Open Identity Summit

Permanent URI for this communityhttps://dl.gi.de/handle/20.500.12116/20959

Authors with most Documents  

Kubach, Michael
24
Roßnagel, Heiko
19
Hühnlein, Detlef
13
Kurowski, Sebastian
11
Wich, Tobias
11

Browse

Search Results

1 - 10 of 204
  • Conference Paper
    A Trust Registries Enrollment Tool Supporting Decentralized Ecosystem Governance: Use Case Healthcare
    (Gesellschaft für Informatik e.V., 2024) Johnson Jeyakumar, Isaac Henderson; Kubach, Michael; Vargas, Juan; Walker, John; Roßnagel, Heiko; Schunck, Christian H.; Sousa, Filipe
    Decentralized governance models have gained prominence in business ecosystems. These require trust, transparency, and collaboration among diverse stakeholders. Trust registries play a pivotal role in ensuring the integrity and authenticity of participants within these decentralized networks. However, the enrollment process presents challenges such as identity verification and reputation assessment. This paper introduces a Trust Registries Enrollment Tool (TRET) to facilitate the process. It simplifies procedures, strengthens trust, and enables secure and efficient participation in an ecosystem. This paper outlines its architecture, technical implementation, and potential impact. The practical use case is COVID19 certificate providers, highlighting its transformative potential for decentralized governance in healthcare and beyond.
  • Conference Paper
    Open Identity Summit 2024 - Complete Volume
    (Gesellschaft für Informatik e.V., 2024) Roßnagel, Heiko; Schunck, Christian H.; Sousa, Filipe
  • Conference Paper
    GRAIN: Truly Privacy-friendly and Self-sovereign Trust Establishment with GNS and TRAIN
    (Gesellschaft für Informatik e.V., 2024) Schanzenbach, Martin; Nadler, Sebastian; Johnson Jeyakumar, Isaac Henderson; Roßnagel, Heiko; Schunck, Christian H.; Sousa, Filipe
    Robust and secure trust establishment is an open problem in the domain of self-sovereign identities (SSI). The TRAIN [KR21] concept proposes to leverage the security guarantees and trust anchor of the DNS to publish and resolve pointers to trust lists from DNS. While the DNS is a corner stone of the Internet, its continued use is primarily a consequence of inertia due to its crucial function as the address discovery system for existing Internet services. Research and development in the area of SSI is — for the most part — green field. The choice of DNS as a core building block appears fainthearted given its open security issues. Recently, the IETF paved the way to experiment with alternative name systems in real world deployments by reserving the special-use top-level domain “.alt” in the domain name space [KH23]. This allows us to use alternative name systems such as the GNU Name System (GNS) [SGF23a] without intruding into the domain name space reserved for DNS. In this paper, we show how we can use the GNS as a drop-in replacement for DNS in TRAIN. We show how TRAIN-over-GNS (GRAIN) can deliver security and privacy improvements the security concept of TRAIN-over DNS and show that it is practically feasible with limited modifications of existing software stacks.
  • Conference Paper
    Towards Building GDPR-Friendly Consent Management Systems on Top of Self-Sovereign Identity Ecosystems
    (Gesellschaft für Informatik e.V., 2024) Schramm, Julia; Eichinger, Tobias; Roßnagel, Heiko; Schunck, Christian H.; Sousa, Filipe
    Consent is a legal basis that legitimizes the processing of personal data under the General Data Protection Regulation (GDPR). Implementing consent management systems in a GDPR-compliant fashion has proven difficult. A major pain point of current implementations is that users only have insufficient means to prove that they withdrew consent. Controllers can, therefore, plausibly deny having received a notification of consent withdrawal and it is thus at their discretion to continue the processing of personal data against the user’s will. As a remedy, it has been proposed to log consent withdrawal events in blockchains to make them non-repudiable by controllers. This approach is typically at odds with the GDPR’s fundamental principle of Storage Limitation. The issue is that a consent withdrawal event has to permit identification of the user who submitted it, yet only until the controller has received it. However, if they are logged in a blockchain, identification is possible indefinitely, as blockchains are append-only databases that do not facilitate deletion. In the paper at hand, we alleviate this issue and present work in progress on a consent management system in which users (i) give consent by issuing a verifiable credential to a controller and (ii) withdraw consent by revoking it. These two functions are natively provided in Self-Sovereign Identity (SSI) ecosystems.
  • Conference Paper
    Evaluating the Good Practices of User Experience for Mobile and Electronic Governmental Services
    (Gesellschaft für Informatik e.V., 2024) Sellung, Rachelle; Kiss, Lennart; Roßnagel, Heiko; Schunck, Christian H.; Sousa, Filipe
    With digitalization in the focus of governmental services for citizens, mobile services need to provide users with a good user experience and usability to encourage greater user acceptance. [SHB22] defined ten Good Practices to support greater User Experience and Usability for Mobile Governmental Services. These Good Practices are evaluated and validated in this paper by a User Study that consisted of Qualitative and Quantitative results. Good practices of user experience can help impact and support the integration of the basic user experience needs into thetechnical development processes for future digitalization of mobile governmental services.
