Episode 151: Protecting privacy when reusing credentials
03 November, 2015
category: Corporate, Digital ID, Government
The National Institute of Standards and Technology (NIST) is behind a new project focused on protecting privacy and security when reusing credentials online. The National Cybersecurity Center of Excellence (NCCoE) is partnering with the National Strategy for Trusted Identities in Cyberspace National Program Office (NSTIC) to take comments on the project, which will examine how commercially available privacy-enhancing technologies may be integrated into identity broker solutions.
“What we want are better digital credentials that don’t have to rely on our using lots of different passwords at sites. However, while we’re building stronger credentials, we want to make sure that they don’t impinge on people’s privacy,” says Naomi Lefkovitz, senior privacy policy advisor for the Information Technology Laboratory at NIST. “That’s really what this project is about.”
Lefkovitz says the team is seeking a solution that enable an identity broker to coordinate the passage of credentials between the credential provider and the service provider anonymously, thereby protecting the privacy of the user.
“We’re looking at trying to improve the infrastructure around federated identity management. Although identity brokers can really help create some of that infrastructure that we really need, they also create potential for greater privacy risks,” Lefkovitz says. “Simultaneously, there’s often been talk about privacy enhancing technologies and if we could just get people to use privacy enhancing technologies, we could solve some of our privacy problems.”
Specifically, the NCCoE is seeking comments on a draft document titled Privacy-Enhanced Identity Brokers. It lays out the challenges and potential solutions surrounding the project. Lefkovitz talked with Regarding ID’s Gina Jordan about the project, which will ultimately yield a practice guide from NIST.
