- Andrew gave an overview of the process and expected outcomes of this process
- Note that the document is an NIST IR not a Special Publication
- Note that the attribute values for classifications is specific to US Government - but there should also be either flexible value sets for commercial purposes
- The community encourages NIST to focus on the metadata of broadest applicability before metadata that is very specific to particular use cases
- For example: metadata for a Trust Mark or metadata for LOA would be most useful to industry at first
- Note that NISTIR for "Verification Method" values does not precisely match the processes outlined in SP 800-63-3
- Note that the NISTIR deals with attributes for Authorization and Access Control rather than authentication
- Must check if the NISTIR deals with the full range of Attributes about individuals - the "Verification Method" values appear to deal with documented attributes only, not with observed attributes
- Must discuss the range of metadata elements in the list - is it complete? or too much? There are some elements that appear to be implementation specific
- Must examine the concept of "trust time" v "transaction time"
- Is the concept described in the NISTIR the same or different from the "Federation / Assertion" concept described in 800-63-3C
Reminders that everyone should create a github account and "Watch" the repo to get notifications.
Next meeting: September 15 2017 15:00 Eastern Daylight time.