Auflistung nach:
Auflistung P251 - Open Identity Summit 2015 nach Titel
1 - 10 von 12
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragAutomatic recognition, processing and attacking of single sign-on protocols with burp suite(Open Identity Summit 2015, 2015) Mainka, Christian; Mladenov, Vladislav; Guenther, Tim; Schwenk, JörgSAML, Mozilla BrowserID, OpenID, OpenID Connect, Facebook Connect, Microsoft Account, OAuth - today's web applications are supporting a large set of Single Sign-On (SSO) solutions. Some of them have common properties and behavior, others are completely different. This paper will give an overview of modern SSO protocols. We classify them into two groups and show how to distinguish them from each other. We provide EsPReSSO, an open source Burpsuite plugin that identifies SSO protocols automatically in a browser's HTTP traffic and helps penetration testers and security auditors to manipulate SSO flows easily.
- KonferenzbeitragEconomic issues of federated identity management - an estimation of the costs of identity lifecycle management in inter-organisational information exchange using transaction cost theory(Open Identity Summit 2015, 2015) Kurowski, SebastianInter-organisational data-exchange is common in inter-organisational value-chains. Currently information providing organizations enrol users of suppliers, in order to enable them to access their services and information. This leaves some users with the issue of handling multiple credentials, introducing risks of password-reuse [Iv04] and weak-passwords [Ne94]. Federated identity management eases this scenario, by enabling users to authenticate against their organizations' identity provider [Hü10]. However, the costs involved in managing the underlying identity and rights lifecycle have hardly been considered. This paper addresses this gap, by using the principal-agent theory, and transaction cost theory, structuring the identity lifecycle using [BS08] [IS05] [IS10], and estimating the management costs. We finally analyse the economic benefits of federated identity management in inter-organisational information exchange. We find that while process costs for executing the identity lifecycle are reduced for the information provider, by introducing federated identity management, the control costs reduce, and in one case even diminish this cost benefit. We briefly discuss our findings, and conclude that further mechanisms and research is required to reduce the efforts in auditing, in order to fully unlock the security and economic benefits of federated identity management.
- KonferenzbeitragEvaluating complex identity management systems - the futureid approach(Open Identity Summit 2015, 2015) Sellung, Rachelle; Roßnagel, HeikoThis in-progress paper will discuss the importance of evaluation methods in complex large scale projects, specifically those regarding identity management systems and electronic Identities (eIDs). It will depict the advantages of using a Design Science methodological framework approach and show how the EU project FutureID has utilized this methodology to bring multiple disciplines perspectives together in a harmonized evaluation.
- KonferenzbeitragIdentity management and cloud computing in the automotive industry: first empirical results from a quantitative survey(Open Identity Summit 2015, 2015) Fähnrich, Nicolas; Kubach, MichaelThe automotive industry forms a complex network of original equipment manufacturers and suppliers that requires a high level of cooperation in development projects. Therefore, an efficient identity management system is needed to control access to exchanged data and collaboratively used IT-solutions supporting the development process. One of the main requirements for this system is the reliable authentication of engineers of various companies with different credentials. The SkIDentity-Project, which aims at building trusted identities for the cloud, addresses this scenario. In this context, we carried out a quantitative survey to investigate the diffusion and adoption of cloud computing and identity management technologies. First results are presented in this paper and show that although cloud computing is used by approximately half of the companies in the sample, we noticed that with an increasing number of involved parties, the trust in this technology drops significantly. Regarding identity management systems, we found a similar effect. Company-wide identity management systems are used by the majority of the companies but cross-company solutions are not adopted to this extent. Further scrutiny identified a lack of motivation as one of the main reasons for the low diffusion of this technology.
