Logo des Repositoriums
 

P251 - Open Identity Summit 2015

Autor*innen mit den meisten Dokumenten  

Auflistung nach:

Neueste Veröffentlichungen

1 - 10 von 12
  • Konferenzbeitrag
    Evaluating complex identity management systems - the futureid approach
    (Open Identity Summit 2015, 2015) Sellung, Rachelle; Roßnagel, Heiko
    This in-progress paper will discuss the importance of evaluation methods in complex large scale projects, specifically those regarding identity management systems and electronic Identities (eIDs). It will depict the advantages of using a Design Science methodological framework approach and show how the EU project FutureID has utilized this methodology to bring multiple disciplines perspectives together in a harmonized evaluation.
  • Konferenzbeitrag
    Topology of dynamic metadata exchange via a trusted third party
    (Open Identity Summit 2015, 2015) Pöhn, Daniela
    Federated Identity Management is an effective technology that allows multiple organizations to share resources. Deployments of the protocol Security Assertion Markup Language (SAML) practically require the pre-exchange of aggregated metadata files, making federations to fixed trust boundaries. Dynamic metadata exchange between identity provider and service provider via a trusted third party (TTP) overcomes these barriers. In this paper, we contrast dynamic metadata exchange with other state-of-the-art approaches and present the topology of the dynamic metadata exchange via a TTP. Furthermore, a distributed dynamic metadata exchange is proposed, in order to enhance the current protocol and provide a scalable solution for large-scale infrastructures.
  • Konferenzbeitrag
    Automatic recognition, processing and attacking of single sign-on protocols with burp suite
    (Open Identity Summit 2015, 2015) Mainka, Christian; Mladenov, Vladislav; Guenther, Tim; Schwenk, Jörg
    SAML, Mozilla BrowserID, OpenID, OpenID Connect, Facebook Connect, Microsoft Account, OAuth - today's web applications are supporting a large set of Single Sign-On (SSO) solutions. Some of them have common properties and behavior, others are completely different. This paper will give an overview of modern SSO protocols. We classify them into two groups and show how to distinguish them from each other. We provide EsPReSSO, an open source Burpsuite plugin that identifies SSO protocols automatically in a browser's HTTP traffic and helps penetration testers and security auditors to manipulate SSO flows easily.
  • Konferenzbeitrag
    Towards a secure cloud usage for financial IT
    (Open Identity Summit 2015, 2015) Hilbrich, Marcus; Petrlic, Ronald; Becker, Steffen
    Cloud Computing and Big Data are the current hot topics in research and industry. Based on the enormous amount of preliminary work, ranging from grid and distributed computing to data mining and clustering, to name only a few approaches, cloud computing has become a defacto standard for computing in general and data-intensive industry tasks in particular. Thus, a lot of questions about how to develop and implement such systems are already answered, but nonetheless, there is reservation to adopt such techniques in some business areas. Most of the reservations are due to security reasons, as in certain areas, like in the banking sector or in the health industry, high levels of security standards have been met for decades and those standards must not be weakened. This is the reason why we investigate-closely together with partners from the industry-how to overcome security concerns in the adoption of cloud computing in the financial industry. An introduction to our strategies is given with this paper.
  • Konferenzbeitrag
    Proxied authentication in single sign-on setups with common open source systems - an empirical survey
    (Open Identity Summit 2015, 2015) Peinl, René; Holzschuher, Florian
    The paper presents results from an empirical study about the use of a single sign-on (SSO) system in an integrated open source system landscape for supporting team collaboration. A portal solution, enterprise content management system, groupware, business process management and enterprise search engine are used. The investigation shows that although it is easy to achieve SSO with the Web-based user interfaces of the information systems used, none of the systems was prepared to pass authentication tokens to the API of an integrated system or accept SSO tokens instead of username / password pairs for authentication against the API respectively. Different alternatives for achieving the desired functionality are presented and a recommendation for improvement of the affected information systems is derived.
  • Konferenzbeitrag
    Using proxy re-encryption for secure data management in an ambient assisted living application
    (Open Identity Summit 2015, 2015) Zach, Hannes; Peinsold, Philip; Winter, Johannes; Danner, Peter; Hatzl, Jakob
    Whenever applications process sensitive user data, secure storage and distribution plays a key role. This paper points out the security demands of an Ambient Assisted Living (AAL) application and demonstrates the usage of proxy re-encryption in order to fulfil its security requirements for storage and distribution of sensitive data. Because AAL systems often exhibit the same security needs as the application developed in the presented project, the described implementation can serve as a point of reference for similar projects.
  • Konferenzbeitrag
    Quality management in open source projects - experiences from the open ecard project
    (Open Identity Summit 2015, 2015) Nemmert, Daniel; Haase, Hans-Martin; Hühnlein, Detlef; Wich, Tobias
