Authentication and Identity Management for the EPOS Project

The increase in the number of online services emphasizes the value of authentication and identity management that we, even without realizing, depend on. In EPOS this authentication and identity management are also crucial, by dealing and being responsible for large amounts of heterogeneous data in multiple formats and from various providers, that can be public or private. Controlling and identify the access to this data is the key. For this purpose, it is necessary to create a system capable of authenticating, authorizing, and account the usage of these services. While services in a development phase can have authentication and authorization modules directly implemented in them, this is not an option for legacy services that cannot be modified. This thesis regards the issue of providing secure and interoperable authentication and authorization framework, associated with correct identity management and an accounting module, stating the difficulties faced and how to be addressed. These issues are approached by implementing the proposed methods in one of the GNSS Data and Products TCS services, that will serve as a study case. While authentication mechanisms have improved constantly over the years, with the addition of multiple authentication factors, there is still not a clear and defined way of how authentication should be done. New security threats are always showing up, and authentication systems need to adapt and improve while maintaining a balance between security and usability. Our goal is, therefore, to propose a system that can provide a good user experience allied to security, which can be used in the TCS services or other web services facing similar problems.A importância da autenticação e gestão de identidades, de que dependemos inconscientemente, aumenta com o crescimento do número de serviços online ao nosso dispor. No EPOS, devido à disponibilização e gestão de dados heterogéneos de várias entidades, que podem ser públicas ou privadas, a existência de um sistema de autenticação e gestão de identidades é também crucial, em que o controlo e identificação do acesso a estes dados é a chave. Numa fase de desenvolvimento dos serviços, estes módulos de autenticação e autorização podem ser diretamente implementados e é possível existir uma adaptação do software aos mesmos. No entanto, há serviços já existentes, cujas alterações implicam mudanças de grande escala e uma reformulação de todo o sistema, e como tal não é exequível fazer alterações diretas aos mesmos. Esta dissertação aborda o desenvolvimento de um sistema de autenticação e autorização seguro e interoperável, associado a uma correta gestão de identidades e um módulo de controlo, identificando os problemas encontrados e propondo soluções para os mesmos. Este desenvolvimento é aplicado num dos serviços do TCS GNSS Data and Products e servirá como caso de estudo. Embora os mecanismos de autenticação tenham melhorado continuamente ao longo dos anos, com a adição de vários fatores de autenticação, ainda não existe um método único e claro de como a autenticação deve ser feita. Novas ameaças estão sempre a surgir e os sistemas atuais precisam de se adaptar e melhorar, mantendo um equilíbrio entre segurança e usabilidade. O nosso objetivo é propor um sistema que possa aliar a segurança a uma boa experiência para o utilizador, e que possa ser utilizado não só nos serviços do TCS, mas também em outros serviços web que enfrentem problemas semelhantes

Providing Login and Wi-Fi Access Services With the eIDAS Network: A Practical Approach

The digital identity (or electronic identity) of a person is about being able to prove upon authentication who one is on the Internet, with a certain level of assurance, such as by means of some attributes obtained from a trustworthy Identity Provider. In Europe, the eIDAS Network allows the citizens to authenticate securely with their national credentials and to provide such personal attributes when getting access to Service Providers in a different European country. Although the eIDAS Network is more and more known, its integration with real operational services is still at an initial phase. This paper presents two eIDAS-enabled services, Login with eIDAS and Wi-Fi access with eIDAS , that we have designed, implemented, deployed, and validated at the Politecnico di Torino in Italy. The validation study involved several undergraduate students, who have run the above services with their authentication credentials and platforms and with minimal indications on their usage. The results indicate that the services were beneficial. Several advantages exist both for the users and for the Service Providers, such as resistance to some security attacks and the possibility to adopt the service without prior user registration ( e.g. for short meetings, or in public places). However, some students expressed doubts about exploiting their national eID for Wi-Fi access, mainly in connection with usability and privacy issues. We discuss also these concerns, along with advantages and disadvantages of the proposed services

West-Life: A Virtual Research Environment for structural biology

The West-Life project (https://about.west-life.eu/)is a Horizon 2020 project funded by the European Commission to provide data processing and data management services for the international community of structural biologists, and in particular to support integrative experimental approaches within the field of structural biology. It has developed enhancements to existing web services for structure solution and analysis, created new pipelines to link these services into more complex higher-level workflows, and added new data management facilities. Through this work it has striven to make the benefits of European e-Infrastructures more accessible to life-science researchers in general and structural biologists in particular

