P335 - Open Identity Summit 2023

Permanent URI for this collectionhttps://dl.gi.de/handle/20.500.12116/41682

Authors with most Documents  

Kubach, Michael
4
Schunck, Christian H.
3
Anke, Jürgen
2
Astfalk, Stefanie
2
Benthien, Benedict
2

Browse

Search Results

1 - 10 of 15
  • Conference Paper
    A shared responsibility model to support cross border and cross organizational federation on top of decentralized and self-sovereign identity: Architecture and first PoC
    (Gesellschaft für Informatik e.V., 2023) Kubach, Michael; Henderson, Isaac; Bithin, Alangot; Dimitrakos, Theo; Vargas, Juan; Winterstetter, Matthias; Krontiris, Ioannis; Roßnagel, Heiko; Schunck, Christian H.; Günther, Jochen
    This paper discusses the challenges of transitioning from legacy federated identity systems to emerging decentralized identity technologies based on self-sovereign identities (SSI) and verifiable credentials, which are being used in initiatives such as Gaia-X and Catena-X for secure and sovereign data sharing. The adoption of SSI and decentralized identity technologies requires a standardized reference model that addresses challenges around trust in cross-border and crossorganizational federations based on decentralized identities. To facilitate this transition, the paper proposes a new Fed2SSI architecture that introduces a middle layer of abstraction for the policybased transformation of credentials, enabling interoperability between legacy federated identity solutions and SSI/decentralized identity environments. The architecture is implemented in a prototype and an exemplary use case is presented to illustrate the added value of this approach.
  • Conference Paper
    The possible impact s of the eIDAS 2.0 digital identity approach in Germany and Europe
    (Gesellschaft für Informatik e.V., 2023) Schwalm, Steffen; Roßnagel, Heiko; Schunck, Christian H.; Günther, Jochen
    eIDAS 2.0 introduces the EU Digital Wallet as the eID mean including not only the PID (eID Scheme) but also additional attributes like (qualified) attestation of attributes and gives the control over its identity back to the user in regulated approach. This means that eIDAS 2.0 gives the possibility to provide legal trust on decentralized digital identities in self-sovereign manner by combining existing trust model from eIDAS 1.0 with SSI-approach. The paper describes based on the legal proposal possible impacts of eIDAS 2.0 on German and European identity and trust services in order to provide framework for trustworthy digital transactions in EU and EFTA
  • Conference Paper
    A more User-Friendly Digital Wallet? User Scenarios of a Future Wallet
    (Gesellschaft für Informatik e.V., 2023) Krauß, Anna-Magdalena; Kostic, Sandra; Sellung, Rachelle A.; Roßnagel, Heiko; Schunck, Christian H.; Günther, Jochen
    Identity wallets enable the management and use of digital identities and verification documents stored in one app. Users manage their data independently and decide for themselves which data they want to disclose for identification purposes. Recent research shows that current digital wallets face many usability problems, which makes it difficult for users to grasp their concept and how to use them. This paper presents an enhanced concept of a wallet, where its functionality is presented with user scenarios that have a user centric approach. The user scenarios illustrate a variety of possible uses of the wallet. For example, the new wallet concept envisions, how data can be transferred from one wallet to another person's wallet, how data can be managed by different people in one wallet, or how only individual pieces of information from credentials can be shared to maintain greater privacy for users.
  • Conference Paper
    Modeling the Threats to Self-Sovereign Identities
    (Gesellschaft für Informatik e.V., 2023) Pöhn, Daniela; Grabatin, Michael; Hommel, Wolfgang; Roßnagel, Heiko; Schunck, Christian H.; Günther, Jochen
    Self-sovereign identity (SSI) is a relatively young identity management paradigm allowing digital identities to be managed in a user-centric, decentralized manner, often but not necessarily utilizing distributed ledger technologies. This emerging technology gets into the focus through the new electronic IDentification, Authentication and trust Services (eIDAS) regulation in Europe. As identity management involves the management and use of personally identifiable information, it is important to evaluate the threats to SSI. We apply the STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) threat modeling approach to the core components of SSI architecture and the interactions between them. Based on the summarized results, we discuss relevant mitigation methods and future research areas.
  • Conference Paper
    Private Authentication with Alpha-Beta Privacy
    (Gesellschaft für Informatik e.V., 2023) Fernet, Laouen; Mödersheim, Sebastian; Roßnagel, Heiko; Schunck, Christian H.; Günther, Jochen
    Alpha-beta privacy is a new approach for security protocols that aims to provide a logical and intuitive way of specifying privacy-type goals. Recently the tool noname was published that can automatically analyze specifications for a bounded number of sessions, but ships only with a few simple examples. This paper models two more complicated case studies, namely the ICAO 9303 BAC and the Privacy Authentication protocol by Abadi and Fournet, and applies the noname tool to analyze them, reproducing known vulnerabilities and verifying the corresponding fixes, as well as providing a better understanding of the privacy properties they provide
