The NIST 8112 Internal Report contains a metadata schema for attributes that may be asserted about an individual during an online transaction. The schema can be used by trusting parties to enrich access control policies, as well as during runtime evaluation of an individual’s ability to access protected resources.
Attribute metadata could also create an option for data sharing permissions and limitations on individual data elements, thus strengthening security. There are other possible applications of attribute metadata, such as evaluation and execution of business logic in decision support systems; however, the metadata contained in the report is focused on supporting an organization’s risk-informed authorization policies and evaluation.
Paul Grassi (NIST), Naomi Lefkovitz (NIST), Ellen Nadeau (NIST), Ryan Galluzzo (Deloitte & Touche), Abhiraj Dinh (Deloitte & Touche)
Publication: NISTIR 8112 (DOI)
Related NIST Publications: SP 800-162