Attendees:
Voting Participants: Mark King, Mark Hapner, Richard Wilsher, Ken Dagg, Martin Smith
Non-voting participants: Tim Reiniger, Roger Quint, Pete Palmer
Staff: Colin Wallis, Ruth Puente
Quorum: 3 out of 5. There was quorum.
Agenda
1.Administration:
a.Roll Call
b.Agenda Confirmation
c.Minutes Approval 2021-03-18 DRAFT Minutes
2. Discussion
a. Review NISTIR 8344 (Ontology for Authentication)
b. NIST open discussion issues in light of SP 800-63 rev.4.
3. Any Other Business
Minutes Approval
2021-03-18 Minutes were approved by motion. Moved: Mark Hapner. Seconded: Martin Smith. Unanimous Approval.
Comments on NISTIR 8344 (continuation)
- Link to the document: https://nvlpubs.nist.gov/nistpubs/ir/2021/NIST.IR.8344-draft.pdf
- Deadline to comment: April 9, 2021
- Martin suggested that for identity context it would be better to use the term "reliance" instead of "trust".
- Martin commented that we should request the clarification of some of the base terms, such as accountability and trust and maybe provide examples regarding the definitions to avoid overlaps and confusion. In addition, Ken pointed out that we should ask why they didn't use existing standards definitions.
- Ken said that the limit of the acceptable risk and the consequences for violating that risk are considered in a trust framework, so the parties can conduct business over the internet.
- Richard pointed out that a trust framework is different from a federation. For instance, a credit card system is a federation where there are known players and known rules for playing; a closed group which you have to fulfil requirements to join. However, a trust framework is established without knowing who all the players are, but applicants go through a test and come out with some kind of positive flag called approval that shows that they've met certain requirements.
NIST Open Discussion Issues regarding rev.4
- Link to the list of open discussion issues: https://github.com/usnistgov/800-63-4/issues
- Deadline to comment: May 15, 2021
AoB
- Federation Agreement