise: one example is the self-sovereign identity (SSI) model that enables users better control of their credentials, offers more privacy, and supports decentralized solutions. Since SSI is based on distributed ledger (DL) technology, it is a question of how TPL can be adapted so that organizations can continue to enjoy the benefits of flexible policy descriptions with automated evaluation at a very high level of reliability. Our contribution is a first step towards integrating SSI and the interaction with a DL into a Trust Policy Language. We discuss this on a more conceptual level and also show required TPL modifications. We demonstrate that we can integrate SSI concepts into TPL without changing the syntax and semantics of TPL itself and have to add new formats and introduce a new built-in predicate for interacting with the DL. Another advantage of this is that the “business logic” aspect of a policy does not need to change, enable re-use of existing policies with the new trust model.
  • Konferenzbeitrag
    Applying assurance levels when issuing and verifying credentials using Trust Frameworks
    (Open Identity Summit 2021, 2021) Martinez Jurado, Victor; Vila, Xavier; Kubach, Michael; Henderson Johnson Jeyakumar, Isaac; Solana, Albert; Marangoni, Matteo
    Technical interoperability of the issuance, presentation, and verification of verifiable credentials (VC) across domains of trust is a current challenge for self-sovereign identity. We present an approach incorporating different levels of assurance and trust domains in an eIDAS compliant way. This is illustrated through a use case with real-world relevance: the issuance and cross-border usage of the European Health Insurance Card.
  • Konferenzbeitrag
    Auf dem Weg zu sicheren abgeleiteten Identitäten mit Payment Service Directive 2
    (SICHERHEIT 2018, 2018) Träder, Daniel; Zeier, Alexander; Heinemann, Andreas
    Online-Dienste erfordern eine eindeutige Identifizierung der Benutzer und somit eine sichere Authentisierung. Insbesondere eGovernment-Dienste innerhalb der EU erfordern eine starke Absicherung der Benutzeridentität. Auch die mobile Nutzung solcher Dienste wird bevorzugt. Das Smartphone kann hier als einer der Faktoren für eine Zwei-Faktor-Authentifizierung dienen, um eine höhere Sicherheit zu erreichen. Diese Arbeit schlägt vor, den Zugang und die Nutzung einer abgeleiteten Identität mit einem Smartphone zu sichern, um es dem Benutzer zu ermöglichen, sich auf sichere Weise gegenüber einem Online-Dienst zu identifizieren. Dazu beschreiben wir ein Schema zur Ableitung der Identität eines Benutzers mithilfe eines Account Servicing Payment Service Provider (ASPSP) unter Verwendung der Payment Service Directive 2 (PSD2) der Europäischen Union. PSD2 erfordert eine Schnittstelle für Dritte, die von ASPSPs implementiert werden muss. Diese Schnittstelle wird genutzt, um auf die beim ASPSP gespeicherten Kontoinformationen zuzugreifen und daraus die Identität des Kontoinhabers abzuleiten. Zur Sicherung der abgeleiteten Identität ist der Einsatz von FIDO (Fast Identity Online) vorgesehen. Wir bewerten unseren Vorschlag anhand der Richtlinien von eIDAS LoA (Level of Assurance) und zeigen, dass für die meisten Bereiche das Vertrauensniveau substantiell erreicht werden kann. Um diesem Level vollständig gerecht zu werden, ist zusätzlicher Arbeitsaufwand erforderlich: Zunächst ist es erforderlich, Extended Validation-Zertifikate für alle Institutionen zu verwenden. Zweitens muss der ASPSP sichere TAN-Methoden verwenden. Schließlich kann derWiderruf einer abgeleiteten Identität nicht erfolgen, wenn der Benutzer keinen Zugriff auf sein Smartphone hat, das mit der abgeleiteten ID verknüpft ist. Daher ist ein anderes Widerrufsverfahren erforderlich (z. B. eine Support-Hotline).
  • Konferenzbeitrag
    Combination of x509 and DID/VC for inheritance properties of trust in digital identities
    (Open Identity Summit 2022, 2022) Bastian, Paul; Stöcker, Carsten; Schwalm, Steffen
    The proposal for review of the eIDAS Regulation from 2021 has opened strong expectations for a deep change in traditional identity models. The user-centric identity model proposed starts with the creation of European Digital Identity Wallets that will enable citizens’ control over their data in identification and authentication processes without control by entities providing the identification services. Likewise digital identities and digital signatures are in place and interoperability between existing solutions mainly based on x509 certificates and decentralized PKI using DID/VC foreseeable. The paper provides various options to address different aspects in combining x509 and DID/VC approaches.
