Child pages
  • NISTIR 8112 Attribute Metadata community review
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Overview

This is the home for the Kantara-convened community discussion on NISTIR 8112 Attribute Metadata public draft.

 

Links

Public Draft Open for Comments: https://pages.nist.gov/NISTIR-8112/

HTML rendering of current document version: https://pages.nist.gov/NISTIR-8112/NISTIR-8112.html

github repo: https://github.com/usnistgov/NISTIR-8112

 

Questions posed by NIST:

Some specific questions we are interested in answering both in the short and long term include:

  • Does this bring value to federated scenarios and identity solutions?
  • Would your community or organization profile this schema to support a specific solution or sector?
  • Is the body of attribute and attribute value metadata complete? What is missing? What should be removed?
  • Is the categorization adequate and complete? Did we miss anything that is critical to improve trust and confidence in decision making based on federated attributes?
  • Is trust-time vs. run-time sufficiently considered? Should the defined attribute metadata be shifted among these two lifecycle phases?
  • Is the delineation between attribute and attribute value metadata clear and are both required in this schema?
  • Is level of effort required to integrate and leverage the schema commensurate with the value of the schema?
  • Does the addition of the metadata negatively impact performance of systems?

 

Meeting Notes

2016-09-08

Agenda

ItemGoal
IntroductionsIntroductions
Overview of NISTIR 8112 review DGContext
Overview of NIST 'github' comment processContext
Discussion of DG schedule and planConsensus on approach and plan
High level review of NISTIR 8112 document (time permitting) 
Adjourn meeting 

 

Notes

  • Andrew gave an overview of the process and expected outcomes of this process
  • Note that the document is an NIST IR not a Special Publication
  • Note that the attribute values for classifications is specific to US Government - but there should also be either flexible value sets for commercial purposes
  • The community encourages NIST to focus on the metadata of broadest applicability before metadata that is very specific to particular use cases
    • For example: metadata for a Trust Mark or metadata for LOA would be most useful to industry at first
  • Note that NISTIR for "Verification Method" values does not precisely match the processes outlined in SP 800-63-3
  • Note that the NISTIR deals with attributes for Authorization and Access Control rather than authentication
  • Must check if the NISTIR deals with the full range of Attributes about individuals - the "Verification Method" values appear to deal with documented attributes only, not with observed attributes
  • Must discuss the range of metadata elements in the list - is it complete? or too much? There are some elements that appear to be implementation specific
  • Must examine the concept of "trust time" v "transaction time"
    • Is the concept described in the NISTIR the same or different from the "Federation / Assertion" concept described in 800-63-3C

 

  • No labels