Since my original blog post on the Token-Attribute Separation Model, I have explored if NIST SP800-63-1 can support such a model, as well as the role of anonymity in the model. In this blog post, I make a slight terminology update to one of the roles to reflect current thinking.
The minor terminology update is the renaming of the Token-Identity Link Record Manager to simply Credential Manager. The reasons are rather simple: (1) it is an unwieldy mouthful and (2) the definition of a Token-Identity Link Record, which it manages, fits the definition of Credential.
The interest and conversations on this topic continues to grow and I would point to the work that Andrew Hughes is leading as part of the Kantara IAWG. As I mentioned before, the model that I posted was based on the work that Andrew and others had done originally, and it is good to see it continuing.
In addition, the NSTIC NPO had a blog post yesterday about terminology considerations for NSTIC pilots. While I don't fully agree with some of the terms used, it is good that the conversation is starting in the IDESG as well.
Hopefully all these separate conversations will come together.
By the way, the "Token and Attribute Manager Separation Model" is a long phrase as well. If you have a suggestion for a short, catchy but descriptive term to replace it, please leave it in the comments.
- A Model for Separating Token and Attribute Manager Functions
- Can NIST E-Authentication Guideline SP 800-63-1 Support a Token-Attribute Separation Model?
- Anonymity in the Token and Attribute Manager Separation Model
- Evolution of a Trusted Identity Model
- NSTIC Pilot Common Considerations: 1 – Terminology
Did you find this interesting? Don't miss any new posts. Sign up to automatically receive them now!
This blog post first appeared on Anil John | Blog (https://blog.aniljohn.com). The opinions expressed here are my own and do not represent my employer’s view in any way.