If my security policy from a privacy perspective does not allow one to use PKI due to linkage, how would I randomize the authentication assertions from various governmental program areas? The privacy legislation does not allow one to have linkages along the lines of a SPKI environment. How would one introduce entropy into the token with PKI to get around the privacy concerns?
The more secure the procedure, the more invasive to privacy. While PKI and privacy issues have been the most debated and published topics, there still lies confusion. Several SIG's are working with federal agencies in this area. One of the recommendations is to get a Privacy Impact Assessment done to clearly identify the information leakages. Further, in order to avoid the privacy issues, implement pseudonyms or basically pseudonym identifiers for users and map the same to attributes that can be validated. Since, this can't be explained in few lines, it would be better to direct you to the knowledgebase.
These papers will give you enough information on PKI as it relates to privacy issue and also outlines the proposed solutions and assertion mechanisms:
PKI assertion issues and proposed alternatives
Federal PKI initiative
Authentication and introduction of entropy in PKI
Dig deeper on Network Security Best Practices and Products
To view network security expert Puneet Mehta's latest advice, see his Public Profile on the IT Knowledge Exchange: http://...continue reading
Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ...continue reading
Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.