Proceedings of the 2013 ACM workshop on Digital identity management

Abstract

It is our great pleasure to welcome you to the Eighth ACM Workshop on Digital Identity Management (DIM 2013): Identity at the Crossroads. The Workshop Digital Identity Management has evolved during the last decade as one of the most interesting events on identity management issues. Starting from a community with a background mainly in computer science, it has developed towards an interdisciplinary workshop where a lively interactive community discusses identity topics from technical, sociological, economical, legal, psychological and many more angles. The goal of this workshop is to share the latest findings, identify key challenges, inspire debates, and foster collaboration between industries and academia towards interoperable and trustworthy identity service infrastructures. "Identity at the crossroads" is the main theme of DIM 2013. Whereas identity management has become a standard method for authentication in the digital world, many of its facets that are dealt with in research and in practice are still not well understood. Particularly interesting are discussions which solutions are optimal for different areas of application, how we can promote positive aspects for individuals and society while preventing negative effects, and how we can transfer research results into practice. At the same time, the environment of our digital lives and of identity management systems is rapidly changing: The Internet is going mobile and social: The number of smartphones in use exceeded 1 billion; the social network platform Facebook has passed the 1 billion user mark as well.Identity federation systems and other digital identity platforms are more and more adopted, beither enabling single sign-on for multiple applications such as in Google Accounts or reaching out to third-party applications such as in Facebook Connect.Identity management technologies have been improving tremendously, in particular regarding the maturity of attribute-based credential systems, the cryptography ensuring security and privacy properties, and other privacy-preserving or privacy-enhancing technologies (PETs).Governments all over Europe and, indeed, all over the planet propose eID solutions that partially support privacy mechanisms and frequently allow the government-issued identity credentials to be tied into an identity federation ecosystem.Advances in technology and operating environments such as social networks, mobile devices, smartphones, tablets as well as upcoming smart TVs or wearable computing start to impact social habits and individuals' behavior. The direct experience of new technology is flanked by news reports on incidents, mostly on privacy violations and surveillance. Identity is at the crossroads. It is an open question how identity technology will affect societies -- societies that are affected by mobile computing and social network services, by data processing in the cloud and almost comprehensive monitoring, user tracking and big data analysis by stakeholders such as the advertisement industry on the one side and national secret services on the other side, or by emerging technologies such as ubiquitous computing or cyber-physical systems where new user interfaces have to be considered. Will identity technologies make the users' lives easier or will they put their privacy at risk? We believe that the ACM Digital Identity Management workshop series needs to address these issues in all their breadth, covering foundational technologies such as cryptography and integration with eID systems, over investigating technology and architecture challenges to be resolved to exploring the social impact of identity management. With the year's workshop we have covered these areas in our program with experts from different fields of identity. Workshop Format and Contributions The DIM 2013 workshop will be a full-day event, starting with a keynote by Claudia Díaz, KU Leuven, on the meaning of 'privacy' in privacy-enhancing technologies and their role in the identity management world. Four sessions are constituted by accepted full and short papers, encompassing a wide range between cryptographic foundations and socio-psychological findings. In the afternoon, a panel will deal with eIDs and their actual development from different perspectives. All participants are invited to join with statements on shaping the future of identity -- be it by tackling research topics or by deploying solutions for better identity management. We clustered the accepted contributions of eight full and three short papers into four groups. Right after the invited keynote the session on "Cryptographic Methods" will continue the elaboration of components that can support privacy and security features of identity management systems: 'Universally Composable Adaptive Oblivious Transfer (with Access Control) from Standard Assumptions', 'A Secure Channel for Attribute-Based Credentials', and 'UbiKiMa: Ubiquitous Authentication Using a Smartphone, Migrating from Passwords to Strong Cryptography'. The second session will focus on "Human Factors and Socio-Economic Aspects". It consists of three contributions that center around acceptance and employment of identity-related functionality by users: 'A Comparison of Users' Perceptions of and Willingness to Use Google, Facebook, and Google+ Single-Sign-On Functionality', 'Taboos and Desires of the UK Public for Identity Management in the Future; General Findings from Two Survey Games', and 'Probing Identity Management -- Preliminary Findings'. The third session on "Security Considerations" will highlight some possible attacks and countermeasures or improvements of existing systems: 'Geo-Location Based QR-Code Authentication Scheme to Defeat Active Real-Time Phishing Attack', 'Towards Standardizing Trusted Evidence of Identity', and 'Reachability Analysis for Role-Based Administration of Attributes'. The last session of the workshop on "eIDs and Identity Management" mixes the disciplines the contributions come from. After the presentation of a technical approach for an eID architecture in 'Options for Integrating eID and SAML' the perspective of citizens is emphasized by 'Federated Identity to Access e-Government Services -- Are Citizens Ready for This?' The findings of both papers will be taken up in the concluding panel on the future of eIDs and identity management.