...
- Dial-in Details
- Skype: +99051000000481
- US Dial-In: +1-805-309-2350
- Conference ID: 613-2898
Meeting Notes
2016-09-15
Agenda
Item | Goal |
---|---|
Roll call | |
Discuss scope section | |
Discuss
| |
Begin discussion on
| |
Adjourn meeting |
Notes
2016-09-08
Agenda
Item | Goal |
---|---|
Introductions | Introductions |
Overview of NISTIR 8112 review DG | Context |
Overview of NIST 'github' comment process | Context |
Discussion of DG schedule and plan | Consensus on approach and plan |
High level review of NISTIR 8112 document (time permitting) | |
Adjourn meeting |
Notes
- Andrew gave an overview of the process and expected outcomes of this process
- Note that the document is an NIST IR not a Special Publication
- Note that the attribute values for classifications is specific to US Government - but there should also be either flexible value sets for commercial purposes
- The community encourages NIST to focus on the metadata of broadest applicability before metadata that is very specific to particular use cases
- For example: metadata for a Trust Mark or metadata for LOA would be most useful to industry at first
- Note that NISTIR for "Verification Method" values does not precisely match the processes outlined in SP 800-63-3
- Note that the NISTIR deals with attributes for Authorization and Access Control rather than authentication
- Must check if the NISTIR deals with the full range of Attributes about individuals - the "Verification Method" values appear to deal with documented attributes only, not with observed attributes
- Must discuss the range of metadata elements in the list - is it complete? or too much? There are some elements that appear to be implementation specific
- Must examine the concept of "trust time" v "transaction time"
- Is the concept described in the NISTIR the same or different from the "Federation / Assertion" concept described in 800-63-3C
...