Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Forums it-sa Expo Knowledge Forum D

Freedom of Forking: Digital sovereignty with customised open source solutions

Open Source ist ein Ökosystem mit eigenen Spielregeln, die digitale Souveränität fördern. Ein Beispiel hierfür ist das Projekt eduMFA.

calendar_today Tue, 22.10.2024, 11:30 - 11:45

event_available On site

place Forum, Booth 7A-106

Action Video

south_east

Action description

south_east

Speaker

south_east

Themes

Data protection / GDPR Identity and access management

Key Facts

  • Open Source ist ein wichtiger Enabler Digitaler Souveränität
  • IT Security erfordert Flexibilität, Open Source bringt sie
  • Der Fork eduMFA macht eine Interessensgemeinschaft souverän

Event

This action is part of the event Forums it-sa Expo

Action Video

grafischer Background
close

This video is available to the it-sa 365 community. 
Please register or log in with your login data.

Action description

Digital sovereignty is a key topic today, also in the context of digitalisation in business and administration, which is only progressing slowly in Germany. Open source software is a key driver in making users and organisations more digitally sovereign. With Open source urgently needed features do not depend on the goodwill of the manufacturer, but can be actively incorporated into the code through in-house development or by commissioning external service providers. In addition, open source software can be self-operated on resources that do not raise data protection concerns.

Open source not only means that software can be used free of licence fees, but also makes it possible to develop new features and incorporate them into the distribution. If the maintainer of the software is not willing to include new features in the distribution, it is possible to create a fork of the software and then develop it further independently. This ends any dependence on the previous developers. However, such a step should be carefully considered, as software maintenance is an ongoing task: with new operating system versions or new versions of the libraries on which the software is based, the software must at least be tested and often adapted accordingly. A responsible maintainer (which you have automatically become through the fork) must also ensure that any security issues discovered are fixed. Lastly, there will always be a need to integrate new functionalities into the software. Ideally, a fork should therefore be supported by a strong group of users.

One example of a successful fork is eduMFA. The software was created by a group of universities and research-related institutions. Due to increasing numbers of attacks, such as ransomware, universities feel obliged to introduce multi-factor authentication (MFA) comprehensively (including for students). When implemented correctly, MFA significantly increases the security of sensitive IT environments. As several academic institutions in Germany have focussed on different integration scenarios, a fork of the open source software privacyIDEA was created on the initiative of the Freie Universität Berlin and Munich University of Applied Sciences. The group supporting this fork also includes three research-related service providers who offer commercial support for this fork. The decision in favour of open source was also made because of the associated high quality in terms of security and data protection, as anyone can view the source code and ‘security through obscurity’ is therefore not possible.

It is planned that the interested research institutions will organise as an association or a cooperative in order to finance software maintenance through respective membership fees. Future releases will be planned and developed in an open project group. A first important feature, a standard-compliant implementation of passkeys, which enables among other things usernameless authentication, has already been developed to production readiness.

The presentation shows how interestgroups can successfully become digitally sovereign. What applies to university consortia also applies to many other communities with same requirements, especially in the public sector. Due to legislation, there is increased pressure to digitalise here, which is why an open source solution that guarantees digital sovereignty offers the best prerequisite.
... read more

Downloads

Language: German

Questions and Answers: No

close

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.