Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

The Attribute Metadata NISTIR “implementers’ draft” is now ready for public comment!

Following the “Applying Measurement Science in the Identity Ecosystem” workshop, we heard that attendees wanted a more complete treatment of attribute metadata. So we took the attribute metadata whitepaper we released in the winter, feedback from the workshop, and additional input from a few helpful folks in the community and developed NIST Internal Report 8112. This public draft is hot off the press and is now open for comments…and we want to hear from you! What is NISTIR 8112 about? NISTIR 8112 defines a schema for a range of metadata for a subject’s attributes, which is intended to give relying parties (RPs) greater insight into the attributes that are used to make critical business decisions. As a result, RPs can examine this metadata and determine if they have the requisite confidence in the attribute value before they make an authorization decision. The schema in this NISTIR is important because it may ultimately have impacts on the technologies agencies utilize to accept identity assertions (and to process authorization policy decisions). Why a NISTIR and not a Special Publication? We’re treating this NISTIR like an “implementers’ draft;” this is a common approach that is used in the development lifecycle of many private sector standards and specifications before finalization. While comments during the public review are a big part of the document improvement process, your lessons learned and experiences from actual implementations are especially important to us. We want to know that this is implementable, so closing the comment period after 60 days or going right into a Special Publication (SP) didn’t make sense. Plus, once we better understand the strengths and shortcomings based on a deployed solution, we can convert this to an SP, keep it as a NISTIR, or submit it directly to a standards development organization. We want the community to be part of that decision.                                              How do I provide feedback? Based on support we’ve received from the community, we will be using GitHub for draft updates and accepting stakeholder comments (find details on how to submit a comment on GitHub here). We encourage all commenters, including organizations of all kinds, to participate. While we prefer to receive comments via GitHub, comments in other formats can be sent to NSTICworkshop [at] nist.gov. The open comment period will run from August 1 to September 30, 2016, though the document will remain open on GitHub beyond the 60-day timeframe to encourage continuous engagement from those putting the schema into practice. We look forward to your comments and contributions to establish greater trust and interoperability for attributes in the Identity Ecosystem…and we appreciate your support! Public draft: available here Twitter: @NSTICnpo

Comments

Add new comment

  • This question is for testing whether or not you are a human visitor and to prevent automated spam submissions. Image CAPTCHA
    Enter the characters shown in the image.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Posts that violate our comment policy will not be posted.