  • Konferenzbeitrag
    Criteria for trustworthy digital transactions - Blockchain/DLT between eI-DAS, GDPR, Data and Evidence Preservation
    (Open Identity Summit 2020, 2020) Kusber, Tomasz; Schwalm, Steffe; Shamburger, Kalinda; Korte, Ulrike
    With the help of eIDAS [Re14], legislators have created a resilient framework in EU and EFTA to place trustworthy digital transactions more and more in the centre of business relationships. The regulated use of the trust services (e.g. qualified electronic signature or seal etc.) as well as that of the secure electronic identities provides a solid foundation for the advancement of digitization. The adequate evidence of electronic records as long as they are needed is a critical success-factor for trustworthy digital transactions. The trustworthiness of the transactions must be based on compliance with the basic values of authenticity, integrity, reliability, availability, confidentiality and transferability. After a first hype there are increasingly more considerations also in regulated industries to use DLT for digital processes which have to be accountable. In order to make them evident and to fulfil documentation requirements it is necessary that DLT fulfils the legal framework and prior art based on defined criteria for trustworthy digital transactions. This paper focuses on the challenges and requirements for utilisation of DLT for trustworthy digital processes including long-term preservation.
  • Konferenzbeitrag
    Digital and mobile identities
    (Open Identity Summit 2020, 2020) Funke, Holger
    In this paper current developments in mobile identities are described. A scalable architecture, standard future-proven technologies such as ISO/IEC 23220 and a Cryptographic Service Provider build the framework for secure, failsafe and large deployments. The building blocks specified in ISO/IEC 23220 deliver a framework that can be easily used for identities stored on secure devices such as smartphones. This paper lists a selection of outstanding projects using mobile and digital identities in the field of mobile ID. The focus is on Digital Travel Credentials (DTC) which are currently specified by the International Civil Aviation Organization (ICAO).
  • Textdokument
    DNS-based Trust Scheme Publication and Discovery
    (Open Identity Summit 2019, 2019) Wagner, Georg; Wagner, Sven; More, Stefan; Hoffmann, Martin
    Trust infrastructures are at the heart of a digital world. Within those trust infrastructures, trust schemes play an important role and often represent legal or organizational entities. Right now, trust schemes are published in the form of lists. Those lists enumerate all the trust services and their level of assurance. Trusted discovery only works if the URI of the trust list is known to the verifying party. In this paper, we introduce a Trust Scheme Publication Authority for arbitrary trust schemes. Our approach uses the Domain Name System (DNS) and its security extensions (DNSSEC) to publish discovery data securely.
  • Konferenzbeitrag
    eIDAS 2.0: Challenges, perspectives and proposals to avoid contradictions between eIDAS 2.0 and SSI
    (Open Identity Summit 2022, 2022) Schwalm, Steffen; Albrecht, Daria; Alamillo, Ignacio
    The proposal for review of the eIDAS Regulation from 2021 has opened strong expectations for a deep change in traditional identity models. The user-centric identity model proposed starts with the creation of European Digital Identity Wallets that will enable citizens’ control over their data in identification and authentication processes without control by entities providing the identification services. Likewise, with the proposed legal rules for giving legal certainty to electronic ledgers and blockchains, [eIDAS2]opens possibilities to decentralization, especially for the provision and management of user’s attributes. The implementation of qualified trust services for attestations or electronic ledgers limits decentralization by requirement of a trusted 3rd party. Standardization will be key in assuring interoperability at the EU level. What are the challenges and opportunities of eIDAS 2.0? And what are the main focuses and needs of (European) standardization? These and other questions will be analysed and discussed in the paper.
  • Textdokument
    eIDAS eID & eSignature based Service Accounts at University environments for cross boarder/domain access
    (Open Identity Summit 2019, 2019) Strack, Hermann; Otto, Oliver; Klinner, Sebastian; Schmidt, André
    University domain/scenario use cases based on eIDAS eID & eSignature extended user service accounts are implemented in the EU CEF projects TREATS and StudIES+, integrating hybrid ID concepts (legacy & eID). eNotar services will offer to integrate legacy binding in process and document flows, transfers to other areas are considered (Industry 4.0, ABAC).