Sebastian Labitzke

FACIUS: An Easy-to-Deploy SAML-based Approach to Federate Non Web-Based Services

Federated identity management yields many advantages such as enhanced usability and improved quality of identity information. Web-based services are already successfully and widely federated using the Security Assertion Markup Language (SAML). In terms of usability and quality of identity information non web-based services benefit from being federated in a similar way web-based services do. However, up to this point no versatile approach that can be easily integrated has emerged to federate them. In this paper, we present FACIUS, an architecture that enables the integration of non web-based services into SAML-based federations. FACIUS aims at minimizing the integration effort in terms of both usability and necessary adjustments to existing service deployments. Furthermore, to prove the practicability of the proposed architecture, we present an implementation to federate SSH services.

Who got all of my personal data? Enabling users to monitor the proliferation of shared personally identifiable information

The risk involved when users publish information, which becomes available to an unintentional broad audience via online social networks is evident. It is especially difficult for users of social networks to determine who will get the information before it is shared. Moreover, it is impossible to monitor data flows or to control the access to personal data after sharing the information. In contrast to enterprise identity management systems, in which provider-engineered processes control the access to and flow of data, the users of social networks themselves are responsible for information management. Consequently, privacy requirements have become important so that users can control the flow of their personal data across social networks and beyond. In particular, this kind of user-based information management should provide the capability to control data flows in a proactive manner, as well as reactive components to monitor the proliferation of data. In this conceptual paper, we motivate the necessity of a dedicated user-based information management on the basis of studies that we conducted on information that users share publicly in online social networks. Moreover, we outline the building blocks of user-based information management on the basis of existing approaches, which support users in managing data flows and an investigation that we did on the linkability of social network profiles. Furthermore, we contrast user-based information management with our experiences in developing and operating federated identity management services at the Karlsruhe Institute of Technology (KIT).

Integriertes Informationsmanagement am KIT Was bleibt? Was kommt?

Der Beitrag beschreibt wesentliche seit dem Jahr 2005 an der Universitat Karlsruhe bzw. am Karlsruher Institut fur Technologie erzielte Ergebnisse in Bezug auf technische und organisatorische Integration fur das Informationsmanagement. Insbesondere stehen die Portaldienste und das Identitatsmanagement im Fokus der technischen Innovation. Daneben werden zwei organisatorische Innovationen vorgestellt, die sich dediziert Fragestellungen zur IT-Governance und IT-Compliance widmen. Abschliesend werden erzielte Schlusselerfahrungen diskutiert, die im Zuge des Aufbaus eines integrierten Informationsmanagements gemacht wurden. Ausblickend wollen wir einen Bezug zu den allgegenwartigen Problemstellungen und verbundenen Herausforderungen derartiger Vorhaben aufzeigen – Herausforderungen, die waren, sind und bleiben werden.

bwIDM – Federated Access to IT-Based Services at the Universities of the State of Baden-Württemberg

Abstract The use and provisioning of services across organizations has not only gained momentum in the ‘business web’, but also in academic environments. For instance, in the state of Baden-Württemberg, national and state-funded cluster computing resources, operated by a single university, have to be accessible by the users of other universities as well. Two avoid that users have to create and maintain dedicated accounts at each organization, the concept of federated identity management (FIM) can be applied. FIM allows users to use a single identity at their home organization to access services that are operated by other organizations. In this paper, we survey major requirements that need to be considered when establishing such a federation and its technical platform. Furthermore, we show how the bwIDM project established a FIM platform for the state of Baden-Württemberg that matches the requirements and that is based on the Security Assertion Markup Language (SAML) standard. In particular, we outline bwIDM’s approach on how to integrate non web-based services with SAML federations.