The National Institute of Standards and Technology (NIST) is behind a new project focused on protecting privacy and security when reusing credentials online. The National Cybersecurity Center of Excellence (NCCoE) is partnering with the National Strategy for Trusted Identities in Cyberspace National Program Office (NSTIC) to take comments on the project, which will examine how commercially available privacy-enhancing technologies may be integrated into identity broker solutions.
Lefkovitz says the team is seeking a solution that enable an identity broker to coordinate the passage of credentials between the credential provider and the service provider anonymously, thereby protecting the privacy of the user.
“We’re looking at trying to improve the infrastructure around federated identity management. Although identity brokers can really help create some of that infrastructure that we really need, they also create potential for greater privacy risks,” Lefkovitz says. “Simultaneously, there’s often been talk about privacy enhancing technologies and if we could just get people to use privacy enhancing technologies, we could solve some of our privacy problems.”
Specifically, the NCCoE is seeking comments on a draft document titled Privacy-Enhanced Identity Brokers. It lays out the challenges and potential solutions surrounding the project. Lefkovitz talked with Regarding ID’s Gina Jordan about the project, which will ultimately yield a practice guide from NIST.