...

• Dial-in Details
• Skype: +99051000000481
• US Dial-In: +1-805-309-2350
• Conference ID: 613-2898

Meeting Notes

2016-09-29

Agenda

Notes

2016-09-15

Agenda

Notes

Scope

• Does this document address current technologies and architectures? For example, mobile devices may affect attribute metadata 
• The overall scenario of the use cases and the NISTIR itself appear to be well suited to law enforcement and national intelligence purposes rather than commercial or general public uses. Is this intentional?
  • The metadata described in section 3 would have to be expanded to cover more typical uses for general public uses.

2016-09-08

Agenda

Notes

• Andrew gave an overview of the process and expected outcomes of this process
• Note that the document is an NIST IR not a Special Publication
• Note that the attribute values for classifications is specific to US Government - but there should also be either flexible value sets for commercial purposes
• The community encourages NIST to focus on the metadata of broadest applicability before metadata that is very specific to particular use cases
  • For example: metadata for a Trust Mark or metadata for LOA would be most useful to industry at first
• Note that NISTIR for "Verification Method" values does not precisely match the processes outlined in SP 800-63-3
• Note that the NISTIR deals with attributes for Authorization and Access Control rather than authentication
• Must check if the NISTIR deals with the full range of Attributes about individuals - the "Verification Method" values appear to deal with documented attributes only, not with observed attributes
• Must discuss the range of metadata elements in the list - is it complete? or too much? There are some elements that appear to be implementation specific
• Must examine the concept of "trust time" v "transaction time"
  • Is the concept described in the NISTIR the same or different from the "Federation / Assertion" concept described in 800-63-3C

...