This page is ARCHIVED. Please visit https://www.nist.gov/identity-access-management for current information on NIST’s Identity and Access Management work.
10 March, 2016
Applied Cybersecurity Division
Information Technology Laboratory, NIST
The identity ecosystem has matured to the point where it is appropriate to undertake the work of building measurement science for application in the market—a critical step in further aiding expansion and innovation of the identity ecosystem. Building off of February’s workshop, NIST intends to delve more deeply into each of the topic areas: Strength of Identity Proofing, Strength of Authentication, and Attribute Metadata & Confidence.
This charter provides a high level understanding of the work which NIST’s Applied Cybersecurity Division will undertake to advance the standardization of federal attribute metadata and serve as an initial tool for collecting feedback around this proposed approach.
The purpose of this project will be to produce a NIST Internal Report (IR) that contains guidance for a schema on attribute metadata. The overall objective is to provide the foundation for cross boundary trust and interoperability of attributes used for access control. Ultimately, application of this schema is intended to promote greater government efficiency in federating access to protected resources.
NIST’s Applied Cybersecurity Division (ACD), of the Information Technology Laboratory (ITL) will undertake the development of a schema for attribute metadata. This document will identify and define the metadata elements essential to support cross agency confidence in attribute assertions as well as the semantics and syntax required to support interoperability. The schema is intended for use in unclassified federal systems, but is expected to be applicable in multiple security domains and industry sectors. The effort will focus on two classes of metadata:
The schema will be provided in an IR developed as an “implementer’s draft.” The intent behind this “implementer’s draft” is to rapidly provide a document to federal stakeholders that will identify agency and market viability, target improvement areas, produce lessons learned, and delineate a potential migration path to a Special Publication or standards development organization (SDO) contribution.
This IR will not address confidence scores for attributes. Given the effort that will be required to develop such a framework, NIST has determined to focus initial efforts on the metadata IR with a future NISTIRs envisioned to address confidence scoring.
This IR will be developed using an iterative approach that engages community stakeholders early and often during the drafting period—taking advantage of more frequent, but shorter comment periods to enable rapid production of the document. All processes will be conducted in a way that preserves and reflects NIST’s traditions of openness and transparency. The proposed phases are outlined below:
Throughout the course of this project, ACD intends to engage with a broad spectrum of different stakeholders. Those interested in engaging with, contributing to, and influencing this work should seek out opportunities in the following ways:
In addition to facilitating comments on the IR and its draft. ACD is also seeking input on the concepts and ideas proposed in this charter—we want to know if we are heading in the correct direction. Comments can be provided by emailing to NSTICworkshop [at] nist.gov.
Below are high level milestones, by phase for the development of the IR.