U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8112 (Initial Public Draft)

Attribute Metadata

Date Published: August 2016
Comments Due: September 30, 2016 (public comment period is CLOSED)
Email Questions to: nsticworkshop@nist.gov


Paul Grassi (NIST), Ellen Nadeau (NIST), Ryan Galluzzo (Deloitte & Touche), Abhiraj Dinh (Deloitte & Touche)


NIST invites comments on Draft NIST Internal Report (NISTIR) 8112, Attribute Metadata. This report proposes a schema intended to convey information about a subject's attribute(s) to allow for a relying party (RP) to:

  • Obtain greater understanding of how the attribute and its value were obtained, determined, and vetted;
  • Have greater confidence in applying appropriate authorization decisions to subjects external to the domain of a protected system or data;
  • Develop more granular access control policies;
  • Make more effective authorization decisions; and
  • Promote federation of attributes.

The schema can be used by relying parties to enrich access control policies, as well as during runtime evaluation of an individual's ability to access protected resources. We opted to publish this document as a NISTIR in an effort to treat it as an implementers' draft, an approach common in the development lifecycle of many private sector standards and specifications. This allows the developer and policy community, in both the public and private sectors, to apply some or all of the metadata in this NISTIR on a volunteer basis, and provide us with practical feedback gained through implementation experience. As such, we will be maintaining the public issues page beyond the initial 60-day period to continually receive input and iteratively improve the document in anticipation of a second revision.

Submitting Comments

Commenters are STRONGLY encouraged to publicly collaborate with the team and other participants via the GitHub pages for NISTIR 8112. We have posted details on how to submit comments on GitHub. Additionally, we are providing a PDF for offline reading, as well as a traditional comment matrix for those that prefer this approach. 

All comments, regardless of how they are provided to NIST, will be made public as a GitHub "issue."



assertions; attributes; attribute metadata; attribute values; attribute value metadata; authorization; federation; identity; identity federation; information security; metadata; privacy; risk; risk management; security; access control; trust
Control Families

Access Control; Identification and Authentication


Draft NISTIR 8112 (HTML on GitHub)

Supplemental Material:
How to Submit Comments (GitHub)
Draft NISTIR 8112 (PDF) (pdf)
Comment Template (xlsx)
Submitted issues (GitHub)

Related NIST Publications:
SP 800-162

Document History:
08/01/16: IR 8112 (Draft)


Security and Privacy