Child pages
  • NISTIR 8112 Attribute Metadata community review

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Andrew gave an overview of the process and expected outcomes of this process
  • Note that the document is an NIST IR not a Special Publication
  • Note that the attribute values for classifications is specific to US Government - but there should also be either flexible value sets for commercial purposes
  • The community encourages NIST to focus on the metadata of broadest applicability before metadata that is very specific to particular use cases
    • For example: metadata for a Trust Mark or metadata for LOA would be most useful to industry at first
  • Note that NISTIR for "Verification Method" values does not precisely match the processes outlined in SP 800-63-3
  • Note that the NISTIR deals with attributes for Authorization and Access Control rather than authentication
  • Must check if the NISTIR deals with the full range of Attributes about individuals - the "Verification Method" values appear to deal with documented attributes only, not with observed attributes
  • Must discuss the range of metadata elements in the list - is it complete? or too much? There are some elements that appear to be implementation specific
  • Must examine the concept of "trust time" v "transaction time"
    • Is the concept described in the NISTIR the same or different from the "Federation / Assertion" concept described in 800-63-3C

Reminders that everyone should create a github account and "Watch" the repo to get notifications. 


Next meeting: September 15 2017 15:00 Eastern Daylight time.