- KonferenzbeitragInnovative building blocks for versatile authentication within the skidentity service(Open Identity Summit 2015, 2015) Hühnlein, Detlef; Tuengerthal, Max; Wich, Tobias; Hühnlein, Tina; Biallowons, BenediktAccepting arbitrary electronic identity cards (eIDs) and similar authenticators in cloud and web applications has been a challenging task. Thanks to the multiply awarded 'SkIDentity Service' this has changed recently. This versatile authentication infrastructure combines open technologies, international eID standards and latest research results with respect to trusted cloud computing in order to offer electronic identification and strong authentication in form of a trustworthy, simple to use and cost efficient cloud computing service, which supports various European eIDs as well as alternative authenticators proposed by the FIDO Alliance for example. The present contribution exposes innovative and patent pending building blocks of the SkIDentity Service: (1) The 'Identity Broker', which eases the integration of authentication, authorization, federation and application services and in particular allows to derive secure credentials from conventional eID cards, which can be transferred to mobile devices for example. (2) The 'Universal Authentication Service' (UAS), which allows to execute arbitrary authentication protocols, which are specified by the recently introduced 'Authentication Protocol Specification' (APS) language, (3) the 'Cloud Connector' which eases the integration of federation protocols into web applications and last but not least (4) the 'SkIDentity Self-Service Portal', which makes it extremely easy for Service Providers to configure the necessary parameters in order to connect with the SkIDentity Service and use strong authentication in their individual applications.
- Editiertes BuchOpen Identity Summit 2015(2015)
- KonferenzbeitragProxied authentication in single sign-on setups with common open source systems - an empirical survey(Open Identity Summit 2015, 2015) Peinl, René; Holzschuher, FlorianThe paper presents results from an empirical study about the use of a single sign-on (SSO) system in an integrated open source system landscape for supporting team collaboration. A portal solution, enterprise content management system, groupware, business process management and enterprise search engine are used. The investigation shows that although it is easy to achieve SSO with the Web-based user interfaces of the information systems used, none of the systems was prepared to pass authentication tokens to the API of an integrated system or accept SSO tokens instead of username / password pairs for authentication against the API respectively. Different alternatives for achieving the desired functionality are presented and a recommendation for improvement of the affected information systems is derived.
- KonferenzbeitragQuality management in open source projects - experiences from the open ecard project(Open Identity Summit 2015, 2015) Nemmert, Daniel; Haase, Hans-Martin; Hühnlein, Detlef; Wich, TobiasOpen Source Software (OSS) has immensely increased in popularity over the years and it is well known, that software with public access to the sources is on average less error prone than closed source software, especially if the project is supported by a large community which peer reviews the sources [Kua02]. For new and smaller projects however there is no large community yet and hence achieving and maintaining sufficient product quality is challenging. Against this background the present paper discusses aspects of product quality management for OSS in general and shares the experiences gathered in the Open eCard project, which has developed an ISO/IEC 24727 based eID client.
- KonferenzbeitragSSEDIC.2020 on mobile eid(Open Identity Summit 2015, 2015) Kubach, Michael; Leitold, Herbert; Roßnagel, Heiko; Schunck, Christian H.; Talamo, MaurizioMobile electronic identity (eID) management solutions are on the rise worldwide and see a rapid take-up by stakeholders. In this paper experts from the SSEDIC.2020 network study and review the status of mobile eID deployment and use in e-government as well as industry with a focus on Europe. The findings demonstrate that mobile eID solutions have the potential to become a major means for digital identification but significant efforts still must be made to drive broad adoption across European member states, to guide secure integration of mobile solutions in the industry and to arrive at dedicated standards.
- KonferenzbeitragTopology of dynamic metadata exchange via a trusted third party(Open Identity Summit 2015, 2015) Pöhn, DanielaFederated Identity Management is an effective technology that allows multiple organizations to share resources. Deployments of the protocol Security Assertion Markup Language (SAML) practically require the pre-exchange of aggregated metadata files, making federations to fixed trust boundaries. Dynamic metadata exchange between identity provider and service provider via a trusted third party (TTP) overcomes these barriers. In this paper, we contrast dynamic metadata exchange with other state-of-the-art approaches and present the topology of the dynamic metadata exchange via a TTP. Furthermore, a distributed dynamic metadata exchange is proposed, in order to enhance the current protocol and provide a scalable solution for large-scale infrastructures.