    Open Source Software (OSS) has immensely increased in popularity over the years and it is well known, that software with public access to the sources is on average less error prone than closed source software, especially if the project is supported by a large community which peer reviews the sources [Kua02]. For new and smaller projects however there is no large community yet and hence achieving and maintaining sufficient product quality is challenging. Against this background the present paper discusses aspects of product quality management for OSS in general and shares the experiences gathered in the Open eCard project, which has developed an ISO/IEC 24727 based eID client.
  • Konferenzbeitrag
    Economic issues of federated identity management - an estimation of the costs of identity lifecycle management in inter-organisational information exchange using transaction cost theory
    (Open Identity Summit 2015, 2015) Kurowski, Sebastian
    Inter-organisational data-exchange is common in inter-organisational value-chains. Currently information providing organizations enrol users of suppliers, in order to enable them to access their services and information. This leaves some users with the issue of handling multiple credentials, introducing risks of password-reuse [Iv04] and weak-passwords [Ne94]. Federated identity management eases this scenario, by enabling users to authenticate against their organizations' identity provider [Hü10]. However, the costs involved in managing the underlying identity and rights lifecycle have hardly been considered. This paper addresses this gap, by using the principal-agent theory, and transaction cost theory, structuring the identity lifecycle using [BS08] [IS05] [IS10], and estimating the management costs. We finally analyse the economic benefits of federated identity management in inter-organisational information exchange. We find that while process costs for executing the identity lifecycle are reduced for the information provider, by introducing federated identity management, the control costs reduce, and in one case even diminish this cost benefit. We briefly discuss our findings, and conclude that further mechanisms and research is required to reduce the efforts in auditing, in order to fully unlock the security and economic benefits of federated identity management.
  • Konferenzbeitrag
    Innovative building blocks for versatile authentication within the skidentity service
    (Open Identity Summit 2015, 2015) Hühnlein, Detlef; Tuengerthal, Max; Wich, Tobias; Hühnlein, Tina; Biallowons, Benedikt
    Accepting arbitrary electronic identity cards (eIDs) and similar authenticators in cloud and web applications has been a challenging task. Thanks to the multiply awarded 'SkIDentity Service' this has changed recently. This versatile authentication infrastructure combines open technologies, international eID standards and latest research results with respect to trusted cloud computing in order to offer electronic identification and strong authentication in form of a trustworthy, simple to use and cost efficient cloud computing service, which supports various European eIDs as well as alternative authenticators proposed by the FIDO Alliance for example. The present contribution exposes innovative and patent pending building blocks of the SkIDentity Service: (1) The 'Identity Broker', which eases the integration of authentication, authorization, federation and application services and in particular allows to derive secure credentials from conventional eID cards, which can be transferred to mobile devices for example. (2) The 'Universal Authentication Service' (UAS), which allows to execute arbitrary authentication protocols, which are specified by the recently introduced 'Authentication Protocol Specification' (APS) language, (3) the 'Cloud Connector' which eases the integration of federation protocols into web applications and last but not least (4) the 'SkIDentity Self-Service Portal', which makes it extremely easy for Service Providers to configure the necessary parameters in order to connect with the SkIDentity Service and use strong authentication in their individual applications.
  • Konferenzbeitrag
    Identity management and cloud computing in the automotive industry: first empirical results from a quantitative survey
    (Open Identity Summit 2015, 2015) Fähnrich, Nicolas; Kubach, Michael
    The automotive industry forms a complex network of original equipment manufacturers and suppliers that requires a high level of cooperation in development projects. Therefore, an efficient identity management system is needed to control access to exchanged data and collaboratively used IT-solutions supporting the development process. One of the main requirements for this system is the reliable authentication of engineers of various companies with different credentials. The SkIDentity-Project, which aims at building trusted identities for the cloud, addresses this scenario. In this context, we carried out a quantitative survey to investigate the diffusion and adoption of cloud computing and identity management technologies. First results are presented in this paper and show that although cloud computing is used by approximately half of the companies in the sample, we noticed that with an increasing number of involved parties, the trust in this technology drops significantly. Regarding identity management systems, we found a similar effect. Company-wide identity management systems are used by the majority of the companies but cross-company solutions are not adopted to this extent. Further scrutiny identified a lack of motivation as one of the main reasons for the low diffusion of this technology.