Analysis of Windows Cardspace Identity Management System

The Internet, which was originally developed for academic purposes, has expanded and been applied to commercial and business enterprises. It is possible to purchase airline tickets, check bank balances and communicate through e-mail with each other through the Internet. These services can all be performed relatively easily with the proliferation of Internet Service Providers and the lower cost of Personal Computers. The development of the Internet has also had a huge impact on businesses with the growth of e-commerce, e-banking and the tremendous growth in email traffic. There is however a negative impact to this development of the Internet with the rise in on-line criminal activity. The increasing use of the Internet has resulted in the development of on-line identities for users. There can be a great deal of sensitive and personal information associated with an on-line identity and gaining access to these privileges can provide cyber criminals with access to personal resources such as bank account details, credit card information etc. This type of activity has given rise to the term identity theft . This project will present an introduction to Microsoft Cardspace and how it relates to dealing with identity theft, the theory behind the application and present practical demonstrations of how the technology can be implemented using Microsoft© .NET framework technology

Improving the security of CardSpace

CardSpace (formerly known as InfoCard) is a digital identity management system that has recently been adopted by Microsoft. In this paper we identify two security shortcomings in CardSpace that could lead to a serious privacy violation. The first is its reliance on user judgements of the trustworthiness of service providers, and the second is its reliance on a single layer of authentication. We also propose a modification designed to address both flaws. The proposed approach is compatible with the currently deployed CardSpace identity metasystem, and should enhance the privacy of the system whilst involving only minor changes to the current CardSpace framework. We also provide a security and performance analysis of the proposal.

Identidade digital federada globaliD

Mestrado em Engenharia de Computadores e TelemáticaO presente texto propõe uma solução para a gestão de identidade digital online tendo em conta a versatilidade, o anonimato, a privacidade, a veracidade, a credibilidade e a responsabilidade do utilizador, recorrendo para isso ao uso do Cartão de Cidadão Electrónico Nacional Português e a outros meios de autenticação públicos usados diariamente pelos utilizadores. A dissertação é composta pela apresentação do conceito de identidade e das suas particularidades, por uma análise aos vários problemas da gestão da informação pessoal online, uma análise aos vários modelos, mecanismos e especificações existentes para gerir a identidade digital online (gestão de identidade digital). Uma solução de gestão de identidade digital baseada no modelo de identidade federada e associada ao Cartão do Cidadão Electrónico Nacional Português é apresentada, descrita, analisada, avaliada e comparada com outras soluções existentes. Por fim um protótipo de um provedor de identidades digitais federadas baseado na solução de gestão de identidade digital proposta é apresentado.The following text provides a solution for the digital identity management on the Web regarding the users’ versatility, anonymity, privacy, veracity, trustworthiness and accountability by using the Portuguese National Electronic Citizen Identity Card and other publicly available authentication mechanisms users use daily. The dissertation consists of the presentation of the concept of identity and its particularities, an analysis to the several problems of managing personal information online, and an analysis to the several existing models, mechanisms and specifications for the management of the digital identity online (digital identity management). A solution for digital identity management based on the federated identity model and associated to the Portuguese National Electronic Citizen Identity Card is introduced, described, analyzed, evaluated and compared to other several existing solutions. Last, a prototype of a federated digital identity provider based on the purposed solution for digital identity management is presented

Summary

20090506_fidis_D3.12 final 1.0.od

Becoming Artifacts: Medieval Seals, Passports and the Future of Digital Identity

What does a digital identity token have to do with medieval seals? Is the history of passports of any use for enabling the discovery of Internet users\u27 identity when crossing virtual domain boundaries during their digital browsing and transactions? The agility of the Internet architecture and its simplicity of use have been the engines of its growth and success with the users worldwide. As it turns out, there lies also its crux. In effect, Internet industry participants have argued that the critical problem business is faced with on the Internet is the absence of an identity layer from the core protocols of its logical infrastructure. As a result, the cyberspace parallels a global territory without any identification mechanism that is reliable, consistent and interoperable across domains. This dissertation is an investigation of the steps being taken by Internet stakeholders in order to resolve its identity problems, through the lenses of historical instances where similar challenges were tackled by social actors. Social science research addressing the Internet identity issues is barely nascent. Research on identification systems in general is either characterized by a paucity of historical perspective, or scantily references digital technology and online identification processes. This research is designed to bridge that gap. The general question at its core is: How do social actors, events or processes enable the historical emergence of authoritative identity credentials for the public at large? This work is guided by that line of inquiry through three broad historical case studies: first, the medieval experience with seals used as identity tokens in the signing of deeds that resulted in transfers of rights, particularly estate rights; second, comes the modern, national state with its claim to the right to know all individuals on its territory through credentials such as the passport or the national identity card; and finally, viewed from the United States, the case of ongoing efforts to build an online digital identity infrastructure. Following a process-tracing approach to historical case study, this inquiry presents enlightening connections between the three identity frameworks while further characterizing each. We understand how the medieval doctrines of the Trinity and the Eucharist developed by schoolmen within the Church accommodated seals as markers of identity, and we understand how the modern state seized on the term `nationality\u27 - which emerged as late as in the 19th century - to make it into a legal fiction that was critical for its identification project. Furthermore, this investigation brings analytical insights which enable us to locate the dynamics driving the emergence of those identity systems. An ordering of the contributing factors in sequential categories is proposed in a sociohistorical approach to explain the causal mechanisms at work across these large phenomena. Finally this research also proposes historically informed projections of scenarios as possible pathways to the realization of authoritative digital identity. But that is the beginning of yet another story of identity

