Logo des Repositoriums

P335 - Open Identity Summit 2023

https://dl.gi.de/handle/20.500.12116/41682
Auflistung nach:

Auflistung P335 - Open Identity Summit 2023 nach Titel

1 - 10 von 15
  • Konferenzbeitrag
    Analysing user’s privacy preferences in smart-home environments with situational contexts
    (Open Identity Summit 2023, 2023) Ruff, Christopher; Benthien, Benedict; Orlowski, Alexander
    Due to the increasing adoption of smart home devices and technologies, implications for privacy gain importance. In this paper, correlations between specific characteristics of people and their preferences regarding the activity status of components in smart home devices are investigated. In addition, said preferences are analysed for inherent patterns to assist people in their decisions by suggesting preferences, which often occur together. A special focus of this work is the differentiation of preferences according to situational contexts. An online survey was conducted, and the results were analysed. The results imply strong correlations within the preferences and differences in preferences across different contexts.
  • Konferenzbeitrag
    Balancing Privacy and Value Creation in the Platform Economy: The Role of Transparency and Intervenability
    (Open Identity Summit 2023, 2023) Astfalk, Stefanie; Schunck, Christian H.
    Data are essential in the platform economy to create value. Since the General Data Protection Regulation (GDPR) demands a high level of protection for personal data, it becomes challenging for small- and medium-sized businesses to provide both: data-based services and compliance to the GDPR. Therefore, the paper focuses on the privacy protection goals of transparency and intervenability to enable privacy friendly business models. To better understand how this approach supports the needs of small- and medium-sized platform providers, a qualitative interview study is conducted. Especially, the lack of legal certainty and the unclarity of how the GDPR can be implemented compliantly in practical terms is found to be a challenge. Based on the interviews, requirements are derived which a personal rights management tool enabling transparency and intervenability should fulfill such as supporting legal compliance or reducing operational complexity. In summary, small- and medium-sized platform providers see providing transparency and intervenability as a promising new approach which they are willing to deploy given the right personal rights management tool.
  • Konferenzbeitrag
    Electronic identity mass compromize: Options for recovery
    (Open Identity Summit 2023, 2023) Fritsch, Lothar
    A National Digital Identity Framework should be designed in a proactive manner, should focus on a resilience-oriented approach, and should be aimed at limiting the risks that may originate from identity data management [IT18]. What is the preparedness of digital identity providers for recovery from compromise that affects large numbers of identities? Failures or attacks may destroy authenticators, data or trust chains that are the foundations of large identity ecosystems. The re-issuance of digital identities, of authenticators or the re-enrollment of the user base should get planned as contingency measures. Important parameters will be recovery time, complexity of re-registering subjects, distribution of effort between certification authorities, registrars and relying parties, and the availability of alternative technologies and staff resources. The article will, based on a review of standards and requirements documents, present evidence for a shortage of recovery readiness that endangers relying parties and identity ecosystems. From a review of standards and practice, we extract recovery procedures as far as they are planned for.
  • Konferenzbeitrag
    Establishing Trust in SSI Verifiers
    (Open Identity Summit 2023, 2023) Chadwick, David W.; Kubach, Michael; Sette, Ioram; Johnson Jeyakumar, Isaac Henderson
    We present a conceptual model that enables a user/holder with a wallet holding W3C Verifiable Credentials (VCs) to determine if the verifier is trusted to conform to GDPR so that it might be given the user’s personal identifying information contained in their VCs. We describe the implementation of this model using the TRAIN trust infrastructure and how wallets might interoperate with verifiers using different trust infrastructures. This leverages the OIDC GAIN proof of concept network currently being built using the draft OIDC Federation specification. We briefly describe the experiments that we have undertaken to date and the research that is still outstanding
  • Konferenzbeitrag
    Exploring the Human Factor in IT-security: A mobile lab for Investigating User Behavior
    (Open Identity Summit 2023, 2023) Fähnrich, Nicolas; Köster, Kevin; Renkel, Patrick; Huber, Richard; Menz, Nadja
    The threat of cybersecurity incidents is increasingly challenging for companies and employee interaction plays a crucial role in the majority of cyberattacks. In this paper, we present a mobile, scalable IT-security lab to investigate the human factor in such incidents. The lab enables study participants to experience cyberattacks in an immersive workplace environment. In order to ensure that the target group of small and medium sized company (SME) employees is reached, we have designed the mobile lab in such a way that it can be easily operated in different locations and sizes.
  • Konferenzbeitrag
    Lifting the Veil of Credential Usage in Organizations: A Taxonomy
