Logo des Repositoriums

Auflistung nach Schlagwort "identity lifecycle"

1 - 2 von 2
  • Konferenzbeitrag
    Electronic identity mass compromize: Options for recovery
    (Open Identity Summit 2023, 2023) Fritsch, Lothar
    A National Digital Identity Framework should be designed in a proactive manner, should focus on a resilience-oriented approach, and should be aimed at limiting the risks that may originate from identity data management [IT18]. What is the preparedness of digital identity providers for recovery from compromise that affects large numbers of identities? Failures or attacks may destroy authenticators, data or trust chains that are the foundations of large identity ecosystems. The re-issuance of digital identities, of authenticators or the re-enrollment of the user base should get planned as contingency measures. Important parameters will be recovery time, complexity of re-registering subjects, distribution of effort between certification authorities, registrars and relying parties, and the availability of alternative technologies and staff resources. The article will, based on a review of standards and requirements documents, present evidence for a shortage of recovery readiness that endangers relying parties and identity ecosystems. From a review of standards and practice, we extract recovery procedures as far as they are planned for.
  • Konferenzbeitrag
    A user-centric approach to IT-security risk analysis for an identity management solution
    (Open Identity Summit 2022, 2022) Fähnrich, Nicolas; Winterstetter, Matthias; Kubach, Michael
    In order to build identity management (IdM) solutions that are secure in the practical application context, a holistic approach their IT-security risk analysis is required. This complements the indispensable technical, and crypto-focused analysis of risks and vulnerabilities with an approach that puts another important vector for security in the center: the users and their usage of the technology over the whole lifecycle. In our short paper we focus exclusively on the user-centric approach and present an IT-security risk analysis that is structured around the IdM lifecycle.