The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has awarded a pilot grant to the Georgia Tech Research Institute (GTRI) in support of the National Strategy for Trusted Identities in Cyberspace (NSTIC).
NSTIC is a White House initiative to work collaboratively with the private sector, advocacy groups and public-sector agencies to catalyze an “Identity Ecosystem” in which technologies, policies and consensus-based standards support greater choice, trust, security and privacy when individuals, businesses and other organizations conduct sensitive transactions online.
Under the grant, GTRI will develop and demonstrate a trustmark framework that facilitates cost-effective scaling of interoperable trust across multiple Communities of Interest (COIs) within the Identity Ecosystem and enhances privacy through transparency and third-party validation. A trustmark is a rigorously defined, machine-readable statement of compliance with a specific set of technical or business/policy rules.
Trustmarks have the potential to enable wide-scale trust and interoperability within the Identity Ecosystem by helping to foster transparency and widespread operational convergence on the specific requirements for each dimension of interoperability, including communication protocols and profiles, cryptographic algorithms, business-level user attributes for access control and audit purposes, and various levels of policy such as privacy policies and practices.
Trustmarks can also reduce the complexity of the Identity Ecosystem’s trust landscape, and turn what would otherwise be a collection of poorly interconnected “federated identity siloes” into a more cohesive trust environment. In addition, trustmarks can enhance privacy within the Identity Ecosystem by helping COIs define clear, concise and rigorous privacy rules that participating agencies must follow.
The pilot project will leverage GTRI’s experience with the Federal Identity, Credentialing, and Access Management (FICAM), State Identity, Credentialing, and Access Management (SICAM), and Global Federated Identity and Privilege Management (GFIPM) standards.
It will also build upon the National Identity Exchange Federation (NIEF) (https://nief.gfipm.net/), an operational identity federation that GTRI has developed and manages on behalf of the U.S. Justice and Law Enforcement community. In implementing the pilot, GTRI plans to partner with the National Association of State Chief Information Officers (NASCIO), and one or more current NIEF member agencies, such as Los Angeles County and the Regional Information Sharing Systems (RISS).
“The NSTIC Identity Ecosystem vision is huge and can provide significant improvements in online security and trusted commerce. The challenge is to effectively engage and balance the large number of stakeholders and requirements within a scalable and agile Identity Ecosystem Framework that can thrive,” said John Wandelt, chief of the Information and Enterprise Architecture Division within GTRI’s Information and Communications Laboratory.
“GTRI and its partners are honored and excited about the opportunity to be a part of NIST’s important work and help provide solutions through NSTIC,” said Wandelt, who also serves as executive director of the National Identity Exchange Federation (NIEF).
The Georgia Tech Research Institute solves complex problems through innovative and customer focused research and education. Established in 1934, GTRI is Georgia Tech’s non-profit applied research arm with more than 1,700 staff, 17 locations, eight laboratories and annual contract awards exceeding $300 million. For more information, visit www.gtri.gatech.edu.