Digital Identity Scheme

학위논문(석사) -- 서울대학교대학원 : 행정대학원 글로벌행정전공, 2023. 2. Junki Kim.디지털 아이덴티티는 디지털 서비스와의 상호작용에서 개인을 고유하게 차별화하는 속성을 의미한다. 따라서 디지털 아이덴티티 전략은 디지털 아이덴티티 라이프사이클을 관리하는 정책, 기술, 조직 및 프로세스의 잘 설계된 집합체이다. 이는 디지털 변환의 필수 요소이며 디지털 신뢰를 강화하기 위한 핵심 요소이다. 그런 맥락에서, 이 논문은 국가 차원에서 디지털 아이덴티티 체계를 관리하는 데 있어 어려움을 이해하는 것을 목표로 한다. 정확성, 포괄성, 안전성, 사용 가능한 디지털 ID의 이점은 공공 및 민간 부문, 아카데미 및 국제 조직에 의해 널리 인식되고 있다. 이와 더불어 COVID-19의 세계적인 확산으로 인해 사회적 거리두기 조치와 비대면 거래가 증가하면서, 우리는 정부와 기업에 의해 개발되는 디지털 인증 플랫폼이 발전하는 것을 볼 수 있다. 그 결과, 대한민국(이하 한국)과 페루와 같은 나라들은 핸드폰, 인공지능, 빅데이터, 상호운용성, 데이터센터와 같은 부상한 기술을 활용하여 식별 및 인증 프로세스의 효율성을 높이기 위해 서로 다른 종류의 이니셔티브와 플랫폼을 개발, 시행하고 있다. 이에 따라 현재까지 정부24를 전자정부 공식포털로, 디지털원패스(Digital ONEPASS)를 디지털인증플랫폼으로 구현해 시민 비대면 인증이 가능하도록 하고 있으며, 주민등록제도(RRS)도 한국 디지털 아이덴티티 제도의 핵심요소로 자리매김하고 있다. 이와 비슷하게 페루의 경우 기존의 전자정부 접근 방식이 디지털 정부라는 새로운 패러다임으로 변모하였다는 것과, 디지털 기술은 더 이상 기술적 문제가 아니라 정치, 법률, 협력적 문제라는 이해를 바탕으로 2018년 디지털 정부가 제정되었다. 디지털 정체성을 강화하기 위해 두 개의 디지털 플랫폼이 시행되고 있는데, 하나는 시민 지향의 단일 디지털 플랫폼(GOB.PE)이며, 다른 하나는 디지털 신원 확인 및 인증을 위한 국가 플랫폼(ID)이다. 두 플랫폼은 정부에 의해 유지되고 개발된다. 이처럼 한국과 페루의 정책 사이에 유사점이 있지만 결과는 다르다. 전자정부개발지수(EDGI)에서 한국은 세계 2위, 페루는 71위, 한국은 디지털 인증 플랫폼이 구현되어 있고, 정부24는 다양한 인증을 사용하고 있다. ONE PASS, KAKAO, 삼성 PASS 등 시민을 위한 간편하고 편리한 인증 방법이 사용된다. 또한 2021년까지 정부24를 통해 온라인으로 접수된 청원은 13202만 5035건에 달하며, 증명서와 문서는 시민이 직접 프린터를 통해 출력했다. 페루의 경우 디지털 아이덴티티 전략은 디지털 정부법이 규제하는 공공부문의 디지털 아이덴티티 프레임워크를 기반으로 정부가 기본적으로 주도하는 진행형 프로세스다. 따라서, 본 연구에서는 한국의 디지털 아이덴티티 전략이 개인의 디지털 아이덴티티의 정확성, 포괄성, 보안성 및 사용성을 강화하기 위해 어떤 성과를 내고 있는지 중점적으로 살펴보려고 한다. 우리는 유엔과 경제협력개발기구(OECD)가 사용하는 프레임워크를 적용한 비교 프레임워크를 활용해 유사점과 차이점을 규명할 예정이다. 한국과 페루의 비교 연구를 수행하는 시의적절하다. 왜냐하면 페루는 한국의 디지털 아이덴티티 제도의 모범 사례와 좋은 교훈을 활용할 수 있고 더 나은 정책과 결정을 설계할 수 있기 때문이다. 본 연구에서는 한국과 페루의 ICT 전문가와 온라인 인터뷰를 통해 양국의 디지털 아이덴티티 체계에 대한 심층적인 이해를 창출하는 정성적 연구 방법을 활용하였다. 총 10명의 전문가를 인터뷰했는데, 전문가와의 인터뷰는 한국과 페루의 디지털 아이덴티티 진화에 대한 개요를 제공하고 페루의 디지털 아이덴티티 제도 구현 과정에서 발생하는 과제를 식별할 수 있다. 디지털 공공 서비스의 개발 및 제공을 지원하기 위한 강력하고 지속적인 디지털 리더십, 시의적절한 법적 프레임워크, 현대 ICT 기술이라는 세 가지 요소에서 큰 차이가 나타났음을 알 수 있었다. 하지만 이 연구결과는 또한 페루에서 디지털 아이덴티티 생태계를 조성하기 위한 목적으로 제도적 정비를 하고, 규제를 개선하며, 예산을 최적화한다면 큰 성과를 얻을 수 있음을 시사한다. 주요 키워드: 디지털 아이덴티티, 디지털 정부, 디지털 변환, 디지털 아이덴티티 전략Digital identity is the collection of attributes that uniquely differentiates a person in his interaction with digital services. The literature and previous research suggest that it is an essential component to the digital transformation and a vital element for strengthening the digital trust. Currently, due to worldwide spread of COVID-19, which has accelerated the digital transition in the public and private sector, the non-face-to-face transactions have been increased, coupled with cybercrimes such as identity theft, private data leakage, fraud, among other cybercrimes. In this sense, governments should become aware of the importance of digital identity management, because it is increasingly embedded in everything we do in our digital and offline life (WEF, Identity in the Digital World a new chapter in the social contract, 2018, p. 9). To deal with those issues and leverage all the potential of digital identity at national level, many countries implement a Digital Identity Scheme, which is a well-designed and articulated collection of policies, business rules, technologies, organizations, and processes in charge of governing the digital identity lifecycle to promote a digital society. Hence, countries such as The Republic of Korea (hereinafter, Korea) and The Republic of Peru (hereinafter, Peru) have been developed and implemented different kind of policies, legal instruments, initiatives, and digital technologies to enhance accessibility, efficiency and security of the identification and authentication process, for instance, Korea has issued the Electronic Government Law and implemented cross-platforms such as Government24 (정부24) as official electronic government portal, Digital ONEPASS (디지털원패스) as a digital authentication platform to enable a convenient no-face-to-face authentication of the citizens, Resident Registration System (RRS), as a fundamental national information system which manages and stores relevant personal information of Koreans, and Sharing Information System (행정정보공동이용시스템), as a interoperability platform to exchange information with governmental agencies. Moreover, Korea has a PKI Scheme which is divided into a National Public Key Infrastructure (NPKI), and a Government Public Key