Logo des Repositoriums
 

P223 - Open Identity Summit 2013

Autor*innen mit den meisten Dokumenten  

Auflistung nach:

Neueste Veröffentlichungen

1 - 10 von 24
  • Konferenzbeitrag
    Approaches and challenges for a single sign-on enabled extranet using Jasig CAS.
    (Open Identity Summit 2013, 2013) Holzschuher, Florian; Peinl, René
    In this paper we describe our experiences with setting up a single signon enabled intranet with open source software and then making it accessible over the internet using a reverse proxy. During this process, we encounter several issues. We describe those, discuss possible solutions and present our final setup.
  • Konferenzbeitrag
    Service providers' requirements for eID solutions: Empirical evidence from the leisure sector
    (Open Identity Summit 2013, 2013) Kubach, Michael; Roßnagel, Heiko; Sellung, Rachelle
    Although eID technology has undergone several development cycles and eID have been issued to citizens of various European countries, it is still not as broadly used as originally expected. One reason is the absence of compelling use cases besides eGovernment. Current Research focuses mainly on the needs of the user and technical aspects. The economic perspective is often disregarded. This is especially the case for the service providers that play a fundamental role in the adoption of the technology. The requirements of these stakeholders certainly have to be considered in the development of viable business models. So far, however, little empirical evidence on these requirements exists. We therefore performed a survey-based empirical analysis in two industries from the leisure sector to gain first insights into this topic. Results show that the service providers in our sample don't see a pressing need to change their currently used authentication method. However, they think that certain eID features could be valuable for their services. Our analysis of the hurdles showed that there is no ultimate reason that keeps service providers from implementing the eID technology.
  • Konferenzbeitrag
    An extensible client platform for eID, signatures and more
    (Open Identity Summit 2013, 2013) Wich, Tobias; Horsch, Moritz; Petrautzki, Dirk; Schmölz, Johannes; Hühnlein, Detlef; Wieland, Thomas; Potzernheim, Simon
    The present paper introduces an extensible client platform, which can be used for eID, electronic signatures and many more smart card enabled applications.
  • Konferenzbeitrag
    Selective LDAP Multi-Master Replication
    (Open Identity Summit 2013, 2013) Bauereiss, Thomas; Gohmann, Stefan; Hutter, Dieter; Kläser, Alexander
    LDAP directory services are widely used to store and manage information about the assets of organisations and to ease the administration of IT infrastructure. With the popularity of cloud computing many companies start to distribute their computational needs in mixed-cloud infrastructures. However, distributing an LDAP directory including sensitive information to partially trusted cloud servers would constitute a major security risk. In this paper, we describe an LDAP replication mechanism that allows for a fine-grained selection of parts of an LDAP directory tree that are replicated to another server using content-based filters, while maintaining the availability and performance advantages of a full multi-master replication. We discuss sufficient conditions on replication topology and admissible operations such that the replication mechanism provides eventual consistency of selectively replicated data.
  • Konferenzbeitrag
    An Open eCard Plug-in for accessing the German national Personal Health Record
    (Open Identity Summit 2013, 2013) Kuhlisch, Raik; Petrautzki, Dirk; Schmölz, Johannes; Kraufmann, Ben; Thiemer, Florian; Wich, Tobias; Hühnlein, Detlef; Wieland, Thomas
    An important future application of the German electronic health card (elektronische Gesundheitskarte, eGK) is the national Personal Health Record (PHR), because it enables a citizen to store and retrieve sensitive medical data in a secure and self-determined manner. As the stored data is encrypted with an eGK- specific certificate and retrieving the encrypted data is only possible after TLS- based authentication, the citizen needs to use a so called “PHR Citizen Client”, which allows to use the eGK for strong authentication, authorization, and decryption purposes. Instead of building such an application from scratch, this paper proposes to use the Open eCard App and its extension mechanism for the efficient creating of a PHR Citizen Client by developing an Open eCard Plug-in for accessing the German national Personal Health Record.
  • Konferenzbeitrag
    A Novel Set of Measures against Insider Attacks – Sealed Cloud
    (Open Identity Summit 2013, 2013) Jäger, Hubert; Monitzer, Arnold; Rieken, Ralf; Ernst, Edmund
    Security and privacy have turned out to be major challenges of the further Internet evolution in general and cloud computing, in particular. This paper proposes a novel approach to safeguard against previously unimpeded insider attacks, referred to as Sealed Cloud. A canonical set of technical measures is described, which, in conjunction, sufficiently complicate and thus economically prevent insider access to unencrypted data. This paper shows the advantages versus end-to-end encryption relative to communication services. Another application of the Sealed Cloud, referred to as Sealed Freeze, provides a seminal solution to privacy issues pertaining to data retention.
