From Real-worl Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control
Rubén Cuevas (firstname.lastname@example.org)
May 2015 to April 2018
The objective of the ReCRED project is to design and implement mechanisms that anchor all access control (AC) needs to mobile devices that users habitually use and carry. It aims to build integrated next generation access control (AC) solution that satisfies the following properties:
• It solves the following problems that stem from the weaknesses of the current authentication methods, namely: a) password overload, referring to the inability of users to remember different secure passwords for each one of their accounts; b) identity fragmentation, stemming from the fact that independent identity providers (email, social networks, etc.) create disjoint identity realms, making it difficult for end users to prove joint ownership of accounts, e.g., for reputation transfer or to fend off impersonation attacks; c) lack of real-world identity binding to an individual’s legal presence, e.g., id number, passport, etc.; and d) lack of support for attribute-based access control (ABAC), which facilitates account-less access through verified identity attributes (e.g., age or location).
• It is aligned with current technological trends and capabilities.
• It offers a unifying access control framework that is suitable for a multitude of use cases that involve online and physical authentication and authorization via an off-the-shelf mobile device
• It is attainable and feasible to implement in the existing products under the scope and timeframe of the project.