64 research outputs found

    Providing Login and Wi-Fi Access Services With the eIDAS Network: A Practical Approach

    Get PDF
    The digital identity (or electronic identity) of a person is about being able to prove upon authentication who one is on the Internet, with a certain level of assurance, such as by means of some attributes obtained from a trustworthy Identity Provider. In Europe, the eIDAS Network allows the citizens to authenticate securely with their national credentials and to provide such personal attributes when getting access to Service Providers in a different European country. Although the eIDAS Network is more and more known, its integration with real operational services is still at an initial phase. This paper presents two eIDAS-enabled services, Login with eIDAS and Wi-Fi access with eIDAS , that we have designed, implemented, deployed, and validated at the Politecnico di Torino in Italy. The validation study involved several undergraduate students, who have run the above services with their authentication credentials and platforms and with minimal indications on their usage. The results indicate that the services were beneficial. Several advantages exist both for the users and for the Service Providers, such as resistance to some security attacks and the possibility to adopt the service without prior user registration ( e.g. for short meetings, or in public places). However, some students expressed doubts about exploiting their national eID for Wi-Fi access, mainly in connection with usability and privacy issues. We discuss also these concerns, along with advantages and disadvantages of the proposed services

    Planning the Taiwan Access Management Federation based on Shibboleth

    Get PDF
    There are a number of different ways in which it may be verified that a user at a computer attached to the internet may be certified as being entitled to use an electronic resource (usually one that has to be paid for) held on a server elsewhere on the internet. Authentication by Internet Protocol is appropriate when the user is in a fixed environment but to enable a user to have wider access other mechanisms are needed, the most universally applicable being authentication relying on the information provided by an access management federation using Shibboleth. Shibboleth is a standard-based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. The requirements for the security of the solution particularly regarding the intellectual property rights of the owners of the data are discussed. Various possible solutions are outlined based on those in use in the UK Federation, the US InCommon system, the Swiss SWITCHaai, and the Australian Access Federation. The framework and development leading to the implementation of the Taiwan Access Management Federation (TAMF) primarily follow the SWITCHaai and to a lesser extent the other three Federations. The history, management structure, software used and the organization participants in the four federations that TAMF follows are discussed. The progress of TMAF is described as well. It is hoped that this could serve as a model for federations around the world

    Audit of walk-in access for members of the public to online resources at higher education and further education libraries in the South West of England

    Get PDF
    This SWRLS-funded project aims to analyse and evaluate the extent to which Higher Education (HE) and Further Education (FE) libraries across the South West region of the United Kingdom provide walk-in access to electronic resources.The information presented within this report is derived from the findings of a survey questionnaire of librarians from across the South West region. Findings of the survey reveal that in the majority of the six institutions that provide walk-in access, the service is not actively promoted. Potential audiences are not actively identified. Information about walk-in services and which resources are available to use within HE or FE in the region is currently hard to discover. There does appear to be some desire to provide walk-in access but the report identifies IT difficulties and legal issues over licences as particular barriers to implementation

    Taking Computation to Data: Integrating Privacy-preserving AI techniques and Blockchain Allowing Secure Analysis of Sensitive Data on Premise

    Get PDF
    PhD thesis in Information technologyWith the advancement of artificial intelligence (AI), digital pathology has seen significant progress in recent years. However, the use of medical AI raises concerns about patient data privacy. The CLARIFY project is a research project funded under the European Union’s Marie Sklodowska-Curie Actions (MSCA) program. The primary objective of CLARIFY is to create a reliable, automated digital diagnostic platform that utilizes cloud-based data algorithms and artificial intelligence to enable interpretation and diagnosis of wholeslide-images (WSI) from any location, maximizing the advantages of AI-based digital pathology. My research as an early stage researcher for the CLARIFY project centers on securing information systems using machine learning and access control techniques. To achieve this goal, I extensively researched privacy protection technologies such as federated learning, differential privacy, dataset distillation, and blockchain. These technologies have different priorities in terms of privacy, computational efficiency, and usability. Therefore, we designed a computing system that supports different levels of privacy security, based on the concept: taking computation to data. Our approach is based on two design principles. First, when external users need to access internal data, a robust access control mechanism must be established to limit unauthorized access. Second, it implies that raw data should be processed to ensure privacy and security. Specifically, we use smart contractbased access control and decentralized identity technology at the system security boundary to ensure the flexibility and immutability of verification. If the user’s raw data still cannot be directly accessed, we propose to use dataset distillation technology to filter out privacy, or use locally trained model as data agent. Our research focuses on improving the usability of these methods, and this thesis serves as a demonstration of current privacy-preserving and secure computing technologies
    • …
    corecore