  • Conference Paper
    X out of N Credential Requests using Presentation Exchange
    (Gesellschaft für Informatik e.V., 2023) Otto, Sarah; Meisel, Michael; Roßnagel, Heiko; Schunck, Christian H.; Günther, Jochen
    Self-sovereign identity (SSI) is a new management model for digital identities. Here, the exchange of so-called verifiable credentials - digitally signed pieces of (personal) data - is one of the main aspects of "using" such an identity. Therefore, one party called a verifier requests credentials from another one holding them. We note that the main problem is to find a way to formulate a credential request in such a way that the holding party can choose which credentials to be sent from a predefined pool. Using the Presentation Exchange specification in its current version 2.0.0 is the only way to achieve this directly. Finally, we describe a sample implementation that supports such a mechanism using this specification as part of DIDComm messages.
  • Conference Paper
    Lifting the Veil of Credential Usage in Organizations: A Taxonomy
    (Gesellschaft für Informatik e.V., 2023) Bochnia, Ricardo; Richter, Daniel; Anke, Jürgen; Roßnagel, Heiko; Schunck, Christian H.; Günther, Jochen
    With the emergence of self-sovereign identity (SSI) as a paradigm for digital identity management the handling of verifiable credentials (VCs) has become an important topic in organizations. Organizations process a wide variety of documents which can be considered credentials. Previous research shows that a challenge in developing SSI systems is a lack of understanding of the core aspects of the paradigm and their relation to existing organizational practices. Our research focuses on the different characteristics of credentials in organizations and maps the characteristics of VCs to physical credentials. Our findings indicate that credentials in organizations can be classified by ten dimensions. Additionally, VCs have many possible characteristics of physical credentials, althoughmplementation and support for certain features may be vendor-specific. Finally, we provide insights and suggestions for SSI researchers and developers.
  • Conference Paper
    Open Identity Summit 2023 - Complete proceedings
    (Gesellschaft für Informatik e.V., 2023) Chadwick, David W.; Kubach, Michael; Sette, Ioram; Johnson Jeyakumar, Isaac Henderson; Bochnia, Ricardo; Richter, Daniel; Anke, Jürgen; Sellung, Rachelle; Kubach, Michael; Otto, Sarah; Meisel, Michael; Fernet, Laouen; Mödersheim, Sebastian; Krauß, Anna-Magdalena; Kostic, Sandra; Sellung, Rachelle A.; Pöhn, Daniela; Grabatin, Michael; Hommel, Wolfgang; Kubach, Michael; Henderson, Isaac; Bithin, Alangot; Dimitrakos, Theo; Vargas, Juan; Winterstetter, Matthias; Krontiris, Ioannis; Schwalm, Steffen; Fuxen, Philipp; Hackenberg, Rudolf; Heinl, Michael P.; Ross, Mirko; Roßnagel, Heiko; Schunck, Christian H.; Yahalom, Raphael; Ruff, Christopher; Benthien, Benedict; Orlowski, Alexander; Astfalk, Stefanie; Schunck, Christian H.; Fritsch, Lothar; Fähnrich, Nicolas; Köster, Kevin; Renkel, Patrick; Huber, Richard; Menz, Nadja; Roßnagel, Heiko; Schunck, Christian H.; Günther, Jochen
  • Conference Paper
    Research on User Experience for Digital IdentityWallets: State-of-the-Art and Recommendations
    (Gesellschaft für Informatik e.V., 2023) Sellung, Rachelle; Kubach, Michael; Roßnagel, Heiko; Schunck, Christian H.; Günther, Jochen
    Digital identity wallets are central components for Decentralised and Self-Sovereign Identity (SSI) approaches. They are the interface for users to manage their identities and gain access to services. Hence, the usability and user experience of these wallets is pivotal for the adoption of those popular and privacy friendly identity management concepts. As research on the user experience of wallets is still in its infancy, this paper aims to provide a first overview of recent research – published and from completed and ongoing research projects. Findings are summarized and recommendations for developers are derived.
  • Conference Paper
    Balancing Privacy and Value Creation in the Platform Economy: The Role of Transparency and Intervenability
    (Gesellschaft für Informatik e.V., 2023) Astfalk, Stefanie; Schunck, Christian H.; Roßnagel, Heiko; Schunck, Christian H.; Günther, Jochen
    Data are essential in the platform economy to create value. Since the General Data Protection Regulation (GDPR) demands a high level of protection for personal data, it becomes challenging for small- and medium-sized businesses to provide both: data-based services and compliance to the GDPR. Therefore, the paper focuses on the privacy protection goals of transparency and intervenability to enable privacy friendly business models. To better understand how this approach supports the needs of small- and medium-sized platform providers, a qualitative interview study is conducted. Especially, the lack of legal certainty and the unclarity of how the GDPR can be implemented compliantly in practical terms is found to be a challenge. Based on the interviews, requirements are derived which a personal rights management tool enabling transparency and intervenability should fulfill such as supporting legal compliance or reducing operational complexity. In summary, small- and medium-sized platform providers see providing transparency and intervenability as a promising new approach which they are willing to deploy given the right personal rights management tool.
Load citations