Správa veřejných klíčů SSH v programech FreeIPA a SSSD / SSH Public Key Management in FreeIPA and SSSD

Cholasta, Jan

January 2012

SSH je jeden z nejpoužívanějších protokolů pro vzdálený přístup v Internetu. SSH je flexibilní a rozšiřitelný protokol, který se skládá ze tří hlavních součástí: SSH transportního protokolu, který obstarává důvěrnost, integritu a autentizaci serveru, SSH autentizačního protokolu, který obstarává autentizaci uživatelů a SSH spojovacího protokolu, který obstarává multiplexování více kanálů různých typů (interaktivní sezení, přesměrování TCP/IP spojení, atd.) do jednoho spojení. OpenSSH je jedna z nejrozšířenějších implemetací SSH. OpenSSH obsahuje SSH server, SSH klienty, generátor SSH klíčů a autentizační agent, který usnadňuje autentizaci pomocí veřejných klíčů. FreeIPA a SSSD jsou projekty poskytující centrální správu identit pro Linuxové a Unixové systémy. Tyto projekty sice v době psaní této práce přímou podporu SSH neobsahovaly, ale do jisté míry je ve spojení s OpenSSH používat možné bylo.

Contributions to Web Authentication for Untrusted Computers

Vapen, Anna

January 2011

Authentication methods offer varying levels of security. Methods with one-time credentials generated by dedicated hardware tokens can reach a high level of security, whereas password-based authentication methods have a low level of security since passwords can be eavesdropped and stolen by an attacker. Password-based methods are dominant in web authentication since they are both easy to implement and easy to use. Dedicated hardware, on the other hand, is not always available to the user, usually requires additional equipment and may be more complex to use than password-based authentication. Different services and applications on the web have different requirements for the security of authentication.  Therefore, it is necessary for designers of authentication solutions to address this need for a range of security levels. Another concern is mobile users authenticating from unknown, and therefore untrusted, computers. This in turn raises issues of availability, since users need secure authentication to be available, regardless of where they authenticate or which computer they use. We propose a method for evaluation and design of web authentication solutions that takes into account a number of often overlooked design factors, i.e. availability, usability and economic aspects. Our proposed method uses the concept of security levels from the Electronic Authentication Guideline, provided by NIST. We focus on the use of handheld devices, especially mobile phones, as a flexible, multi-purpose (i.e. non-dedicated) hardware device for web authentication. Mobile phones offer unique advantages for secure authentication, as they are small, flexible and portable, and provide multiple data transfer channels. Phone designs, however, vary and the choice of channels and authentication methods will influence the security level of authentication. It is not trivial to maintain a consistent overview of the strengths and weaknesses of the available alternatives. Our evaluation and design method provides this overview and can help developers and users to compare and choose authentication solutions.

Authentication

security levels

identity management

2-clickAuth

information security

Computer Sciences

Datavetenskap (datalogi)

CLASSROOM RACIAL POLITICS, FACEWORK, AND FACE THREAT: THE IDENTITY MANAGEMENT PRACTICES OF BLACK MALE TEACHERS

Spikes, Antonio L

01 August 2019

The purpose of this dissertation is to improve the racial conditions of USAmerican education and to highlight how racial politics influence the facework practices of Black male teachers, their perceptions of and responses to face threats, and how the classroom, as a context, shapes perceptions and issues of face, facework, and face threat. I utilized identity management theory to examine how Black male teachers construct facework and face threat within the classroom. Additionally, I used semi-structured respondent interviewing and grounded theory as my method and analytical method (respectively) to complete my study. Using key concepts, such as positive face, negative face, face threat, and identity freezing, I concluded that perceptions of racism and racial stereotypes that are sometimes contingent on their gender identity impact how they constructed positive and negative face. Additionally, racism and racial stereotypes shaped which facework strategies the interview participants utilized, what they considered face threatening situations, how they responded to face threatening situations, and what they considered identity freezing situations. Overall, their constructions of facework and face threat were utilized to avoid stereotypes that depicted them as angry and incompetent. Considering the positive potential of this study, I concluded with how this research can help administrators and colleagues to improve the education system for Black male teachers.

