NISTIR 8112 proposes attribute schema metadata and attribute value metadata to convey the information about a subject’s attribute(s) to allow for a relying party (RP) to make better business decisions when evaluating attributes asserted by 3rd parties. The NISTIR defines a set of optional elements of an attribute metadata schema to support cross-organization decision making in attribute assertions as well as the semantics and syntax required to support interoperability.
This presentation will provide a greater understanding of NISTIR 8112 and how it could be leveraged for attribute verification/sharing, discuss use case and related standards work in the OpenID Foundation and W3C.
Key takeaways:
* Provide a greater understanding of NISTIR 8112 and how it could be leveraged for attribute verification/sharing.
* Discuss application in real world use cases and pilots.
* Clarify the difference between identity assurance levels and attribute assurance.
* Discuss alignment with other standards work, such as OpenID Foundation’s OpenID Connect for Identity Assurance and W3C verified claims.
Any system that deals with “external” clients invoking services has to deal with extending the authorization model of the system to the external clients. The internal authorization model (roles, attributes) often does not translate well to authorization mechanisms used by the external clients (e.g. OAuth2 scopes). For example, an OAuth2 scope may not match well with an internal role as the mapping might be 1:n or even n:n. This talk will explore a mechanism that allows for the external authorization model to remain simple for developers while providing a multi-level (coarse-grained to fine-grained) authorization model internally.
Key takeaways:
* The key components of the Transaction Token model
* How authorization is distributed across the infrastructure
* Value proposition of the model
