Hacker News new | past | comments | ask | show | jobs | submit login
Request for Comments: Privacy-Enhanced Identity Brokers (nist.gov)
1 point by mazsa on Nov 5, 2015 | hide | past | favorite | 1 comment



The deadline for comments is December 18, 2015.

Summary

As enterprises move more services online, many have given customers the option to use third-party credentials to access their services, rather then asking them to create and manage a new accounts. For example, you can use your social media account login to access your fitness tracker account. In effect, the social media company is vouching that the same person is logging in each time they access the tracker website.

Allowing third-party credentials are beneficial to businesses because it saves them time and resources in managing identities. For users, the benefit comes from not having another username, password, or a second-factor credential to manage and remember.

While these arrangements are becoming more common, organizations are finding it a time-consuming task to manage each relationship, or third-party integration. The dominant solution is a service called brokered identity management in which “identity brokers” manage the integration relationships between organizations and credential providers. Organizations can use an identity broker to manage multiple third-party credentialing options instead of having to manage each separately. However, for users, there is a concern that these connections create the opportunity for a breach, or exposure of personal information, as well as for the broker to track a user’s online activity.

The “Privacy-Enhanced Identity Brokers” project will examine how privacy-enhancing technologies, leveraging market-dominant standards, can be integrated into identity broker solutions to meet the privacy objectives of users and organizations. This project is a joint effort between the NCCoE and the National Strategy for Trusted Identities in Cyberspace National Program Office (NSTIC NPO).

Ultimately, this project will result in a NIST Cybersecurity Practice Guide, a publicly available description of the practical steps needed to implement a cybersecurity reference design.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: