Google Play icon

NIST Seeks Comments on New Project Aimed at Protecting Privacy Online

Posted October 23, 2015

The National Cybersecurity Center of Excellence (NCCoE), in partnership with the National Strategy for Trusted Identities in Cyberspace National Program Office, is seeking comments on a new project focused on protecting privacy and security when reusing credentials at multiple online service providers.

Many organizations now allow online customers to use third-party credentials to create and manage accounts and services. For example, your social media account login can be used to access your fitness tracker account. In effect, the social media company is vouching for you with the tracker company.

Allowing third-party credentials saves businesses time and resources in managing identities. For users, the benefit comes from not having yet another username and password to manage and remember.

As these arrangements become more common, a growing number of organizations are laboring to manage—and integrate—each third-party relationship. So now a new service, called brokered identity management, has emerged. Organizations can engage identity brokers to manage multiple third-party credentialing options on their behalf.

The benefits to organizations and individuals are significant, but there is also a concern that these connections meant to improve security can create opportunities for increased tracking of users.

This new collaborative project will examine how commercially available privacy-enhancing technologies can be integrated into identity broker solutions. The NCCoE is seeking comments on a draft document that describes a potential “building block”—one of a series of solutions that address cybersecurity concerns for multiple industry sectors. The document, Privacy-Enhanced Identity Brokers, describes the technical challenges of adding privacy-enhancing technologies to existing products or services, and the technical controls needed to address the privacy risks inherent in them.

Feedback from businesses and the public will inform the project and solution development. This will ultimately result in an 1800-series NIST Cybersecurity Practice Guide that will demonstrate the example solution and provide all the information necessary to replicate the reference design.

The NCCoE addresses businesses’ most pressing cybersecurity problems with practical, standards-based solutions using commercially available technologies. The center collaborates with industry, academic and government experts to build modular, open, end-to-end reference designs that are broadly applicable and repeatable.

The document can be viewed on the NCCoE website. Comments should be submitted to via a web form or to [email protected] by Dec. 18, 2015.

Source: NIST

Featured news from related categories:

Technology Org App
Google Play icon
85,413 science & technology articles

Most Popular Articles

  1. New treatment may reverse celiac disease (October 22, 2019)
  2. "Helical Engine" Proposed by NASA Engineer could Reach 99% the Speed of Light. But could it, really? (October 17, 2019)
  3. New Class of Painkillers Offers all the Benefits of Opioids, Minus the Side Effects and Addictiveness (October 16, 2019)
  4. The World's Energy Storage Powerhouse (November 1, 2019)
  5. Plastic waste may be headed for the microwave (October 18, 2019)

Follow us

Facebook   Twitter   Pinterest   Tumblr   RSS   Newsletter via Email