Trust and Internet Identity Meeting Europe
2013 - 2020: Workshops and Unconference

Topics from previous events:

Browser authenitcation + SSO Issues and Outlook (2019)

Apple is going to change the policy in Safari regarding the cookies; other browser vendors Discovery case research; WebAuth and FIDO U2F difference

What are your “Three Big Bets” in IAM? (2019)

Could be filtered as a ‘hype cycle’, Gartner’s magic quadrant, or Leif’s filter (‘look where money is misspent’)

RA21 IDP Discovery UX Challenge (2019)

While SAML and federation are available, institutional discovery remains difficult. The RA21 UX challenge has been working on use case, specifications and pilot projects to overcome this issue.

The art of IDM process design (2019)

Given a federation operator and strong authentication solutions, we asked to design a process that is executed by our members for vetting the second factor and linking it to the ID of their own institution.

Federated Deprovisioning (2019)

While federated just-in-time provisioning provides access to various services, deprovisioning is frequently an open issue.

From Active Directory to SAMBA (2018)

Samba 3 was a good and stable product, but limtied to replace windows NT4 file and print services. After many years SAMBA can now substitute AD in a production ready solution. The question is who is already doing respective migration projects?

Robot attack on SAML (2018)

Is it ok for us to scan everything coming in? And if we all agree that scanning is okay we should then be more focused on the notification process: who should be notified and in what capacity? How can peers be made compliant?

Reputation systems in identity trust (2018)

Facial expression and voice can be forged in very near future. So the most reliable trust anchor will be become unreliable. New mechanisms need to be positioned. Meritocracy, like in Wikipedia, will not work in very controversial cases. Reputation system does not scale …

Son-of-IAF (2017)

Kantara Identity Assurance Framework reloaded: How can the IAF be profiled and tailored to specific needs? E.g. there should not be restrictions on organizations submitting their own assessment rules, if their consumers accept it, because it is expensive to get third party assessments. Next steps: continue discussion at the Internet2 Global Summit.

SAML Proxy Options (2017)

There are a couple of use cases for SAML-to-SAML proxies, such as Hub-and-Spoke Federations, double blinding, aggregation of IDPs and SPs, cross federation with eID systems and adding local attributes in virtual organizations.

Privacy by Design (2017)

Non-technical discussion about privacy by design. Reason and Background of the topic: At ORCID were talks about how to build a concept of trust. How to build this value system into the features, workflows, work with the community.

Multi Factor/Strong Authentication (2017)

The diversity of authentication mechanism can be challenging. While no-so-strong approaches have show certain success because of easy-of-use considerations, the security-UX tradeoff is not the only one, as the example of the Google Authenticator shows.

Mapping attributes between SAML & OIDC (2017)

Straight mapping from A to B, vs. bidirectional mapping. Basic mapping should work out-of-the-box, extensions are required for clients for advanced scenarios. I n R&E there are a few problematic attributes, like eduPerson(Scoped)Affiliation and eduPersonEntitlement. Join the join the REFEDS OICDre working group for further work and proposals.

"Free", "Freemium" and Paid Services (2017)

There are services which state they are free, but “if you are not paying for something, then you are the product”. Then there are services, which have premium setting, where you are just not seeing ads but they most likely sell your data anyway. And then there are services where you pay, and your data is sold and someone else who is profiled similar to you is seeing the ads.

Difference between Oauth2 and OIDC (2017)

There is a lot of confusion about OAuth2 vs OpenID-Connect tokens. The OAuth2 token can sometimes be used incorrectly. The ID tokens are for encapsulating ID of a user. If I have a bearer token, what do I do with it? Nothing prevents the resource from using the access token to connect to other resources.

Blockchain and Identity (2017)

Is there enough foundation in the identity ecosystem? Blockstack for instance already uses Block chains for this. Particularly the financial industry spends much money and resources on research-projects. There are some privacy-issues in digital block chain-currencies. Potential privacy-benefits in using them?

Privacy and the growth of the IoT (2015)

In this keynote Robin Wilton from Internet Society outlines the issues of privacy and the growth of the IoT, and arrives at practical solutions.

Identity Landscape (2015)

In this keynote Leif Johannson from SUNET talks about new standards emerging in the identity landscape, participation in SDOs and indsutry trends.

Federated Registries (2015)

End users, developers, and automated processes deal with persistently identified, self-explaining digital objects which are securely & redundantly managed & stored in the Internet which is an overlay on existing or future information storage systems. The Digital Object Cloud supplies discovery & verification of Digital Objects indexed in the Handle System and used in the DOI System as a component.

Cooperation of OSS IDM products (2015)

How to make it possible to integrate identity management source from different spaces for costumers? Create an identity eco-system, something like a marketing place to increase innovation, re-assure some revenues; develop an open source identity management tool; evolved to something we call eco-system

Letsencrypt.org for OV + EV certificates (2014)

How to use; obstacles and alternatives. Use: for DOMAIN-validated certificates, probably with upsell model by IdenTrust https://www.identrustssl.com/ Deploy Python script on your webserver, solves hassles of getting low assurance certificate. Currently investigating within eduROAM/GÉANT to apply the same principles to a RADIUS/TLS system. Concerns that letsencrypt is only half of the steps, extra Apache configuration is needed for security, e.g. disable insecure ciphers System admins might just run letsencrypt on the command line and think they’re done (need to maintain your systems).

Federations within Federations: Enabling Local/Ad Hoc Policy Spheres (2014)

Use cases: (1) How to add additional policy on top of exiting federation (this could be state fed); (2) Different policies could pertain to privacy, news; (3) Pick out specific Service Providers that are suited for a group of IdPs; (4) Specific IDPs certificated to be able to be AuthN providers for Government (this is the FICAM program);

Banks and Telcos as strong Identity Providers in Finland (2013)

Tax calculation is available as on-line service, e.g. for home service employees. FI National ID card has only very low penetration. However, TUPAS provides bank ids as eID service; technically similar to payment. TUPAS provides first and last name and national id – the id contains the birth date as well. TUPAS is provided by 9 banks and their branches. The banks do not federate, so one bank-id cannot be used at another bank.

Explore Identity Management Issues and Initiatives

Internet identity, identity federation and personal data online are complex, continually evolving areas. Participants will seek deeper understanding, and better solutions to challenges like:

  • Technology. Developing feasible and open standards.
  • Community projects and OSS software. Who, what and how?
  • Privacy. Improve quality and scalability of privacy practices and controls.
  • Personal data ecosystem. Vendor relationship managelemt, personal clouds, data sovereignty.
  • Trust Frameworks. Establishing new paradigms and policy sets.
  • Usability. How can users navigate different identities and understand their data?
  • Economy. How can identity services fit into businesses requirements and opportunities for all stakeholders?
  • Interoperability. On which levels and areas is interoperability necessary or feasible? This is a cross-cutting concern for technical, legal and business views.
  • Deployment and operation. How can different options be supported and exploited in the best way, given the whole range of places and devices.
  • eIDAS integration challenges.

Besides discussing specific topics in the above areas, there will also be plenty of opportunities for networking among solution providers and seekers, startups, investors and technology pundits. TIIME provides a place where skilled people from a wide range of functions and projects in the identity ecosystem gather and work intensively for two days.