Black Male Teachers

Education

Face Threat

Facework

Grounded Theory

Identity Management Theory

A ZERO-TRUST-BASED IDENTITY MANAGEMENT MODEL FOR VOLUNTEER CLOUD COMPUTING

albuali, abdullah

01 December 2021

Non-conventional cloud computing models such as volunteer and mobile clouds have been increasingly popular in cloud computing research. Volunteer cloud computing is a more economical, greener alternative to the current model based on data centers in which tens of thousands of dedicated servers facilitate cloud services. Volunteer clouds offer numerous benefits: no upfront investment to procure the many servers needed for traditional data center hosting; no maintenance costs, such as electricity for cooling and running servers; and physical closeness to edge computing resources, such as individually owned PCs. Despite these benefits, such systems introduce their own technical challenges due to the dynamics and heterogeneity of volunteer computers that are shared not only among cloud users but also between cloud and local users. The key issues in cloud computing such as security, privacy, reliability, and availability thus need to be addressed more critically in volunteer cloud computing.Emerging paradigms are plagued by security issues, such as in volunteer cloud computing, where trust among entities is nonexistent. Thus, this study presents a zero-trust model that does not assign trust to any volunteer node (VN) and always verifies using a server-client topology for all communications, whether internal or external (between VNs and the system). To ensure the model chooses only the most trusted VNs in the system, two sets of monitoring mechanisms are used. The first uses a series of reputation-based trust management mechanisms to filter VNs at various critical points in their life-cycle. This set of mechanisms helps the volunteer cloud management system detect malicious activities, violations, and failures among VNs through innovative monitoring policies that affect the trust scores of less trusted VNs and reward the most trusted VNs during their life-cycle in the system. The second set of mechanisms uses adaptive behavior evaluation contexts in VN identity management. This is done by calculating the challenge score and risk rate of each node to calculate and predict a trust score. Furthermore, the study resulted in a volunteer computing as a service (VCaaS) cloud system using undedicated hosts as resources. Both cuCloud and the open-source CloudSim platform are used to evaluate the proposed model.The results shows that zero-trust identity management for volunteer clouds can execute a range of applications securely, reliably, and efficiently. With the help of the proposed model, volunteer clouds can be a potential enabler for various edge computing applications. Edge computing could use volunteer cloud computing along with the proposed trust system and penalty module (ZTIMM and ZTIMM-P) to manage the identity of all VNs that are part of the volunteer edge computing architecture.

edge computing

identity management

IoT

security

volunteer cloud computing

zero trust

Complexities of concealable stigma: Implications for disclosure confidants at work

Vason, Tyra

31 May 2023

No description available.

Organizational Behavior

disclosure confidant

concealable stigma

identity management

culture

diversity dishonesty

Testing an Empirical Model of Workplace Sexual Identity Management

Rummell, Christina M.

January 2013

No description available.

Psychology

Quantitative Psychology

Statistics

workplace sexual identity management

sexual minority populations

path analysis

research methodology

Exploring Communication Identity Management on Facebook

Lewis, Amber N.

13 October 2014

No description available.

Communication

Facebook Identity Management

Information Manipulation

Online Identity

Online Impression Management

Parental Strategies of Normalization in Account Giving for Child Behavioral Issues

Hawes, Nicholas E.

23 September 2011

No description available.

Cultural Anthropology

accounts

parental problem recognition

child behavior

discourse

identity management

Systém správy identit pro malé a střední firmy / Identity Management Solution for Small and Medium Businesses

MAXA, Karel

January 2014

The topic of this master's thesis is development of identity management solution for small and medium business. The thesis is divided into four major parts. The first part contains theoretical background as description of RBAC model or model with relationships between practically used objects (user identity, role, position, permission, account...). Analysis of functioning and needs of targeted organizations was carried out in the second part. The third part describes the design of the developed application. The fourth part discusses actual implementation of the application. The main outcome of the thesis is implemented application that can be deployed at thesis defined organizations. The application includes all the functionality required in the first phase of the project.

Návrh změn identity managementu v podniku / Company Identity Management Changes Proposal

Hruška, David

January 2018

This diploma thesis focuses on the proposal to implement changes of identity management into a particular company. In the theoretical part are the basic concepts and a detailed description of the identity management. There is also described an analysis of the current state of information security in the company, risk analysis and selection of measures to minimize the risks found. At the end of this thesis are proposed changes, their procedure and timetable for implementation of selected measures.