NIST releases NSTIC pilots solicitation
Federal efforts to build an online identity ecosystem moved forward Feb. 1 with a National Institute of Standards and Technology call for proposals for five to eight pilot projects lasting up to 2 years.
NIST manages a program known as the National Strategy for Trusted Identities in Cyberspace, which seeks to create a new web-based authentication methodology. NSTIC envisions the creation of two types of intermediaries that together would verify the identity and eligibility of an Internet user wishing to conduct a secure transaction, such as accessing sensitive information. Identity providers would provide a credential, such as a downloadable certificate, verifying that a person is who he says he is, while attribute providers would store characteristic information about that individual--things such as age.
In a federal funding opportunity (.pdf), NIST says it has money enough to make pilot project cooperative agreement awards worth between $1.25 million and $2 million annually. Among the barriers that have prevented robust identity management solutions from taking root so far that NIST says the pilot projects will explore options to overcome is a lack of common standards for privacy protection and data re-use.
NIST also wants pilot projects to address matters such as interoperability standards, liability in case of identity system failure and usability.
"I certainly like smart cards and one-time passwords, but the reality is a lot of folks in the consumer market completely rejected them," said Jeremy Grant, NIST senior executive advisor for identity management, while speaking the same day at an event put on by the Center for Strategic and International Studies in Washington, D.C.
NSTIC, he said, is not an attempt to abolish privacy on the Internet.
"The government has no problem with dogs on the Internet. In fact, dogs on the Internet are often a great thing," he said.
Rather, NSTIC is meant to boost confidence in identity assertions when needed for sensitive transactions, Grant said.
Among the technologies NIST says it could fund are "identity exchange hubs that can quickly validate and process strong credentials" and solution that show interoperability between technologies such as smart cards, one-time passwords, or digital certificates.
Commercial and non-profit organizations, as well as state and local governments are eligible to submit proposals, the funding opportunity says. NIST plans to hold a proposer's conference on Feb. 15; proposals are due on March 7.