EEMA Trust in the Digital World/Cyber Security & Privacy EU Forum, 18-19/04/2013 - Brussels, Belgium Collaborative service fusion in user-centric environments Mario Hoffmann
Tech Trend Gartner: 10 Critical Tech Trends For The Next Five Years No 4 Hybrid cloud services: Composed of services from multiple providers. Combination of private and public clouds. Use cloud as extension of IT. Gartner thinks private clouds improve agility and will dominate. People are looking at the cloud as a way to accelerate business growth, particularly mobile apps. You could end up with hybrid environment with dozens of specialty providers. It s about increasing capability and/or capacity. He says that hybrid data centers will be in your future. You can move non-critical work to the cloud to free up space. Result can be incremental operating expense growth, but long-term capital spending deferral. http://www.forbes.com/sites/ericsavitz/2012/10/22/gartner-10-critical-tech-trends-for-the-next-five-years/, Oct 2012
Challenges End-users manage many separate user accounts for services one-byone service silos. Limited portability and interoperability of user profiles Users suffer from inconsistency of different profiles The legal situation regarding the handling of user data between jurisdictions can be unclear: different SLAs, different terms and conditions, data protection measures and assurances vary from service to service. Provided services may not address user needs appropriately and the user has no way of affecting the combination of composed services Service and app developers have to develop services for multiple environments in order to maximize the addressable market Service providers, users and local entities at a point of presence do not collaborate to enable ad-hoc rendezvous and service fusion.
Example
Approach 1: Life Management Platform future Life Management Platform Users Users Remote Data Store Life App! Personal Data Store Requesting Provisioning Service Fusion Life App! Life App! Life App! Services Services Services People Things Services Internet PIA-enabled Future Internet
Approach 2: Life App PIA4life Personal Information & Identity Agent Creating Editing Sharing Closing Following Registered users Registered environments Registered services SAVE CLEAR CANCEL egov Deutsche Bank Life App Approach: Imagine you are an app and others are an app as well. You can download them and they can download you. Services and environments can download you as well. You can create new virtual identities at any time and add information. Subscribers are up-to-date as soon as you edit your profile. You control at any time who has access to what and how long. You master the identity life cycle terminate virtual profiles that you do not need anymore.
Benefits Benefits for end users The Life Management Platform empowers the user to maintain only one service, profile, and policy data base. Users have full control over the service, identity & information life cycle taking advantage of policy management. The personal data store can use external storage, e.g. Cloud storage service providers; the service provider has no access to the encrypted profile data. Data sent to the DB will be encrypted at the client platforms, e.g. smartphone, tablet, PC. Benefits for service providers The Life Management Platform supports any federated services and service chains in future digital processes. Service chains are supported by granting access rights to complete processes. All services in a chain have (individually authorized) access to latest and authentic user data when needed. Country specific (sticky) policies can ensure compliance to data protection laws and regulatory frameworks.
Conclusion: Integrated Project
Interested Partners Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.v., Germany Lappeenranta University of Technology, Finland Aalborg University, Denmark University of Reading, UK Harz University of Applied Sciences, Germany Movation AS, Norway SIA Latvisoft, Latvia Digital Living Finland Oy, Finland Hewlett Packard Research, India Deutsche Telekom T-Labs, Germany Research in Motion, Canada Kuppinger/Cole Analysts, Germany Avoco Secure, UK DesignIT, Germany Philips Research, Netherlands Population and Social Policy Consultants, Belgium Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein, Germany Huawei Technologies, UK Siemens AG, Healthcare Sector, Germany
Contact Fraunhofer AISEC Parkring 4 85748 Garching (near Munich) Germany Service & Application Security SAS Mario Hoffmann Head of Department Phone: +49-(0)89 322 9986-177 Fax: +49-(0)89 322 9986-299 email: Web: mario.hoffmann@aisec.fraunhofer.de http://www.aisec.fraunhofer.de http://www.cloud-competence-center.com
APPENDIX Fraunhofer AISEC in a nutshell
Fraunhofer Profile 60 Institutes 80 research units at approx. 40 locations Europe, Asia, USA 17 000 employees 1.7 billion research budget 7 Alliances Information and Communication Technology Life Sciences Materials and Components Microelectronics Production Surface Technology and Photonics Defense and Security
Fraunhofer Profile Alliance: Information and Communication Technology Germany
AISEC Research & Development Groups Embedded Security Dr. F. Stumpf Secure Hardware Platforms Mobile Phones, Smartphones etc. Anti-Piracy, Know-how protection Network Security, P. Schoo Security in IP-based networks Automotive Security, Car2X Automated Malware-detection Service & Application Security, M. Hoffmann Mobile Security Cloud Computing Digital Identities +Testing
Fraunhofer AISEC Department Service & Application Security Mobile Security Interoperability and Compliance Tests Penetration Testing Security & Risk Analysis Unified management of virtual identities Personalisation Security in Identity Ecosystems Portfolio Platform Security Trusted Execution App Development Cloud Monitoring Service Integration Data Security Research and development of mobile architectures and platforms and their integration in context-aware personalised environments Cloud Computing Security Implications in Cloud Computing Ecosystems Risk Analyses, Technology Studies, Prototyping Digital Identities Seamless integration of digital identities across application domains; Authorisation Protocols & Use Cases in Identity Ecosystems Assessments & Testing Installation & Evaluation of Open Source Solutions for Cloud Computing, Identity Management and Service Architectures