Trust and Internet Identity Meeting Europe
5-6 Feb 2018: Workshops and Tutorials
7-8 Feb 2018: Unconference

Topics from previous events:

Son-of-IAF (2017)

Kantara Identity Assurance Framework reloaded: How can the IAF be profiled and tailored to specific needs? E.g. there should not be restrictions on organizations submitting their own assessment rules, if their consumers accept it, because it is expensive to get third party assessments. Next steps: continue discussion at the Internet2 Global Summit.

SAML Proxy Options (2017)

There are a couple of use cases for SAML-to-SAML proxies, such as Hub-and-Spoke Federations, double blinding, aggregation of IDPs and SPs, cross federation with eID systems and adding local attributes in virtual organizations.

Privacy by Design (2017)

Non-technical discussion about privacy by design. Reason and Background of the topic: At ORCID were talks about how to build a concept of trust. How to build this value system into the features, workflows, work with the community.

Multi Factor/Strong Authentication (2017)

The diversity of authentication mechanism can be challenging. While no-so-strong approaches have show certain success because of easy-of-use considerations, the security-UX tradeoff is not the only one, as the example of the Google Authenticator shows.

Mapping attributes between SAML & OIDC (2017)

Straight mapping from A to B, vs. bidirectional mapping. Basic mapping should work out-of-the-box, extensions are required for clients for advanced scenarios. I n R&E there are a few problematic attributes, like eduPerson(Scoped)Affiliation and eduPersonEntitlement. Join the join the REFEDS OICDre working group for further work and proposals.

"Free", "Freemium" and Paid Services (2017)

There are services which state they are free, but “if you are not paying for something, then you are the product”. Then there are services, which have premium setting, where you are just not seeing ads but they most likely sell your data anyway. And then there are services where you pay, and your data is sold and someone else who is profiled similar to you is seeing the ads.

Difference between Oauth2 and OIDC (2017)

There is a lot of confusion about OAuth2 vs OpenID-Connect tokens. The OAuth2 token can sometimes be used incorrectly. The ID tokens are for encapsulating ID of a user. If I have a bearer token, what do I do with it? Nothing prevents the resource from using the access token to connect to other resources.

Cooperation of OSS IDM products (2017)

How to make it possible to integrate identity management source from different spaces for costumers? Create an identity eco-system, something like a marketing place to increase innovation, re-assure some revenues; develop an open source identity management tool; evolved to something we call eco-system

Blockchain and Identity (2017)

Is there enough foundation in the identity ecosystem? Blockstack for instance already uses Block chains for this. Particularly the financial industry spends much money and resources on research-projects. There are some privacy-issues in digital block chain-currencies. Potential privacy-benefits in using them?

Identity Landscape (2015)

In this keynote Robin Wilton from Internet Society outlines the issues of privacy and the growth of the IoT, and arrives at practical solutions.

Identity Landscape (2015)

In this keynote Leif Johannson from SUNET talks about new standards emerging in the identity landscape, participation in SDOs and indsutry trends.

Federated Registries (2015)

End users, developers, and automated processes deal with persistently identified, self-explaining digital objects which are securely & redundantly managed & stored in the Internet which is an overlay on existing or future information storage systems. The Digital Object Cloud supplies discovery & verification of Digital Objects indexed in the Handle System and used in the DOI System as a component.

Letsencrypt.org for OV + EV certificates (2014)

How to use; obstacles and alternatives. Use: for DOMAIN-validated certificates, probably with upsell model by IdenTrust https://www.identrustssl.com/ Deploy Python script on your webserver, solves hassles of getting low assurance certificate. Currently investigating within eduROAM/GÉANT to apply the same principles to a RADIUS/TLS system. Concerns that letsencrypt is only half of the steps, extra Apache configuration is needed for security, e.g. disable insecure ciphers System admins might just run letsencrypt on the command line and think they’re done (need to maintain your systems).

Federations within Federations: Enabling Local/Ad Hoc Policy Spheres (2014)

Use cases: (1) How to add additional policy on top of exiting federation (this could be state fed); (2) Different policies could pertain to privacy, news; (3) Pick out specific Service Providers that are suited for a group of IdPs; (4) Specific IDPs certificated to be able to be AuthN providers for Government (this is the FICAM program);

Banks and Telcos as strong Identity Providers in Finland (2013)

Tax calculation is available as on-line service, e.g. for home service employees. FI National ID card has only very low penetration. However, TUPAS provides bank ids as eID service; technically similar to payment. TUPAS provides first and last name and national id – the id contains the birth date as well. TUPAS is provided by 9 banks and their branches. The banks do not federate, so one bank-id cannot be used at another bank.

Explore Identity Management Issues and Initiatives

Internet identity, identity federation and personal data online are complex, continually evolving areas. Participants will seek deeper understanding, and better solutions to challenges like:

  • Technology. Developing feasible and open standards.
  • Community projects and OSS software. Who, what and how?
  • Privacy. Improve quality and scalability of privacy practices and controls.
  • Personal data ecosystem. Vendor relationship managelemt, personal clouds, data sovereignty.
  • Trust Frameworks. Establishing new paradigms and policy sets.
  • Usability. How can users navigate different identities and understand their data?
  • Economy. How can identity services fit into businesses requirements and opportunities for all stakeholders?
  • Interoperability. On which levels and areas is interoperability necessary or feasible? This is a cross-cutting concern for technical, legal and business views.
  • Deployment and operation. How can different options be supported and exploited in the best way, given the whole range of places and devices.
  • eIDAS integration challenges.

Besides discussing specific topics in the above areas, there will also be plenty of opportunities for networking among solution providers and seekers, startups, investors and technology pundits. TIIME provides a place where skilled people from a wide range of functions and projects in the identity ecosystem gather and work intensively for two days.