Infrastructure (GPKI). All these regulations, technologies and platforms are vital elements of the Korean Digital Identity Scheme. In the case of Peru, based on Law N° 26497 enacted in 1995, the government has been managing and maintaining the National Identification Registry of Peruvian. Moreover, since issuance of Digital Government Law in 2018, Peru has been implemented different kind of cross-platforms such as the Single Digital Platform for Citizen Orientation (GOB.PE), to offer one point of contact between government and citizens, National Interoperability Platform, to promote information exchange among public entities, the National Digital Government Platform, to provide cloud services to the public entities, and National Platform for Identification and Authentication of Digital Identity (ID.GOB.PE), to verify a persons identity. Although there are similarities, the outcomes are different, in the Electronic Government Development Index 2022, Korea is ranked 3rd in the world, while Peru is ranked 59th, from another side, in terms of digital identity, Korea has a digital identity ecosystem operating, for instance Government24 accepts several authentication methods which are easily and conveniently for the citizens such as ONEPASS, KAKAO, Samsung PASS, among others (MOIS, Status of Government 24, 2022). To 2021, almost 132,025,035 petitions were filed online through Government24 (MOIS, Status of Government 24, 2022). In the case of Peru, the digital identity scheme is an ongoing project, which is leading basically by the government, based on the Digital Government Law and its enforcement decree. In that vein, this research aims at understanding the components for governing and managing a Digital Identity Scheme in Korea and Peru and identifying the gap between them. Therefore, in this study we are going to focus on how the Digital Identity Scheme of Korea is performing to strengthen accuracy, inclusiveness, security, and usability of digital identity of persons. We are going to establish the similarities and differences by using a comparison framework which is an adaptation of the frameworks used by the United Nations (UN), International Telecommunication Union (UIT) and Organization for Economic Cooperation and Development (OECD). Additionally, in this moment, undertaking a comparison study between Korea and Peru is a relevant work, because Peru is implementing transversal digital government platforms based on the Digital Government Law, and based on that we are dealing with cybercrimes and digital threats, that is why we can learn of the best practices and good lessons of the Digital Identity Scheme in Korea and design better policies and decisions for Peruvian implementation. This research was carried out by using a qualitative research method which involved online interviews with ICT specialists from Korea and Peru to generate an in-depth understanding of the digital identity scheme of both countries. A total of ten specialists were interviewed. Interviews provide an overview of the digital identity evolution in Korea and allow me to identify challenges and policy recommendations in the implementation process of Digital Identity Scheme in Peru. Based on the results the big differences are integrated in three factors: strong and continuous digital leadership, timely legal framework, and modern ICT technology to support development and public services rendering. However, the results also suggest that it is possible to get big achievements on the Digital Identity Scheme in Peru, making institutional arrangements, enhancing digital regulation and optimizing the budget with the purpose to create a sustainable digital identity ecosystem.ABSTRACT 5 LIST OF ABBREVIATIONS 9 LIST OF TABLES 9 CHAPTER 1: INTRODUCTION 12 1.1 STUDY BACKGROUND 12 1.2 BACKGROUND OF THE COUNTRIES 20 1.3 THEORETICAL BACKGROUND 27 1.4 PURPOSE OF THE RESEARCH 39 CHAPTER 2. KEY CONCEPTS AND FRAMEWORK 43 CHAPTER 3: LITERATURE REVIEW 77 CHAPTER 4: DIGITAL IDENTITY IN KOREA AND PERU 86 4.1 LEGAL FRAMEWORK 86 4.2 TECHNOLOGY 100 4.3 GOVERNANCE AND LEADERSHIP 116 4.4 BUDGET 120 4.5 MARKET 122 4.6 FINDINGS 122 CHAPTER 5: CONCLUSIONS 132 5.1 SUMMARY OF THE THESIS 132 5.2 POLICY COMPARISON 143 5.3 POLICY RECOMMENDATIONS 145 5.4 LIMITATIONS OF THE RESEARCH 150 REFERENCES 152 APPENDICES 158 APPENDIX 1. QUESTIONNAIRE 158 APPENDIX 2. MATRIZ OF COMPARISON 167석

