Posts Categorized: eGovernment

The recent project “Skytrust” being about moving the cryptographic key data from the application to an external service succeeded in relieving the cryptographic key data itself from unwanted attention. However, authentication data used to authorise key usage takes its place in being the weak point. These data are collected by the application and forwarded suitably – hence, the application has access to the now very sensitive authentication data. A better approach would be to also collect the authentication data outside the application. An intermediate authentication data collector service between application and key service is necessary to achieve the functionality. An intermediate, however, calls for end-to-end encryption. The challenge is to collect and route the authentication data without the need for breaking the end-to-end encrypted communication, while being able to add the data.

Weiter lesen…

Linked Open Data (LOD) and Linked Open Vocabularies (LOV) deal with the definition of reusable concepts, models, and architectures that facilitate the integration of data and services on a web scale. With the ever-growing heterogeneity of available standards and implementation approaches, such integration faces various barriers that make this process costly and less effective in practice. Open and reusable vocabularies aim to lower these barriers by providing the foundations for conceptual annotations that allow the abstraction and bridging of concepts among different entities and domains in reusable, scalable and machine-readable manner. LOV, as one of the initiatives supporting the underlying paradigm, has emerged from the DataLift project and is supported by the Open Knowledge Foundation. LOV today represents the largest dataset that systematically gathers, analyzes and presents data about semantic vocabularies from different domains.

Weiter lesen…

Applied approaches on authorization management often focus on a single system or environment, neglecting the need to address the security of data sharing processes that span various entities and organizations.
In the course of this work, we address the shortcomings of existing frameworks by separating authorization management from particular organizations, their business or resource models. We establish a framework that defines abstract means to manage the security of resources distributed across diverse services using a unified service and policy description models. Weiter lesen…

Web-APIs represent a significant building block of the modern Web. They enable efficient and technology neutral data and process integration between diverse entities and platforms. As an innovation driver, they facilitate the creation of new business models and products. The broad variety of APIs, as well as the need to efficiently manage their lifecycles, motivated the inception of specifications and tools to ease and accelerate their development and integration in programmatic environments. Weiter lesen…

In this project we present the reusable data structure that addresses the issues of static, inflexible and practically non-interoperable authorization definitions. We first establish the structure that introduces enhanced expressivity, context-sensitivity and adaptability in descriptions of authorization constraints. We then develop the supporting software component and the web-based interface for definition and inspection of access authorizations established using the proposed structure. Based on that, we present a demonstration prototype and describe the application of the proposed structure both in terms of emerging solutions and existing authorization frameworks

• Technical Report – Contextual Data Exchange [Report]
• Demonstration [Prototype]

During the past years, ontology-based concepts have gained importance especially in the context of applications related to the Semantic Web. In addition, these concepts are currently in the focus of various research activities. The capability to amend stored and processed data by a semantic dimension enables numerous use cases and fields of application.
Weiter lesen…

Cryptography is a powerful tool, which—if applied correctly—provides confidentiality, integrity, and authenticity of electronically stored, processed, and transmitted data. Electronic Internet-based services from security-critical fields such as e-government or e-banking would be infeasible without cryptography. Hence, the correct application of cryptographic methods is also for public administrations of special relevance.
Weiter lesen…

In the course of this project we developed a framework for cross-system definition and representation of web resources and security policies. This representation is supported by two separate building blocks, enabling a definition of resource and execution of security policies in a layered manner.
Weiter lesen…

This study analyzes which security mechanisms are available in popular cross-platform frameworks. This study covers the two most popular frameworks, Apache Cordova and Xamarin, and additionally Alpha Anywhere. Alpha Anywhere was selected because of the advertised security features. The selected frameworks cover both development approaches, hybrid and interpreded applications. Apache Cordova and Alpha Anywhere create interpreted applications, while Xamarin creates hybrid applications.

Weiter lesen…

This project implements a cryptography plugin for the Cross-Platform Framework Apache Cordova. The plugin is currently available for Android only. The plugin implements the Web Crypto API. Therefore, cryptographic methods can be invoked using the interface provided by the Web Crypto API. The cryptographic methods are implemented natively and cryptographic keys are stored using the on-device key storage facilities. As many Android devices use a KeyStore backed by a Secure Element, this cryptography plugin provides protection against software attacks on the key material.

Weiter lesen…