    (Open Identity Summit 2023, 2023) Bochnia, Ricardo; Richter, Daniel; Anke, Jürgen
    With the emergence of self-sovereign identity (SSI) as a paradigm for digital identity management the handling of verifiable credentials (VCs) has become an important topic in organizations. Organizations process a wide variety of documents which can be considered credentials. Previous research shows that a challenge in developing SSI systems is a lack of understanding of the core aspects of the paradigm and their relation to existing organizational practices. Our research focuses on the different characteristics of credentials in organizations and maps the characteristics of VCs to physical credentials. Our findings indicate that credentials in organizations can be classified by ten dimensions. Additionally, VCs have many possible characteristics of physical credentials, althoughmplementation and support for certain features may be vendor-specific. Finally, we provide insights and suggestions for SSI researchers and developers.
  • Konferenzbeitrag
    MANTRA: A Graph-based Unified Information Aggregation Foundation for Enhancing Cybersecurity Management in Critical Infrastructures
    (Open Identity Summit 2023, 2023) Fuxen, Philipp; Hackenberg, Rudolf; Heinl, Michael P.; Ross, Mirko; Roßnagel, Heiko; Schunck, Christian H.; Yahalom, Raphael
    The digitization of almost all sectors of life and the quickly growing complexity of interrelationships between actors in this digital world leads to a dramatically increasing attack surface regarding both direct and also indirect attacks over the supply chain. These supply chain attacks can have different characters, e.g., vulnerabilities and backdoors in hardware and software, illegitimate access by compromised service providers, or trust relationships to suppliers and customers exploited in the course of business email compromise. To address this challenge and create visibility along these supply chains, threat-related data needs to be rapidly exchanged and correlated over organizational borders. The publicly funded project MANTRA is meant to create a secure and resilient framework for real-time exchange of cyberattack patterns and automated, contextualized risk management. The novel graph-based approach provides benefits for automation regarding cybersecurity management, especially when it comes to prioriization of measures for risk reduction and during active defense against cyberattacks. In this paper, we outline MANTRA’s scope, objectives, envisioned scientific approach, and challenges.
  • Konferenzbeitrag
    Modeling the Threats to Self-Sovereign Identities
    (Open Identity Summit 2023, 2023) Pöhn, Daniela; Grabatin, Michael; Hommel, Wolfgang
    Self-sovereign identity (SSI) is a relatively young identity management paradigm allowing digital identities to be managed in a user-centric, decentralized manner, often but not necessarily utilizing distributed ledger technologies. This emerging technology gets into the focus through the new electronic IDentification, Authentication and trust Services (eIDAS) regulation in Europe. As identity management involves the management and use of personally identifiable information, it is important to evaluate the threats to SSI. We apply the STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) threat modeling approach to the core components of SSI architecture and the interactions between them. Based on the summarized results, we discuss relevant mitigation methods and future research areas.
  • Konferenzbeitrag
    A more User-Friendly Digital Wallet? User Scenarios of a Future Wallet
    (Open Identity Summit 2023, 2023) Krauß, Anna-Magdalena; Kostic, Sandra; Sellung, Rachelle A.
    Identity wallets enable the management and use of digital identities and verification documents stored in one app. Users manage their data independently and decide for themselves which data they want to disclose for identification purposes. Recent research shows that current digital wallets face many usability problems, which makes it difficult for users to grasp their concept and how to use them. This paper presents an enhanced concept of a wallet, where its functionality is presented with user scenarios that have a user centric approach. The user scenarios illustrate a variety of possible uses of the wallet. For example, the new wallet concept envisions, how data can be transferred from one wallet to another person's wallet, how data can be managed by different people in one wallet, or how only individual pieces of information from credentials can be shared to maintain greater privacy for users.
  • Konferenzbeitrag
    Open Identity Summit 2023 - Complete proceedings
    (Open Identity Summit 2023, 2023) Chadwick, David W.; Kubach, Michael; Sette, Ioram; Johnson Jeyakumar, Isaac Henderson; Bochnia, Ricardo; Richter, Daniel; Anke, Jürgen; Sellung, Rachelle; Kubach, Michael; Otto, Sarah; Meisel, Michael; Fernet, Laouen; Mödersheim, Sebastian; Krauß, Anna-Magdalena; Kostic, Sandra; Sellung, Rachelle A.; Pöhn, Daniela; Grabatin, Michael; Hommel, Wolfgang; Kubach, Michael; Henderson, Isaac; Bithin, Alangot; Dimitrakos, Theo; Vargas, Juan; Winterstetter, Matthias; Krontiris, Ioannis; Schwalm, Steffen; Fuxen, Philipp; Hackenberg, Rudolf; Heinl, Michael P.; Ross, Mirko; Roßnagel, Heiko; Schunck, Christian H.; Yahalom, Raphael; Ruff, Christopher; Benthien, Benedict; Orlowski, Alexander; Astfalk, Stefanie; Schunck, Christian H.; Fritsch, Lothar; Fähnrich, Nicolas; Köster, Kevin; Renkel, Patrick; Huber, Richard; Menz, Nadja