ESIIG2

331 p. , Il, Tablas, Gráficos.Libro ElectrónicoESIIG2 - The Second European Summit on Interoperability in the iGovernment, represents an unprecedented occasion to develop new synergies and create contacts with representatives of the European Commission, of the national and regional governments of Europe, of the research field, the Academia and experts of the ICT sector. Mrs Viviane Reding, Member of the European Commission for Information Society and Media gave her official patronage to the Second European Summit of Interoperability in the iGovernment, ESIIG2. Event with the patronage CISIS (Italian Interregional Centre of Information and Statistic Systems) The European Commission initiative i2010, through the DG Information and Media Society offered its support to ESIIG2.ForewordXI ESIIG 3 What is ESIIG2? 3 Commissioner Reding message 4 ESIIG 2 Co - hosted events5 The Programme 6 ESIIG2 Supporters8 The Regional Ministry for consumer protection and administrative simplification13 The Technical and Scientific Committee15 Structure of the Technical and Scientific Committee15 What does the Committee do?15 Important and innovative initiatives of ESIIG 219 Publication of the Call for Papers Results23 T-Seniority: E-inclusion and Interoperability25 Alejandro Echeverria Security and Privacy Preserving Data in E-Government Integration31 Claudio Biancalana, Francesco Saverio Profiti Proposal for Interoperability Between Public Universities39 Correcher E, Universidad Politécnica de Valencia, Spain A Cross-Application Reference Model to Support Interoperability 53 Elena Baralis, Tania Cerquitelli, Silvana Raffa Table of Contents VII Applying Soa to Mobile Secure eGovernment Services The Sweb Approach65 Silke Cuno, Yuri Glickman, Petra Hoepner, Linda Strick An Identity Metasystem Approach to Improve Eid Interoperability and Assure Privacy Compliance 74 Andrea Valboni Towards Interoperable Infrastructures of Geospatial Data 86 Sergio Farruggia, Emanuele Roccatagliata Modernization and Administrative Simplification Master Plan for the Local Councils of the Region of Murcia 101 Leandro Marín Muñoz, Pedro Olivares Sánchez, Isabel Belmonte Martínez Organizational Interoperability and Organizing for Interoperability in eGovernment109 Ralf Cimander, Herbert Kubicek The National Interoperability Framework: a New Regulatory Tool to Guarantee Interoperability Among Spanish Public Administrations 123 Agustí Cerrillo The Realization of the Greek E-Gif 131 Andreas Papadakis, Kostas Rantos, Antonis Stasis Build Government Interoperability Through Open Standard Technology 141 Goodwin Ting, Anne Rasanen, Marco Pappalardo Towards an Intercultural Representation of Mediterranean Intangible Cultural Heritage (Ich) An Xml Interoperability Framework for Regional Ich Databases 154 Jesse Marsh, Francesco Passantino Castile and Leon, a Model of Interoperability 168 Isabel Alonso Sánchez, José Ignacio de Uribe Ladrón de Cegama, Antonio Francisco Pérez Fernández, Jorge Ordás Alonso The Catalan Interoperability Model182 Ignasi Albors Identity and Residence Verification Data System189 Nimia Rodríguez Escolar, Jose A Eusamio Mazagatos From Extended Enterprise to Extended Government: Regione Lazio Interoperability and Egovernment Point of View 199 Claudio Biancalana, Dante Chiroli, Claudio Pisu, Francesco Saverio Profiti, Fabio Raimondi Contribution by the Members of the Technical and Scientific Committee 215 Interoperability and Egovernment Through Adoption of Standards 215 Flavia Marzano A Brief Compendium on Interoperability in Egovernment 224 Michele M Missikoff Table of Contents VIII Spc – The Italian Interoperabilty Framework with Services241 Francesco Tortorelli, Roberto Baldoni Exploitation of Digital Contents for the Public Administration 254 Giulio De Petra, Fabrizio Gianneschi, Giaime Ginesu Deploying the full transformational power of egovernment – collaboration and interoperability –270 Sylvia Archmann, Just Castillo Iglesias ICAR Report: Interoperability and Cooperation between applications among Italian Regions (English summary)278 CISIS - Central Staff of ICAR Project List of the finalists of the iG20 Award 297 IG20 AWARDS: Eucaris, the European car and driving licence information system297 INNOVATIVNESS: Interopcyl299 TRANSFERABILITY: Semic, Semantic Interoperability Center Europe301 IMPACT: Employment/unemployment status management: actual interoperability through the CO eService303 PRACTICAL RESULTS: Emilia Romagna Labour Information System 305 The ESIIG2 Summit results: the creation of ERNI and the Interoperability Declaration of Rome 309 The Interoperability Declaration of Rome 311 Follow the new and interesting developments of Esiig2 31

Identity in eHealth - from the reality of physical identification to digital identification.

Mestrado em Informática MédicaMaster Programme in Medical Informatic