800-63-3
800-63-3 copied to clipboard
usnistgov
Home to public development of NIST Special Publication 800-63-3: Digital Authentication Guidelines
Need to discuss our requirements and how viable they are in behavioral biometrics. For example, if a vendor can support our PAD and FMR requirements for gesture-based biometrics, where the...
External comment from Zach Bjornson : In SP 800-63B, Section 7.2 states: The nature of a session depends on the application, including: 1. A web browser session with a “session”...
In [800-63B Section 7.1.1](https://pages.nist.gov/800-63-3/sp800-63b.html#711-browser-cookies), use of HttpOnly is a SHOULD. Consider making it a SHALL to improve resistance to XSS and similar attacks.
@regenscheid points out: There is an inconsistency in the reauthentication requirements for AAL2 in [-63B Section 4.2.3](https://pages.nist.gov/800-63-3/sp800-63b.html#aal2reauth). If a user is logged out at the end of a reauthentication period...
AAL3 requires verifier impersonation resistance, as defined in Section 5.2.5. The relevant paragraph states as follows (emphasis added) > A verifier impersonation-resistant authentication protocol SHALL establish an authenticated protected channel...
Transferred from #1915: > iii) you and I discussed Table 5-1 and I thought we had agreed wording to allow phrasing such as “demonstrate or show other reasonable expectation that...
In SP 800-63B Section 4.4, the second sub-bullet of item 1 should be item 2 rather than a sub-bullet of 1.
-63B Section 5.1.2.1 says that "look-up secrets SHALL be distributed over a secure channel in accordance with the post-enrollment binding requirements in Section 6.1.2" However, Section 6.1.2 (and subsidiary section...
-63B Section 5.1.2.2 paragraph 2 contains the text: `The salt value SHALL be at least 32 in bits in length` The first occurrence of 'in' should be removed.
This one has been discussed before, but I wanted to capture it here. The evidence validation and identity verification requirements at IAL2 are unclear, particularly as they relate to the...