NSTIC has very ambitious privacy goals. Today’s third-party login solutions do not come close to meeting them. Privacy-enhancing technologies that could meet them have yet to be deployed successfully. And Facebook’s social login is preempting the password-reduction benefit of NSTIC while severely reducing privacy. Can NSTIC succeed?
We believe that the key to success is to build privacy-enhancing technologies into the fabric of the Web, so that little effort is required of users, relying parties, identity providers and social sites to take advantage of them. In the white paper
we propose an NSTIC architecture based on extensions of two core protocols of the Web, TLS and HTTP, and we describe a range of use cases to show how it meets the goals of NSTIC.
The paper is still a first draft, and we hope you’ll help us improve it by leaving your comments below.