Child pages
  • NISTIR 8112 Attribute Metadata community review

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Overview of NISTIR 8112 review DGContext
Overview of NIST 'github' comment processContext
Discussion of DG schedule and planConsensus on approach and plan
High level review of NISTIR 8112 document (time permitting) 
Adjourn meeting 





  • Andrew gave an overview of the process and expected outcomes of this process
  • Note that the document is an NIST IR not a Special Publication
  • Note that the attribute values for classifications is specific to US Government - but there should also be either flexible value sets for commercial purposes
  • The community encourages NIST to focus on the metadata of broadest applicability before metadata that is very specific to particular use cases
    • For example: metadata for a Trust Mark or metadata for LOA would be most useful to industry at first
  • Note that NISTIR for "Verification Method" values does not precisely match the processes outlined in SP 800-63-3
  • Note that the NISTIR deals with attributes for Authorization and Access Control rather than authentication
  • Must check if the NISTIR deals with the full range of Attributes about individuals - the "Verification Method" values appear to deal with documented attributes only, not with observed attributes
  • Must discuss the range of metadata elements in the list - is it complete? or too much? There are some elements that appear to be implementation specific
  • Must examine the concept of "trust time" v "transaction time"
    • Is the concept described in the NISTIR the same or different from the "Federation / Assertion" concept described in 800-63-3C