Exploring innovations in trust mechanisms



Novay did a study for SURFnet on innovations in service provider authenticity and behaviour. This study was done by my colleague Martijn Oostdijk and myself, in collaboration with Roland van Rijswijk-Deij from SURFnet (and Radboud University). We basically explored what innovations there are to better assess trustworthiness of service providers. This can be trust in the server authenticity (is the service provider who he appears to be?) and the behaviour (will the service provider behave as expected?). Trustworthiness of users was out of scope for this study. The goal of the study was to assess the feasibility of deploying these innovative trust mechanisms and their potential impact for SURFnet and its community. We followed a wisdom-of-the-crowd like approach, involving experts from SURFnet, Novay and SIDN in determining what mechanisms are most relevant and most promising.

Read the rest of this entry »

Context-enhanced authorization: usefulness and feasibility for the banking sector


We did a very interesting  project for a large Dutch bank (Rabobank) and IBM to determine the usefulness and feasibility of Context-enhanced Authorization in the banking sector. We focussed here on employees, and taking their context (location, used device etc) into account for authorization decisions. This would allow the authorization to become more dynamic, and address new trends such as nomadic working (Dutch: Het Nieuwe Werken) and Bring Your Own Device.  An important technology in this project was XACML, for which we used IBM’s tooling (Tivoli Security Policy Manager).  In short the outcome was yes it is useful and yes it is feasible.

Today I presented the project at a XACML seminar, organized by PIMN, CSA, PvIB and SURFnet. I repeat the key take-aways here:

Read the rest of this entry »

Interview on telemedicine


From 2004 till 2009 my biggest project was the Freeband AWARENESS project, a collaborative research project in which we worked on context-aware middleware for mobile applications, focusing on mobile health applications. In 2008 a journalist interviewed me for an article on telemedicine, to appear in a Microsoft internal magazine. I never got to read this article myself, but earlier this month, and two years after the interview …., it also appeared on a Dutch online magazine. For those interested, and able to read Dutch: Telemedicine: the 24-uurs virtuele thuisdokter.