Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 21 Next »

Attendees:

Voting Participants: Mark King, Mark Hapner, Richard Wilsher, Ken Dagg, Martin Smith

Non-voting participants: Tim Reiniger, Roger Quint, Pete Palmer

Staff: Colin Wallis, Ruth Puente

Quorum: 3 out of 5. There was quorum.


Agenda


1.Administration:
a.Roll Call
b.Agenda Confirmation
c.Minutes Approval 2021-03-18 DRAFT Minutes

2. Discussion

a. Review NISTIR 8344 (Ontology for Authentication) 
b. NIST open discussion issues in light of SP 800-63 rev.4.

3. Any Other Business



Minutes Approval

2021-03-18 Minutes were approved by motion. Moved: Mark Hapner. Seconded: Martin Smith. Unanimous Approval. 


Comments on NISTIR 8344 (continuation from last meeting) 

  • Link to the document: https://nvlpubs.nist.gov/nistpubs/ir/2021/NIST.IR.8344-draft.pdf 
  • Deadline to comment: April 9, 2021
  • Martin suggested that for identity context it would be better to use the term "reliance" instead of "trust". 
  • Martin commented that we should request the clarification of some of the base terms, such as accountability and trust and maybe provide examples regarding the definitions to avoid overlaps and confusion. In addition, Ken pointed out that we should ask why they didn't use existing standards definitions.
  • Ken said that the limit of the acceptable risk and the consequences for violating that risk are considered in a trust framework, so the parties can conduct business over the internet.
  • Richard pointed out that a trust framework is different from a federation. For instance, a credit card system is a federation where there are known players and known rules for playing; a closed group which you have to fulfil requirements to join. However, a trust framework is established without knowing who all the players are, but applicants go through a test and come out with some kind of positive flag called approval that shows that they've met certain requirements. 
  • The group agreed to ask NIST to define the terms of the relationships between those terms that would enable the establishment of a trust framework that can support the establishment of a federation or operation of the federation. It should also be pointed out that the terms are not sufficiently rigorously defined.


 NIST Open Discussion Issues regarding rev.4 


AoB 

  • Federation Agreement 



  • No labels