You are here

Video list

Tuesday 2, October 2018

The Consent Management Reasoning Tool utilizes a machine learning model to provide policy recommendations to the user. The model is based on a Markov Logic Network where each policy is assigned a weight of importance based on the active policies of all the users and the (transfer) requests logs. By assigning an importance weight on each policy we can provide recommendations to the user if the weight passes a specific threshold. This essential means that as more users are active on the system the more accurate the recommendations are. Is worth mentioning that the threshold of each attribute is defined by the IDC's administrator. However due to the computational requirements of training the model, we resort to offline process. The consent policy recommendations and their associate weights are computed in weekly intervals or when enough requests are made that render the re-training essential.

Consent Management Module - Κεντρική Εικόνα
Tuesday 2, October 2018

The Profile Management Module provides easy browsing and management of the identity attributes that Identity Providers and Service Providers know about a user and informs the user about the risks of involuntary attributes inference. It also allows users to transfer attribute values between different IdPs by extending federated login protocols like OpenID Connect. This module also allows the ReCRED Identity Consolidator to run the federated login protocol OpenID Connect for transferring identity attributes between different IdPs based on the IAL and the AAL of these attributes. In addition, the user is able to review and delete the attributes that a certain Identity Provider knows about him

Profile Management Module 2 - Κεντρική Εικόνα
Tuesday 2, October 2018
Wi-Fi access at CSGN premises - Κεντρική Εικόνα
Tuesday 2, October 2018

The ReCRED campus Wi-Fi Pilot is a security architecture which employs the ReCRED modules in order to control the user access to the campus Wi-Fi network and to the associated web services. The first scenario addressed by the Wi-Fi pilot consists in students and professors accessing the network services by presenting a minimal set of trustworthy attributes. In this context, the following demonstrator presents the case of a student authenticating to the online e-learning platform of the university, using the ReCRED android-based application. When the user requests to authenticate with ReCRED, instead of the traditional user-name/password way, the user is redirected to the ReCRED authentication web-based platform and presented with a QR code. When the user reads this QR code using the ReCRED android-based application, and successfully authetnicates with his fingerprint, then, the user allows ReCRED to act as an Identity Provider transfering user attributes over OpenID Connect to Moodle, which is acting as the Service Provider.

Moodle Authentication - Κεντρική Εικόνα
Tuesday 2, October 2018

The WiFi pilot proposes an architecture where users will be granted access to the network resources by presenting a set of identity attributes which are validated by the ReCRED infrastructure. For this, the administrators of the Wi-Fi and web services access control Pilot can access a web-based platform, named “Access Control Policy Reasoning Tool”, in order to manage the access control policies for each resource provided by this Pilot. Using this platform, the administrators can create, view, and delete policies. In addition, the tool is equipped with a specialized Machine Learning policy recommendation system which can recommend to the administrators new policies based on the existing policies and based on the access logs being kept by the system with all the requests of the users. Moreover, the policy recommendation system further facilitates the administrators in managing the policies with the following functionalities: 1) Redundancy check: Removes policies that are already covered by other policies. 2) Merge recommendation: Combines policies of attributes with discrete options. For example if an attribute has n options, e.g., the gender might be Male, Female or Rather not say, and there are n policies that cover all the available set of that attribute, then the system will recommend a merge. 3) Partial merge recommendation. Combines policies of attributes that miss at least one discrete options of an attribute. For example if an attribute has n options and there are n-1 policies covering that attribute’s set, then the system will recommend a merge.

Wi-Fi Pilot Access Control Policy Reasoning Tool - Κεντρική Εικόνα
Tuesday 2, October 2018

This module is responsible for horizontally binding the online identities (e.g., Facebook account, Twitter account, etc.) of a user by enabling the user to give explicit authorization to ReCRED to access the information of each online account that the user maintains. In addition, some services that require higher attribute assurance level, require the user to enter their physical identity into their system by providing photos of their real-world identities.

Online Identity Acquisition Module - Κεντρική Εικόνα