Auflistung P223 - Open Identity Summit 2013 nach Titel
1 - 10 von 24
Treffer pro Seite
- KonferenzbeitragApproaches and challenges for a single sign-on enabled extranet using Jasig CAS.(Open Identity Summit 2013, 2013) Holzschuher, Florian; Peinl, RenéIn this paper we describe our experiences with setting up a single signon enabled intranet with open source software and then making it accessible over the internet using a reverse proxy. During this process, we encounter several issues. We describe those, discuss possible solutions and present our final setup.
- KonferenzbeitragAuthentication and security integration for eCampus services at the University of Applied Sciences Harz using the German Electronic Identity Card/eID and eGovernment Standards(Open Identity Summit 2013, 2013) Strack, HermannA eCampus security shell architecture was developed and deployed to improve the security of existing university management systems (legacy UMS), integrating innovative eGovernment Standards e.g. the German Electronic Identity Card (GeID), the eGovernment Protocol OSCI and qualified Signatures (QES).
- KonferenzbeitragAuthentication on high critical infrastructures using interoperable federated identities(Open Identity Summit 2013, 2013) Lunkeit, Armin; Großmann, JürgenThe technical guideline TR-03109 divides between the roles of the SMGW technician and the Gateway administrator whereas the Gateway administrator gains full access to the SMGW and the service technician has only very limited access rights. In many scenarios the service technician will also need full access to the Smart Meter Gateway which means that he must be able to change its role. Federated identities can help to create a solution that keeps the strict role enforcement between service technician and Gateway Administrator. This article presents an approach on the background of the current Smart Grid development and identity technology adopting approaches used for the German national ID card. A short discussion pertaining threats and risks completes the discussion.
- KonferenzbeitragAuthentication on Mobile Devices for Business Application(Open Identity Summit 2013, 2013) Müller, Martina; Zoller, Fabian; Pansa, Ingo; Gerlicher, AnsgarIdentity management faces new challenges of protecting resources that are aces from different and maybe unknown devices. This is caused by the fact that employees bring their own mobile devices to their offices and work with them [Gar12]. Consequently users, programmer and companies have to face challenges that arise from mobile authentication: the need for accessing business application is based on the employees user identity. This paper describes a methodical analysis and evaluation of the current state of the art authentication methods. The resulting evaluation is the basis for a prototypical implementation of the best evaluated authentication methods on mobile devices. To test and confirm the theoretical architectures implemented on mobile devices a usability test has been made. A conclusion sums up the lessons learned and recommendations are made.
- KonferenzbeitragCloud-based provisioning of qualified certificates for the German ID card(Open Identity Summit 2013, 2013) Selhorst, Marcel; Schwarz, CarstenIn November 2010 the German government introduced a new national ID card. The Bundesdruckerei GmbH was the responsible company for designing and producing the ID card including its highly sophisticated security features. Besides traditional means for visual identification, the card contains a wireless smartcard chip enabling online usage of the ID card. Thus citizens are now able to prove their identity, age or place of residence to an online service provider, e.g., through a web application. Additionally, the chip contains an inactive application for the generation of digital signatures based on elliptic curve cryptography (ECDSA) which - upon activation - can be used to digitally sign electronic documents (online as well as offline). The Bundesdruckerei GmbH is currently the only party able to perform online post-issuance personalization of qualified electronic signature certificates on the ID card. In order to do so, a new web application called “sign-me”1 has been developed enabling citizens to activate the signature application on the ID card. In order to diminish the technical challenges for the citizens, “sign-me” takes over the required steps of performing the required online identification of the citizen according to the German signature law by using the eID-application provided by the new ID card, generating a fresh signature key pair on the ID card, exporting the according public key to the certificate service provider “D-TRUST GmbH”, the trustcenter of the Bundesdruckerei GmbH, which is then responsible for binding the citizen's identity to the generated signature key pair by issuing the according X.509-certificate, and finally storing the issued qualified certificate on the citizen's ID card. This invited talk briefly introduces the German eID system and focuses on the organizational process as well as the infrastructure required for secure online issuance and management of the certificates. We will introduce the “sign-me” web application and show how citizens can activate the signature application on their ID card, how quickly it is possible to issue and store a qualified certificate on the ID card and how it can be used to finally sign documents. An outlook on envisioned further extensions of “sign-me” concludes the presentation.
