Anil John
Making Digital Services Secure and Trustworthy

Anil John

Credential Manager in the Token and Attribute Manager Separation Model

 Share  Print  Email

Since my original blog post on the Token-Attribute Separation Model, I have explored if NIST SP800-63-1 can support such a model, as well as the role of anonymity in the model. In this blog post, I make a slight terminology update to one of the roles to reflect current thinking.

The minor terminology update is the renaming of the Token-Identity Link Record Manager to simply Credential Manager. The reasons are rather simple: (1) it is an unwieldy mouthful and (2) the definition of a Token-Identity Link Record, which it manages, fits the definition of Credential.

The interest and conversations on this topic continues to grow and I would point to the work that Andrew Hughes is leading as part of the Kantara IAWG. As I mentioned before, the model that I posted was based on the work that Andrew and others had done originally, and it is good to see it continuing.

In addition, the NSTIC NPO had a blog post yesterday about terminology considerations for NSTIC pilots. While I don’t fully agree with some of the terms used, it is good that the conversation is starting in the IDESG as well.

Hopefully all these separate conversations will come together.

By the way, the “Token and Attribute Manager Separation Model” is a long phrase as well. If you have a suggestion for a short, catchy but descriptive term to replace it, please leave it in the comments.

RELATED INFO



This blog post first appeared on Anil John | Blog (https://blog.aniljohn.com). The opinions expressed here are my own and do not represent my employer’s view in any way.

Topic(s):
By on |

Continue The Conversation ...

I would love to know your thoughts on this blog post.
Meet me over on Mastodon to join the conversation!

I am a public interest technologist. I help organizations and leaders make digital services secure and trustworthy.
Learn more »