  • Conference Paper
    Evaluating the evaluation criteria for account-recovery procedures in passwordless authentication
    (Gesellschaft für Informatik e.V., 2024) Keil, Manuel; Zugenmaier, Alf; Roßnagel, Heiko; Schunck, Christian H.; Sousa, Filipe
    Passwordless authentication avoids the weaknesses of password based authentication such as guessable passwords and password reuse. However, when passwordless authentication becomes impossible for the user, e.g. due to loss of the security token, an account recovery method has to be used. Kunke et al. [Ku21] analysed these recovery mechanisms in respect of criteria they extracted from the literature. However, these criteria in the literature were based on researchers’ opinions and were not grounded in practical experience.To achieve this grounding, semi-structured interviews were conducted with practitioners in various industries. These experts were asked to rate the existing criteria and contribute additional criteria if required. The result is a weighted list of criteria that can be used in future to evaluate account recovery procedures.
  • Conference Paper
    Gaining Back the Control Over Identity Attributes: Access Management Systems Based on Self-Sovereign Identity
    (Gesellschaft für Informatik e.V., 2024) Keil, Kenneth-Raphael; Bochnia, Ricardo; Gudymenko, Ivan; Köpsell, Stefan; Anke, Jürgen; Roßnagel, Heiko; Schunck, Christian H.; Sousa, Filipe
    Digital employee cards used for door access control offer benefits, but concerns about traceability, profiling and performance monitoring have led to opposition from workers’ councils and employees. However, the emerging identity management approach, Self-Sovereign Identity (SSI), can address these concerns by giving control over disclosed identity attributes back to the end user. This paper analyzes a real-world access management scenario in a hospital building and applies the SSI paradigm to address the identified issues. The analysis assumes a semi-honest observing attacker sniffing on the payload and the transport layer. The SSI-based proof of concept is shown to have a high potential to protect against traceability and profiling. However, in addition to the careful technical implementation of SSI, it is important to consider non-technical factors such as governance for a holistic solution. We propose potential strategies to further minimize privacy risks associated with SSI-based employee identity management using mediators.
  • Conference Paper
    Accountable Banking Transactions
    (Gesellschaft für Informatik e.V., 2024) Mödersheim, Sebastian; Chen, Siyu; Roßnagel, Heiko; Schunck, Christian H.; Sousa, Filipe
    This paper shows how to apply the idea of Three branches of Accountability by Mödersheim and Cuellar to make banking transactions accountable, i.e., neither can the customer later deny to have placed the order, nor can the bank execute a transaction that the customer did not order. This is done in a general way that deliberately gives freedom to instantiate the system in several different ways, as long as it follows a few basic principles, and we show accountability holds in every instance.
  • Conference Paper
    Fulfilling Principles of Self-Sovereign Identity: Towards a Conformity Assessment Approach for Human Wallets
    (Gesellschaft für Informatik e.V., 2024) Doege, Dustin; Bochnia, Ricardo; Anke, Jürgen; Roßnagel, Heiko; Schunck, Christian H.; Sousa, Filipe
    Self-Sovereign Identity (SSI) represents a paradigm shift toward user-centric digital identity management by emphasizing principles such as user control and privacy. However, there is a notable gap in assessing how these principles are implemented within existing SSI products despite the ongoing research interest in the theoretical principles of SSI. Our research introduces a structured conformity assessment approach to bridge the gap between theoretical ideals and practical implementation. This approach enables the assessment of SSI products based on fulfilling requirements derived from SSI principles. This provides developers and policymakers with a tool to assess the adherence of SSI products to the fundamental principles. Thus, it may serve developers as a design guideline and policymakers as a basis for certification processes.
  • Conference Paper
    Qualified Ledgers – Breakthrough for proven security and legal trust in DLT through eIDAS2 Regulation?
    (Gesellschaft für Informatik e.V., 2024) Alamillo, Ignacio; Schwalm, Steffen; Stoecker, Carsten; Thiermann, Ricky; Roßnagel, Heiko; Schunck, Christian H.; Sousa, Filipe
    eIDAS 2.0 as a legal and technical framework for trustworthy, decentralized identities in conjunction with the EU digital wallet and various trust services could lead to a rise in distributed ledger technologies (DLT) and European Blockchain Services and Infrastructure (EBSI). A variety of possible uses of distributed ledger technologies in conjunction with the EU digital wallet under the regulatory requirements of eIDAS 2.0 are conceivable and could also lead to broader use of EBSI with the qualified trust service for electronic ledgers.