- KonferenzbeitragCommon Criteria certified open source software – fact or fiction?(Open Identity Summit 2013, 2013) Gustavsson, TomasIn 2012 the two open source projects CESeCore and EJBCA were Common Criteria certified [CCP], using open source tools and open source methodologies. As the actual software and its long term evolution is perhaps the most important result for most users, we will look at how certification, distribution and maintenance is managed. Can they be done in an open source way, and is certification always suitable? The Common Criteria for Information Technology Security Evaluation (Common Criteria) is a standard for IT security certification defined by ISO/IEC 15408 [WP]. The Common Criteria provides trust that processes for specification, implementation and evaluation has been performed in a rigorous and standardized way. Recognized world wide and governed by national certification bodies, Common Criteria is used as requirement for procurement and use of security software in governments, banks and enterprises. Common Criteria has been criticized for large costs and potential discrimination against Open Source Software [DW]. Given the rigorous system that Common Criteria enforces, how can open source software be certified, and maintained as certified? Drawbacks and benefits of a Common Criteria certification will be described, and how certification limits the maintenance of an open source project. Common Criteria certified open source software – fact or fiction? After this presentation software developers will be able to determine if their open source project is suitable for Common Criteria certification, whilst software users will have a good idea if they should require certification.
- KonferenzbeitragThe eID-Terminology Work of FutureID(Open Identity Summit 2013, 2013) Bruegger, Bud P.; Müller, Moritz-ChristianThe paper reports on the experience of the FutureID project in the creation and use of an eID terminology so far. A major part of work has reviewed the state of the art in eID Terminologies. Five existing terminologies have been compared and analyzed in detail to yield unexpected and surprising results. On this basis, FutureID has designed its approach for creation and use of an eID terminology that is currently being implemented in the project. It is hoped that the terminology, its approach, and the related infrastructure will constitute a general community resource, well beyond the scope and duration of the project.1 Section heading
- KonferenzbeitragAn extensible client platform for eID, signatures and more(Open Identity Summit 2013, 2013) Wich, Tobias; Horsch, Moritz; Petrautzki, Dirk; Schmölz, Johannes; Hühnlein, Detlef; Wieland, Thomas; Potzernheim, SimonThe present paper introduces an extensible client platform, which can be used for eID, electronic signatures and many more smart card enabled applications.
- KonferenzbeitragHow to authenticate mobile devices in a web environment – The SIM-ID approach(Open Identity Summit 2013, 2013) Feldmann, Florian; Schwenk, JörgWith the advent of the iPhone AppStore and Google Play, the 'walled garden' approach of telecommunication companies to supply content to their customers using standard GSM/UMTS/LTE authentication has failed: Neither Google nor Apple, nor any other content provider on the mobile internet, uses the SIM card for authentication. This is mainly due to the fact that mobile telecommunication and internet architectures differ substantially. In this paper, we propose several bridging technologies to fill this gap. We exemplarily show how to use SIM authentication for web-based Single-Sign-On protocols. Starting from simple password replacement in the authentication between User Agent (UA) and Identity Provider (IdP), we show how we can achieve strong channel bindings between all TLS channels and SIM based authentication.
- KonferenzbeitragIdentity management in cloud computing in conformity with European Union law? – Problems and approaches pursuant to the proposal for a regulation by the European Commission on electronic identification and trust services for electronic transactions in the internal market(Open Identity Summit 2013, 2013) Sädtler, StephanOn 4 June 2012, the EU Commission submitted a draft of a regulation on “electronic identification and trust services for electronic transactions in the internal market“ [EC12]2. Due to its impact onto the infrastructure of the new German identity card (nPA) it is subject to fierce criticism, particularly from Germany. This essay seeks to address that criticism and to discuss potential approaches, amongst others that of the research project „SkIDentity – Trusted Identities in the Cloud“ of the „Trusted Cloud“ programme3, whilst also addressing accompanying questions of law in the context of identity management in cloud computing.