...
- Dial-in Details
- Skype: +99051000000481
- US Dial-In: +1-805-309-2350
- Conference ID: 613-2898
Meeting Notes
2016-09-29
Agenda
Item | Goal |
---|---|
Roll call | |
Discuss scope section | |
Discuss
| |
Begin discussion on
| |
Adjourn meeting |
Notes
No attendees on this call.
2016-09-15
Agenda
Item | Goal |
---|---|
Roll call | |
Discuss scope section | |
Discuss
| |
Begin discussion on
| |
Adjourn meeting |
Notes
Scope
- Does this document address current technologies and architectures? For example, mobile devices may affect attribute metadata
- The overall scenario of the use cases and the NISTIR itself appear to be well suited to law enforcement and national intelligence purposes rather than commercial or general public uses. Is this intentional?
- The metadata described in section 3 would have to be expanded to cover more typical uses for general public uses.
2016-09-08
Agenda
Item | Goal |
---|---|
Introductions | Introductions |
Overview of NISTIR 8112 review DG | Context |
Overview of NIST 'github' comment process | Context |
Discussion of DG schedule and plan | Consensus on approach and plan |
High level review of NISTIR 8112 document (time permitting) | |
Adjourn meeting |
Notes
- Andrew gave an overview of the process and expected outcomes of this process
- Note that the document is an NIST IR not a Special Publication
- Note that the attribute values for classifications is specific to US Government - but there should also be either flexible value sets for commercial purposes
- The community encourages NIST to focus on the metadata of broadest applicability before metadata that is very specific to particular use cases
- For example: metadata for a Trust Mark or metadata for LOA would be most useful to industry at first
- Note that NISTIR for "Verification Method" values does not precisely match the processes outlined in SP 800-63-3
- Note that the NISTIR deals with attributes for Authorization and Access Control rather than authentication
- Must check if the NISTIR deals with the full range of Attributes about individuals - the "Verification Method" values appear to deal with documented attributes only, not with observed attributes
- Must discuss the range of metadata elements in the list - is it complete? or too much? There are some elements that appear to be implementation specific
- Must examine the concept of "trust time" v "transaction time"
- Is the concept described in the NISTIR the same or different from the "Federation / Assertion" concept described in 800-63-3C
...