Following the “Applying Measurement Science in the Identity Ecosystem” workshop, we heard that attendees wanted a more complete treatment of attribute metadata. So we took the attribute metadata whitepaper we released in the winter, feedback from the workshop, and additional input from a few helpful folks in the community and developed NIST Internal Report 8112.
This public draft is hot off the press and is now open for comments…and we want to hear from you!
What is NISTIR 8112 about?
NISTIR 8112 defines a schema for a range of metadata for a subject’s attributes, which is intended to give relying parties (RPs) greater insight into the attributes that are used to make critical business decisions. As a result, RPs can examine this metadata and determine if they have the requisite confidence in the attribute value before they make an authorization decision. The schema in this NISTIR is important because it may ultimately have impacts on the technologies agencies utilize to accept identity assertions (and to process authorization policy decisions).
Why a NISTIR and not a Special Publication?
We’re treating this NISTIR like an “implementers’ draft;” this is a common approach that is used in the development lifecycle of many private sector standards and specifications before finalization. While comments during the public review are a big part of the document improvement process, your lessons learned and experiences from actual implementations are especially important to us. We want to know that this is implementable, so closing the comment period after 60 days or going right into a Special Publication (SP) didn’t make sense. Plus, once we better understand the strengths and shortcomings based on a deployed solution, we can convert this to an SP, keep it as a NISTIR, or submit it directly to a standards development organization. We want the community to be part of that decision.
How do I provide feedback?
Based on support we’ve received from the community, we will be using GitHub for draft updates and accepting stakeholder comments (find details on how to submit a comment on GitHub here). We encourage all commenters, including organizations of all kinds, to participate. While we prefer to receive comments via GitHub, comments in other formats can be sent to NSTICworkshop@nist.gov.
The open comment period will run from August 1 to September 30, 2016, though the document will remain open on GitHub beyond the 60-day timeframe to encourage continuous engagement from those putting the schema into practice. We look forward to your comments and contributions to establish greater trust and interoperability for attributes in the Identity Ecosystem…and we appreciate your support!
Public draft: available here