  • Konferenzbeitrag
    Unlinkability Support in a Decentralised, Multiple-identity Social Network
    (Open Identity Summit 2013, 2013) Thiel, Simon; Hermann, Fabian; Heupel, Marcel; Bourimi, Mohamed
    Providing support for unlinkability in a decentralized, multiple-identity social network is a complex task, which requires concepts and solutions on the technical as well as on the user-interface level. Reflecting these diverse levels of an application, this paper presents three scenarios to impede the linkability of multiple identities in decentralized social networking. Solutions cover a communication infrastructure which allows referencing to multiple identities; analysis of user content and sharing history to present linkability warnings; and user interface means allow for a privacy-ensuring management of partial identities. The di.me userware research prototype of the EU FP7 funded digital.me (di.me) is introduced to show the integration of the solutions accordingly.
  • Editiertes Buch
  • Konferenzbeitrag
    Secure Hardware-Based Public Cloud Storage
    (Open Identity Summit 2013, 2013) Zwattendorfer, Bernd; Suzic, Bojan; Teufl, Peter; Derler, Andreas
    The storage of data on remote systems such as the public cloud opens new challenges in the field of data protection and security of the stored files. One possible solution for meeting these challenges is the encryption of the data at the local device, e.g. desktop, tablet, or smartphone, prior to the data transfer to the remote cloud-based storage. However, this approach bears additional challenges itself, such as secure encryption key management or secure and effective sharing of data in user groups. Including an additional encryption layer and security checks may additionally affect the system's usability, as higher security requirements and a group sharing workflow increase general overhead through the complete organization of processes. To overcome such issues, we propose a solution which is based on highly secure and attack-resistant hardware-based encryption applied through the use of the Austrian citizen card public key infrastructure. As the citizen card infrastructure is already deployed and available to a wide population, the service overhead and additional requirements of our proposed solution are lower in comparison to other approaches, while at the same time synergistic and networking effects of the deployed infrastructure facilitate its usage and further potentials.
  • Konferenzbeitrag
    Cloud-based provisioning of qualified certificates for the German ID card
    (Open Identity Summit 2013, 2013) Selhorst, Marcel; Schwarz, Carsten
    In November 2010 the German government introduced a new national ID card. The Bundesdruckerei GmbH was the responsible company for designing and producing the ID card including its highly sophisticated security features. Besides traditional means for visual identification, the card contains a wireless smartcard chip enabling online usage of the ID card. Thus citizens are now able to prove their identity, age or place of residence to an online service provider, e.g., through a web application. Additionally, the chip contains an inactive application for the generation of digital signatures based on elliptic curve cryptography (ECDSA) which - upon activation - can be used to digitally sign electronic documents (online as well as offline). The Bundesdruckerei GmbH is currently the only party able to perform online post-issuance personalization of qualified electronic signature certificates on the ID card. In order to do so, a new web application called “sign-me”1 has been developed enabling citizens to activate the signature application on the ID card. In order to diminish the technical challenges for the citizens, “sign-me” takes over the required steps of performing the required online identification of the citizen according to the German signature law by using the eID-application provided by the new ID card, generating a fresh signature key pair on the ID card, exporting the according public key to the certificate service provider “D-TRUST GmbH”, the trustcenter of the Bundesdruckerei GmbH, which is then responsible for binding the citizen's identity to the generated signature key pair by issuing the according X.509-certificate, and finally storing the issued qualified certificate on the citizen's ID card. This invited talk briefly introduces the German eID system and focuses on the organizational process as well as the infrastructure required for secure online issuance and management of the certificates. We will introduce the “sign-me” web application and show how citizens can activate the signature application on their ID card, how quickly it is possible to issue and store a qualified certificate on the ID card and how it can be used to finally sign documents. An outlook on envisioned further extensions of “sign-me” concludes the presentation.