The National Cybersecurity Center of Excellence, in partnership with the National Strategy for Trusted Identities in Cyberspace National Program Office, have launched a project designed to embed privacy and security measures into identity broker solutions.

What is an identity broker? It is a third-party service provider that companies use to manage its multiple third-party credentialing options. This means that individuals can use logins across sites and be authenticated. So you can use your Facebook login credentials to access your account with a Facebook partner, such as Amazon.

It is pretty difficult for companies to manage all of these login credentials, which is where identity brokers come in. They manage those credentials options for companies.

The project will “examine how commercially available privacy-enhancing technologies can be integrated into identity broker solutions.” The document, called “Privacy-Enhanced Identity Brokers,” describes the “technical challenges faced when attempting to add privacy-enhancing technologies to existing products or services, and the technical controls needed to address the privacy risks inherent in them.”

The comments generated will be used to develop an example solution and a practice guide.

Comments can be given via a web form from the NCCoE website or by email to petid-nccoe@nist.gov.