Autor*innen mit den meisten Dokumenten
Neueste Veröffentlichungen
- KonferenzbeitragENX ID - an architecture for practical and secure cross company authentication(Open Identity Summit 2014, 2014) Kubach, Michael; Roßnagel, Heiko; Oly, Lennart; Wehrenberg, ImmoThis paper introduces a development approach and a novel architecture for cross company identity management and authentication. It aims to design an architecture, which is practically implementable in the highly collaborative environment that exists in the automotive industry. The paper sketches the conducted marked research to obtain such a model and presents an architecture design based on a trusted intermediary.
- KonferenzbeitragSecure cloud computing with skidentity: A cloud-teamroom for the automotive industry(Open Identity Summit 2014, 2014) Kubach, Michael; Özmü, Eray; Flach, GuntramA major security-challenge in the automotive industry is to enable the secure and flexible engineering cooperation with changing partners in complex development projects. Therefore an effective interorganizational identity management is needed to control access to cooperative development platforms. This identity management has to be based on reliable identification of engineers of various partners with different credentials. The SkIDentity-Project, that aims to build trusted identities for the cloud, addresses this scenario. By integrating the existing components, services and trust infrastructures into a comprehensive, legally valid and economically viable identity infrastructure the technology enables to provide trusted identities for the cloud and secure complete business processes and value chains. One pilot-application of the project is the “Cloud-Teamroom for the Automotive Industry”. It is adjusted to the specific requirements of the value chains in the automotive industry. Thanks to the SkIDentity-Technology, and via the so-called eID-Broker, engineers from different partners can access the cloudteamroom. For the required strong authentication they can use the credentials that are already available in their company. This paper presents the SkIDentitytechnology and exemplifies it by means of the pilot-application.
- KonferenzbeitragEidas as guideline for the development of a pan European eid framework in futureid(Open Identity Summit 2014, 2014) Cuijpers, Colette; Schroers, JessicaThis paper addresses the Regulation on Electronic transactions in the internal market: electronic identification and trust services (eIDAS) and analyses this regulatory framework in relation to the pan European eID infrastructure being developed in the FutureID project. The aim of this paper is to identify if eIDAS sets forward any legal requirements that need to be implemented in the FutureID infrastructure. Even though the focus of this paper is on the development of the FutureID infrastructure, the description of eIDAS and the analysis of its main requirements for technical developers are in general relevant to the development of online identification and authentication schemes.
- KonferenzbeitragMaking authentication stronger and more cost efficient with web of trust(Open Identity Summit 2014, 2014) Hulsebosch, Bob; Wegdam, Maarten; Oostdijk, Martijn; Dijk, Joost Van; Wijnen, Remco Poortinga - VanSolid registration processes for identity registration including proofing, vetting and binding are essential for strong authentication solutions. Solid typically implies a face-2-face component in the registration process, which is expensive and not user friendly. Alternatives that rely on remote registration often result in weak binding or are overly complex. We propose a web of trust approach in which users can indicate trust in the identity of other users. It combines the best of remote and physical registration practices. There is no need for a physical registration desk as other users in the web of trust take over the identification task. This paper describes how to achieve web of trust enhanced authentication assurance.
- KonferenzbeitragStrengthening Web Authentication through TLS - Beyond TLS Client Certificates(Open Identity Summit 2014, 2014) Mayer, Andreas; Mladenov, Vladislav; Schwenk, Jörg; Feldmann, Florian; Meyer, ChristopherEven though novel identification techniques like Single Sign-On (SSO) are on the rise, stealing the credentials used for the authentication is still possible. This situation can only be changed if we make novel use of the single cryptographic functionality a web browser offers, namely TLS. Although the use of client certificates for initial login has a long history, only two approaches to integrate TLS in the session cookie mechanism have been proposed so far: Origin Bound Client Certificates in [DCBW12], and the Strong Locked Same Origin Policy (SLSOP) in [KSTW07]. In this paper, we propose a third method based on the TLS-unique API proposed in RFC 5929 [AWZ10]: A single TLS session is uniquely identified through each of the two Finished messages exchanged during the TLS handshake, and RFC 5929 proposes to make the first Finished message available to higher layer protocols through a novel browser API. We show how this API can be used to strengthen all commonly used types of authentication, ranging from simple password based authentication and SSO to session cookie binding.
