In September 2012, Internet2 received a two-year grant from the US National Institute of Standards and Technology (NIST) for the first year of a two-year project to work with the research and education community to build privacy infrastructure and tools to help individuals preserve their privacy and strengthen the nation's identity ecosystem, in support of the National Strategy for Trusted Identities in Cyberspace (NSTIC).
Internet2's partners include the Carnegie Mellon and Brown University computer science departments, University of Texas, the Massachusetts Institute of Technology, and the University of Utah. (Internet2 Press release: 20-September-2012)
The consistent and robust privacy infrastructure planned includes common attributes; user-effective privacy managers; anonymous credentials; Internet2's InCommon Identity Federation service; and encourages the use of multi-factor authentication and other technologies.
How It All Fits Together
- A user, in their context as a university student, uses a privacy manager to release their institutional affiliation to student discount services
- A user with vision impairment can look at job ads properly without revealing their impairment.
- A user, in their context as a citizen, uses a privacy manager to release sufficient residence information that allows them to then anonymously post to the neighborhood-only wiki.
- A user, in their context as a consumer, uses a privacy manager to manage the release of preferences (e.g. zip code, preferred language, etc.) to customize commercial services while preserving privacy
- A user, in their context as a worker, uses a privacy manager to release anonymous credentials (such as security clearances and personal medical information) to third party contractors.
- A parent uses a privacy manager to manage their children's on-line privileges to COPPA compliant applications
- Promotion of two-factor authentication
- Good privacy begins with good security
- Schema for common use
- A user-manageable but broadly useful set of attributes
- Privacy managers
- For users to control the release of attributes
- Putting the "informed" into informed consent
- Implementing anonymous credentials at scale
- Engineering into infrastructure privacy protecting technologies
- Metadata strategies to support the above
- Significant pilots and testbeds
- Several policy initiatives
- Any new and good technology presents major policy issues
Development of this software was supported with funding from the National Institute of Standards and Technology (NIST). Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the NIST.