...
- Link to the document: https://nvlpubs.nist.gov/nistpubs/ir/2021/NIST.IR.8344-draft.pdf
- Deadline to comment: April 9, 2021
- Martin suggested that for identity context it would be better to use the term "reliance" instead of "trust".
- Martin commented that we should request the clarification of some of the base terms, such as accountability and trust and maybe provide examples regarding the definitions to avoid overlaps and confusion. In addition, Ken pointed out that we should ask why they didn't use existing standards definitions.
- Ken said that the limit of the acceptable risk and the consequences for violating that risk are considered in a trust framework, so the parties can conduct business over the internet.
- Richard pointed out that a trust framework is different from a federation. For instance, a credit card system is a federation where there are known players and known rules for playing; a closed group which you have to fulfil requirements to join. However, a trust framework is established without knowing who all the players are, but applicants go through a test and come out with some kind of positive flag called approval that shows that they've met certain requirements.
- The group agreed to ask NIST to define the terms of the relationships between those terms that would enable the establishment of a trust framework that can support the establishment of a federation or operation of the federation. It should also be pointed out that the terms are not sufficiently rigorously defined.
- Ken will provide a draft of the final comments next week.
NIST Open Discussion Issues regarding rev.4
...