Date Published: July 9, 2019
Comments Due:
Email Questions to:
Author(s)
Loïc Lesavre (NIST), Priam Varin (NIST), Peter Mell (NIST), Michael Davidson (NIST), James Shook (NIST)
Announcement
Traditional identity management has typically involved the storing of user credentials (e.g., passwords) by organizations and third parties, which often results in concerns over interoperability, security, and privacy. However, a possible solution has emerged through the use of blockchain technology to create novel identity management approaches with built-in control and consent mechanisms. This can potentially transform data governance and ownership models by enabling users to control their data and share select personal information, while helping businesses streamline operations by relying on verified user information without having to maintain the infrastructure themselves.
This Draft NIST Cybersecurity White Paper provides an overview of the standards, building blocks, and system architectures that support emerging blockchain-based identity management systems and selective disclosure mechanisms. The document considers the full spectrum of top-down versus bottom-up governance models for both identifier and credential management and addresses some of the risks and security concerns that may arise. The terminology, concepts, properties, and architectures introduced in this work can facilitate understanding and communications amongst business owners, software developers, cybersecurity professionals within an organization, and individuals who are or will be using such systems.
When submitting your comments, we encourage you to use our comment template.
Identity management systems (IDMSs) are widely used to provision user identities while managing authentication, authorization, and data sharing both within organizations as well as on the Internet more broadly. Traditional identity systems typically suffer from single points of failure, lack of interoperability, and privacy issues such as encouraging mass data collection and user tracking. Blockchain technology has the potential to support novel data ownership and governance models with built-in control and consent mechanisms, which may benefit both users and businesses by alleviating these concerns; as a result, blockchain-based IDMSs are beginning to proliferate. This work categorizes these systems into a taxonomy based on differences in architecture, governance models, and other salient features. We provide context for the taxonomy by describing related terms, emerging standards, and use cases, while highlighting relevant security and privacy considerations.
Identity management systems (IDMSs) are widely used to provision user identities while managing authentication, authorization, and data sharing both within organizations as well as on the Internet more broadly. Traditional identity systems typically suffer from single points of failure, lack of...
See full abstract
Identity management systems (IDMSs) are widely used to provision user identities while managing authentication, authorization, and data sharing both within organizations as well as on the Internet more broadly. Traditional identity systems typically suffer from single points of failure, lack of interoperability, and privacy issues such as encouraging mass data collection and user tracking. Blockchain technology has the potential to support novel data ownership and governance models with built-in control and consent mechanisms, which may benefit both users and businesses by alleviating these concerns; as a result, blockchain-based IDMSs are beginning to proliferate. This work categorizes these systems into a taxonomy based on differences in architecture, governance models, and other salient features. We provide context for the taxonomy by describing related terms, emerging standards, and use cases, while highlighting relevant security and privacy considerations.
Hide full abstract
Keywords
blockchain; credential; data ownership; decentralized identifier; distributed ledger; identity management; public key infrastructure; self-sovereign identity; smart contract; user-controlled identity wallet; zero-knowledge proof
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
