Architektur und Werkzeuge für dynamisches Identitätsmanagement in Föderationen

Federated Identity Management (FIM) hat die Motivation, Identitätsdaten eines Benutzers von einer Heimatorganisation, d. h. Identity Provider (IdP), einem Dienstbetreiber, Service Provider (SP) genannt, bereitzustellen. Dies ermöglicht zum einen die Vermeidung von Redundanzen und Inkonsistenzen und zum anderen kann der Benutzer viele weitere Dienste nutzen, ohne sich zusätzliche Benutzerkonten merken zu müssen. Mit der Security Assertion Markup Language (SAML) und dem Protokoll OpenID Connect haben sich in Wirtschaft und Research & Education (R&E) zwei Standards etabliert. Durch die vermehrte Vernetzung zeigen sich zunehmend die Grenzen der aktuell eingesetzten Architektur. In dieser Arbeit wird zunächst eine umfangreiche Anforderungsanalyse anhand verschiedener Szenarien durchgeführt, die unterschiedliche Perspektiven auf die Architektur und ihre Anforderungen ermöglicht. Die Schwerpunkte dieser mehr als 70 strukturierten und gewichteten Anforderungen liegen dabei auf der Automatisierung und der Skalierbarkeit, Vertrauen sowie der Interoperabilität. Zudem sollen organisatorische Randbedingungen wie Sicherheits- und Datenschutzaspekte eingehalten werden. Im Rahmen eines umfassenden, gesamtheitlichen Architekturkonzepts wird anschließend eine Managementplattform für dynamisches Federated Identity Management erarbeitet. Neben der Spezifikation des orchestrierten, technischen Metadatenaustausches, der den bestehenden Ansätzen fehlt, fokussiert diese Arbeit auf die organisatorische Eingliederung hinsichtlich des IT Service Managements. Hierbei liegt der Fokus auf Security Management und Change Management. Zur Kompensation weiterer Defizite bisheriger Ansätze werden zwei zusätzliche Werkzeuge spezifiziert, die auf eine optimierte Interoperabilität bestehender FIM-Systeme sowie die Automatisierung und Skalierbarkeit existierender Abläufe abzielen. Eine Beschreibung der prototypischen Implementierung der Managementplattform und der Werkzeugkonzepte mit einer Diskussion ihrer Skalierbarkeit und die methodische Anwendung auf ein realistisches Szenario runden diese Arbeit ab.Federated Identity Management (FIM) has the motivation to provide identity data of users from their home organisation, also called Identity Provider (IdP), to a Service Provider (SP). This facilitates the prevention of redundancy and inconsistency, while users can re-use their home account for other services, without remembering further user accounts and passwords. The Security Assertion Markup Language (SAML) and the protocol OpenID Connect are two well-known standards within the industry sector and research & education (R&E) environment. Due to the ongoing interconnectedness, the limitations of the current architecture are increasingly revealed. In the first part of the thesis, a profound and comprehensive analysis is presented, in order to illustrate different perspectives on the architecture and the requirements. The focus of the more than seventy structured and weighted requirements in the categories function, non-functional, organizational as well as privacy- and security-specific categories lays in the automation and scalability of the approach as well as trust implications and interoperability. As part of the holistic, integrated architecture conceived in this thesis, a management platform for dynamic FIM has been developed. Besides the precise specification of the orchestrated, technical metadata exchange, special emphasis has been put on the organizational integration concerning the IT service management. Dependencies and effects on the security management and change management have been investigated in detail. To compensate further shortcomings of existing approaches, two new FIM components have been specified, which enhance the interoperability between FIM systems in heterogeneous identity federations, as well as the scalability and automation of existing workflows. The thesis is concluded with a description of the prototypical implementation of the management platform and the tool concepts as well as a discussion on their scalability characteristics and the application of the architecture to a realistic scenario

Systemdienstleistungserbringung durch intelligente Gebäude

Within the ongoing transition of energy systems, new technologies are integrated into electrical distribution systems—e. g. distributed generation, electrical storage, electric vehicles and automated building energy management—which transform buildings into actively participating components inside the grid. This thesis analyses the influences of those intelligent buildings’ capabilities of optimizing their in-house energy flows on low-voltage grids and discusses the usability of those capabilities to provide system services. In order to minimize the limitations which arise for the economic acting on energy markets for the inhabitants of such buildings, the traffic light concept is shaped as an approach to provide necessary needed system services. Firstly, a technical traffic light is introduced to determine critical situations in the grid. Secondly, a topological traffic light identifies active components that can reasonably participate in the clearance of a critical situation. Thirdly, aspects of coordination by the traffic light are tackled by a closed-loop feedback mechanism that controls utility equipment and intelligent buildings by utilizing a two-staged mechanism for demand response. The three parts of the proposed traffic light approach are implemented in a Regional Energy Management System that utilizes a proposed Extended Generic Observer/Controller-Architecture. For a close-to-reality evaluation three reference grids for a rural, village, and suburban residential low voltage grid are derived from literature as well as three scenarios for the distribution of active components. In particular distributed generation, electrical storage and electric vehicles. The simulation of intelligent buildings, utility equipment, and the low voltage grid as well as the Regional Energy Management System are implemented in a Co-Simulation environment that extends the Organic Smart Home to a microgrid simulation. Furthermore, this simulation is extended towards a Software-in-a-Hardware-Loop-Environment comprising the Co-Simulation and the KIT Energy Smart Home Lab as a real intelligent building, to comply with the necessity of evaluating the Regional Energy Management System with real hardware. Here, a loose coupling of software and hardware components is established by using event-based communication schemes utilizing a message bus and an artificial mains is used to align the environmental conditions between simulation and real building. The capabilities of the Regional Energy Management System to stabilize low voltage systems, especially in future scenarios, are investigated in simulation studies and its operation is successfully demonstrated in the presented Software-in-a-Hardware-Loop-Environment during a six-day test phase in the real intelligent building

Unterstützung der Koexistenz von agilen und traditionellen Anforderungsartefakten

[no abstract

Interoperabilität bei IT-Systemen im hochschulübergreifenden Kontext: Entwicklung und Validierung eines Referenzmodells für hochschulübergreifendes elektronisches Prüfungsmanagement

Based on a case study the author prepared solutions for grading and examination management which is shared between two or more universities. The objective was to develop a reference model to structure the complex processes and to provide solutions for grading and examination management. The reference model has been evaluated by experts in order to improve coherence and consistency. Based on the evaluation results the author revised the reference model and indicated future work on implementation and maintenance issues