[DG-IDoT] FW: [WG-UMA] NIST Seeks Comments on New Project Aimed at Protecting Privacy Online

Salvatore D'Agostino sal at idmachines.com
Fri Nov 6 09:32:23 CST 2015

What Scott mentioned..  Good point.


From: wg-uma-bounces at kantarainitiative.org
[mailto:wg-uma-bounces at kantarainitiative.org] On Behalf Of Eve Maler
Sent: Thursday, October 29, 2015 2:24 AM
To: Mark Dobrinic
Cc: wg-uma at kantarainitiative.org UMA
Subject: Re: [WG-UMA] NIST Seeks Comments on New Project Aimed at Protecting
Privacy Online


Okay, I'll be the contrarian, just for fun.


As I commented to a couple of people regarding the relatively recent
academic paper Toward Mending Two Nation-Scale Brokered Identification
<http://www0.cs.ucl.ac.uk/staff/G.Danezis/papers/popets15-brokid.pdf> ,
everything is tradeoffs. And it's arguable that the governments in those
cases made the operationally and more citizen-acceptable tradeoff for
privacy vs. what the researchers recommended.


Quoting/paraphrasing myself from previous threads on this topic:


I suspected from a brief article
s>  on the subject that the reporter probably had trouble divining exactly
what the problem with the FCCX and UK.Gov Verify systems actually was, since
it wasn't explained at all, nor what the proposed solution was... and it's
all extremely subtle. And I'm not even seeing a huge outcry or even all that
much gov followup/panicked defense after.


The researchers found a limitation in the tradeoff choice that the FCCX and
UK.Gov Verify system designers made. This tradeoff prizes the ability for
the user to use an online service ("relying party") and an identity
provider, free from worrying that the two will discover who the other is,
over the perfect ability for a pseudonymous identifier and attributes
representing the user to pass unseen through the broker in the middle (the
broker makes this "service blinding" possible). The researchers propose some
clever encryption tricks to guard against the broker seeing things, and go
further and propose a new user-chosen "identity integration" service that
could handle the tricks. Given that brokered systems, and the "older"
protocols such as SAML already in use, and the encryption tricks they
suggest, and user interfaces that force users to choose services, are all
considered extremely heavyweight and expensive in various ways, I give the
researchers' suggestions a nil chance of succeeding in the current
environment. And given that users have a variety of incentives to share
enough attributes in everyday circumstances to routinely become identifiable
(Latanya Sweeney's research in particular is famous for discovering these
properties), it's very questionable whether the researchers' preference for
tradeoffs vs. the nations' preference is the correct one.

On 25 Oct 2015, at 7:49 AM, Mark Dobrinic <mdobrinic at cozmanova.com> wrote:

Yes, that.

Always looking at privacy from linkablility and anonymity perspectives.
An Identity Broker with privacy in mind has the responsibility to
protect those properties. Through policy, but also some funky
cryptography could be applied to assist there.

But yeah, in the end they have the potential to only make things worse
from a privacy point of view, and not better.



On 24/10/15 08:24, Justin Richer wrote:

My view on this remains "to increase privacy get rid of brokers". A full
mesh SAML or PKI federation is untenable, so that's why we've deployed
brokers in the past. But OIDC, with dynamic client registration and
server discovery, is built for this. I believe wee need to move towards
this model.

Is anyone interested in writing up a response to that effect with me?
Perhaps we could run a session on it at IIW this week for those of us
that will be there (including myself).

- Justin

On Oct 23, 2015, at 8:29 AM, Andrew Hughes <andrewhughes3000 at gmail.com
<mailto:andrewhughes3000 at gmail.com>> wrote:

Hi UMAnitarians - not sure if you've seen this notice yet

I'm vice-chair of IAWG & we are probably going to assemble comments on

"Privacy-Enhanced Identity Brokers" 

Comments to inform a new collaborative project & eventual 1800 series
Practice Guide at the NIST NCCoE

Due 18 December


*Andrew Hughes *CISM CISSP 
Independent Consultant
*In Turn Information Management Consulting*

o  +1 650.209.7542 <tel:%2B1%20650.209.7542>
m +1 250.888.9474 <tel:%2B1%20250.888.9474>
1249 Palmer Road,
Victoria, BC V8P 2H8
AndrewHughes3000 at gmail.com <mailto:AndrewHughes3000 at gmail.com> 
*Identity Management | IT Governance | Information Security *

WG-UMA mailing list
WG-UMA at kantarainitiative.org <mailto:WG-UMA at kantarainitiative.org>

WG-UMA mailing list
WG-UMA at kantarainitiative.org

WG-UMA mailing list
WG-UMA at kantarainitiative.org


Eve Maler | cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl |
Calendar: xmlgrrl at gmail.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/dg-idot/attachments/20151106/ddce2b17/attachment-0001.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00051.txt
URL: <http://kantarainitiative.org/pipermail/dg-idot/attachments/20151106/ddce2b17/attachment-0001.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4839 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/dg-idot/attachments/20151106/ddce2b17/attachment-0001.bin>

More information about the DG-IDoT mailing list