Date Published: July 9, 2019
Email Questions to:
, , , ,
Traditional identity management has typically involved the storing of user credentials (e.g., passwords) by organizations and third parties, which often results in concerns over interoperability, security, and privacy. However, a possible solution has emerged through the use of blockchain technology to create novel identity management approaches with built-in control and consent mechanisms. This can potentially transform data governance and ownership models by enabling users to control their data and share select personal information, while helping businesses streamline operations by relying on verified user information without having to maintain the infrastructure themselves.
This Draft NIST Cybersecurity White Paper provides an overview of the standards, building blocks, and system architectures that support emerging blockchain-based identity management systems and selective disclosure mechanisms. The document considers the full spectrum of top-down versus bottom-up governance models for both identifier and credential management and addresses some of the risks and security concerns that may arise. The terminology, concepts, properties, and architectures introduced in this work can facilitate understanding and communications amongst business owners, software developers, cybersecurity professionals within an organization, and individuals who are or will be using such systems.
When submitting your comments, we encourage you to use our comment template.
Keywords blockchain; credential; data ownership; decentralized identifier; distributed ledger; identity management; public key infrastructure; self-sovereign identity; smart contract; user-controlled identity wallet; zero-knowledge proof