Daniela Pöhn

Daniela Pöhn, Peter Hillmann

With the pandemic of COVID-19, people around the world increasingly work from home. Each natural person typically has several digital identities with different associated information. During the last years, various identity and access management approaches have gained attraction, helping for example to access other organization's services within trust boundaries. The resulting heterogeneity creates a high complexity to differentiate between these approaches and scenarios as participating entity; combining them is even harder. Last but not least, various actors have a different understanding or perspective of the terms, like 'service', in this context. Our paper describes a reference service with standard components in generic federated identity management. This is utilized with modern Enterprise Architecture using the framework ArchiMate. The proposed universal federated identity management service model (FIMSM) is applied to describe various federated identity management scenarios in a generic service-oriented way. The presented reference design is approved in multiple aspects and is easily applicable in numerous scenarios.

Marcus Knüpfer, Tore Bierwirth, Lars Stiemert et al.

The lack of guided exercises and practical opportunities to learn about cybersecurity in a practical way makes it difficult for security experts to improve their proficiency. Capture the Flag events and Cyber Ranges are ideal for cybersecurity training. Thereby, the participants usually compete in teams against each other, or have to defend themselves in a specific scenario. As organizers of yearly events, we present a taxonomy for interactive cyber training and education. The proposed taxonomy includes different factors of the technical setup, audience, training environment, and training setup. By the comprehensive taxonomy, different aspects of interactive training are considered. This can help trainings to improve and to be established successfully. The provided taxonomy is extendable and can be used in further application areas as research on new security technologies.