- KonferenzbeitragTowards a seamless digital Europe: the SSEDIC recommendations on digital identity management(Open Identity Summit 2014, 2014) Talamo, Maurizio; Ramachandran, Selvakumar; Barchiesi, Maria-Laura; Merella, Daniela; Schunck, ChristianThe SSEDIC (“Scoping the Single European Digital Identity Community”) thematic network has concluded an intensive 3-year consultation period together with over 200 European and international digital identity management experts and many stakeholder organizations to establish recommendations that address key issues regarding the usability and interoperability of electronic identity management solutions. The resulting recommendations are presented in this paper and should support the Eu- ropean Commission as well as other public and private stakeholders to set priorities for the path towards a Single European Digital Identity Community and the Horizon 2020. The key areas that need to be addressed as a priority are: mobile identity, attribute usage, authentication, and liability.
- KonferenzbeitragSecure and trustworthy file sharing over cloud storage using eid tokens(Open Identity Summit 2014, 2014) Duarte, Eduardo; Pinheiro, Filipe; Zúquete, André; Gomes, HélderThis paper presents a multi-platform, open-source application that aims to protect data stored and shared in existing cloud storage services. The access to the cryptographic material used to protect data is implemented using the identification and authentication functionalities of national electronic identity (eID) tokens. All peer to peer dialogs to exchange cryptographic material is implemented using the cloud storage facilities. Furthermore, we have included a set of mechanisms to prevent files from being permanently lost or damaged due to concurrent modification, deletion and malicious tampering. We have implemented a prototype in Java that is agnostic relatively to cloud storage providers; it only manages local folders, one of them being the local image of a cloud folder. We have successfully tested our prototype in Windows, Mac OS X and Linux, with Dropbox, OneDrive, Google Drive and SugarSync.
- KonferenzbeitragTowards a privacy-preserving inspection process for authentication solutions with conditional identification(Open Identity Summit 2014, 2014) Bieker, Felix; Hansen, Marit; Zwingelberg, HaraldAnonymous, yet accountable authentication solutions such as privacyenhancing attribute-based credentials do not only provide various privacy features, but also contain an option of conditional identification of specific attributes of the user. While the technical functionality of this so-called inspection is available, it has not yet been examined how the inspection operation can be embedded in the organizational framework of a service provider and which inspection grounds have to be considered. This text proposes a model inspection process with clearly defined roles and workflows derived from legal obligations and guidelines from European primary law and the EU data protection regime. Thereby implementation of privacy-preserving authentication solutions in practice is facilitated, as it has been shown in a pilot of an online communication platform in a Swedish school.
- Editiertes BuchOpen Identity Summit 2014(2014)
- KonferenzbeitragAnalyzing the state-of-the-art of scientific publications on identity management: is there an economic perspective?(Open Identity Summit 2014, 2014) Fähnrich, Nicolas; Kubach, MichaelAlthough sophisticated identity management (IdM) technologies have been developed for quite a while, they are not as broadly used as could be expected - in the corporate but especially in an end-user context. Some authors have argued that the reason for this lack of diffusion is not to be found in technological or privacy shortcomings. Rather, it is attributed to the disregard of an economic perspective in the research on IdM and the development of IdM-technologies. This argument, has so far not been scrutinized in a systematic way. Therefore, this article performs a literature analysis of scientific publications to analyze whether there is indeed a lack of publications on IdM that employ an economic perspective. The results of the analysis seem to support the argument that the economic perspective is neglected in the current research on IdM.