Charles Sederholm This series of blogs is about selected R&D efforts of special interest or where Ubisecure participates.
This article is about LIGHTest, which is a project that is partially funded by the European Commission as an Innovation Action in the Horizon2020 program (for reference: grant agreement number 700321). Its start date was September 1, 2016 and the duration is 36 months. The estimated project cost is 8.7M€. Ubisecure is one of the cooperating partners in the LIGHTest project.
What is it and what is it about?
LIGHTest stands for (hold on to your chair, here it comes ;)) — “Lightweight Infrastructure for Global Heterogeneous Trust management in support of an open Ecosystem of Stakeholders and Trust schemes“. So, we’ll stick to the acronym from now on…
The objective is to build a global infrastructure. For this reason, the consortium of the EU-funded project includes the European branches of organizations that operate globally, namely the Open Identity Exchange and Ubisecure, IBM, and G&D. Further outreach beyond Europe is implemented through the composition of the advisory board and the associate partner program.
The LIGHTest consortium consists of 14 partners from 9 countries, namely Austria, Belgium, Denmark, Finland, Germany, Spain, The Netherlands, Turkey and the United Kingdom. The project is coordinated by Fraunhofer in Germany.
The challenges to solve
The amount of effort required to create a global infrastructure from scratch is enormous. In most cases it is well out of reach of one EU-funded project with a limited budget, such as LIGHTest. This becomes evident when considering some of the requirements of such an infrastructure:
(viii) Global agreement on the governance of the single trust root;
(ii) Global organization to register unique names of trust schemes;
(iii) A highly available and efficient global infrastructure for scheme location and queries;
(iv) Design of the necessary protocols and their international standardization;
(v) Development and maturation of software implementations of these protocols;
(vi) Detailed security analysis of the infrastructure and of specific software products;
(vii) Registration of trust schemes at the global registry;
(viii) Training of staff to operate servers that publish trust schemes.
LIGHTest addresses this possibly most difficult challenge through reuse of the existing Domain Name System (DNS). In particular, LIGHTest employs the global DNS system as-is. Only marginal additions to DNS render it usable as a global trust infrastructure. It does so by following well-established principles of trust management.
This is at the same time one of the big challenges: to explore and empirically demonstrate that the described concepts work and scale. If it works, it will evolve into many practical benefits in later implementations and deployments, since DNS is a well-established and available basic mechanism and service. Building on top of that will speed-up further development and deployments enormously, saving substantial efforts that otherwise would have to go into researching and developing basic components.
So, let’s all hope that the efforts and trials in the pilots are successful and this kind of reuse of technology and principles will be possible.
The reasons for doing it all and the actual benefits of the results
The objective of LIGHTest is to create a global cross-domain trust infrastructure that renders it transparent and easy for verifiers to evaluate electronic transactions. The idea is to enable querying different trust authorities world-wide and combining trust aspects related to identity, business, reputation etc. based on that, it will become possible to conduct domain-specific trust decisions.
It is all about reducing the risks of doing business. In the future, it will enable and accelerate the use of high-value cross-border transactions between two or more parties who may have never met.
Key themes and some highlights of the work
Trust is necessary in a very wide field of transactions. Hence the field of applicability for LIGHTest results is enormous.
Global solutions require global interoperability and any trust-critical processes in organizations or across organizations also cross national or policy boundaries.
Global interoperability requires principles, mechanisms, tools and rules. For instance, trust must be anchored to allow e.g. traceability and revocation in case of breaches etc.
Certificates or (public) key infrastructure for trust mechanisms must be in place – for example to sign a trust list and messaging.
Securing a global, multi-domain trust infrastructure is a major issue, since it becomes a very big point of potential attack.
LIGHTest is going to test a single trust anchor: a single global trust root – using the Domain Name System for a globally deployed system with a single trust root.
Some specific aspects to consider
But there are of course more angles to this large research theme. One such theme is the fundamental perception of trust. Current homogeneous trust models fail to scale globally and fail to provide support for heterogeneous trust models on a global scale. Most current approaches assume that all participants share a single homogeneous
perception of trust. Prime examples are “circles of trust”. In a global setting, this assumption typically however fails to apply. A global infrastructure has to support more heterogeneous trust models where stakeholders without a common perception of trust can collaborate.
LIGHTest supports heterogeneous models of trust by moving the decision point for who is trusted to the verifier’s trust policy. It typically selects and combines few existing large scale trust schemes (such as that of EU qualified signature) and can further personalize it with local black-lists and white-lists.
Why did Ubisecure join LIGHTest?
As a platform and service provider for (externally facing) Customer IAM, Ubisecure is positioned at the interfaces and interaction points of transactions involving identity information. Many of our customer organizations and their typical use cases we solve deal with cross-organizational and cross-border interaction. Hence it is only natural that we want to participate in developments that bring essential parts in enabling this mechanism to move forward. We also have almost as corporate culture a tradition throughout our 15+ year history, to participate in joint efforts, for instance standardization of core standards and interop enabling activities such as SAML, OpenID Connect/OAuth2, GSMA Mobile Connect, as well as national efforts such as eID and eIDAS developments and deployments in some European countries. So when we were asked to join LIGHTest, we responded positively and have since the LIGHTest kickoff very much enjoyed the interaction and discussions with the group of some of the key players in the security and identity scene; and their very experienced experts that are in the LIGHTest project team.
How can you participate and benefit?
For you, as a member of a stakeholder organization or as an individual (consumer or professional), a LIGHTest Community has now recently been established. So now you can participate and interact with LIGHTest by joining the Community: https://www.lightest-community.org/. The LIGHTest project encourages associate partners to communicate on the LIGHTest Community forum as well as to disseminate the latest LIGHTest news.
Summary
To finally summarize shortly, LIGHTest is a project, where a global infrastructure for trust management is developed and its operation and feasibility in use-cases is proven and demonstrated in trials. The idea is to enable querying different trust authorities world-wide and combining trust aspects related to identity, business, reputation etc. based on that, it will become possible to conduct domain-specific trust decisions. Technically, the trust mechanism of LIGHTest benefits from re-using DNS mechanisms.
More about the LIGHTest project:
About The Author: Charles Sederholm
More posts by Charles Sederholm