Survey and Analysis of Production Distributed Computing Infrastructures

This report has two objectives. First, we describe a set of the production distributed infrastructures currently available, so that the reader has a basic understanding of them. This includes explaining why each infrastructure was created and made available and how it has succeeded and failed. The set is not complete, but we believe it is representative. Second, we describe the infrastructures in terms of their use, which is a combination of how they were designed to be used and how users have found ways to use them. Applications are often designed and created with specific infrastructures in mind, with both an appreciation of the existing capabilities provided by those infrastructures and an anticipation of their future capabilities. Here, the infrastructures we discuss were often designed and created with specific applications in mind, or at least specific types of applications. The reader should understand how the interplay between the infrastructure providers and the users leads to such usages, which we call usage modalities. These usage modalities are really abstractions that exist between the infrastructures and the applications; they influence the infrastructures by representing the applications, and they influence the ap- plications by representing the infrastructures

Europe’s Digital Verification Opportunity. CEPS Research Paper 17 JUN 2020.

Europe should move fast to allow the private sector to leverage its public digital verification system, especially in view of the changes to communication brought about by the Covid-19 crisis, concludes this new study. Identity verification remains a time-consuming, arduous process in Europe, often requiring paper documentation and a myriad of certificates guaranteeing credentials. Sometimes, a physical face to face meeting is also needed. This report shows how the EU has constructed a unique cross-border electronic identification infrastructure with digitally linked verification (eID) and interoperable electronic authentication (eIDAS). These advances make Europe the first and only region in the world where digital ID and verification are provided securely and in a legally enforceable manner. But Europe’s impressive digital verification system was mainly designed to ease citizen-government interactions. On average, citizens have only one or two interactions a year with their authorities. Private-sector use will therefore be key to it reaching its potential. Although reliance on digital verification raises understandable fears about increased government and corporate surveillance, the report argues that new technologies allow strong privacy protection while ensuring at-distance accuracy. To achieve this goal, Europe needs to fill in certain in GDPR data protection rules concerning digital verification, and encourage the adoption of privacy-protecting technologies such as blockchain

The State of the Electronic Identity Market: Technologies, Infrastructure, Services and Policies

Authenticating onto systems, connecting to mobile networks and providing identity data to access services is common ground for most EU citizens, however what is disruptive is that digital technologies fundamentally alter and upset the ways identity is managed, by people, companies and governments. Technological progress in cryptography, identity systems design, smart card design and mobile phone authentication have been developed as a convenient and reliable answer to the need for authentication. Yet, these advances ar enot sufficient to satisfy the needs across people's many spheres of activity: work, leisure, health, social activities nor have they been used to enable cross-border service implementation in the Single Digital Market, or to ensure trust in cross border eCommerce. The study findings assert that the potentially great added value of eID technologies in enabling the Digital Economy has not yet been fulfilled, and fresh efforts are needed to build identification and authentication systems that people can live with, trust and use. The study finds that usability, minimum disclosure and portability, essential features of future systems, are at the margin of the market and cross-country, cross-sector eID systems for business and public service are only in their infancy. This report joins up the dots, and provides significant exploratory evidence of the potential of eID for the Single Digital Market. A clear understanding of this market is crucial for policy action on identification and authentication, eSignature and interoperability.JRC.DDG.J.4-Information Societ

Summary

20090506_fidis_D3.12 final 1.0.od