DRAFT NIST Interagency Report (NISTIR) 8149, Developing Trust Frameworks to Support Identity Federations is now available for public comment.
More and more, online service providers are struggling to find secure ways of verifying that their consumers are who they say they are while, at the same time, protecting their users' privacy. Some communities and organizations, that share common user bases and transaction types, are choosing to address these challenges by allowing their users to access multiple services through common login credentials. This approach -- known as federated identity management -- enables users to access multiple online organizations and services through shared authentication processes (instead of authenticating separately to each and every service provider).
This document provides an informational look at trust frameworks and explains what they are, what their components are, and how they relate to the concept of identity federation. In Draft NISTIR 8149, Developing Trust Frameworks to Support Identity Federations, NIST aims to educate communities that are interested in pursuing federated identity management, and provide a resource for them as they create the agreements and other components that will make up their trust frameworks. It includes guidance on determining roles in an identity federation, on what to consider from a legal standpoint, and on understanding the importance of establishing and recognizing conformance. Additionally, this document is intended to standardize the language around identity federation and trust frameworks in order to promote their widespread adoption.