search

usnistgov / 800-63-3

Home to public development of NIST Special Publication 800-63-3: Digital Authentication Guidelines
https://pages.nist.gov/800-63-3/
Other
701 stars 102 forks source link

Include examples of traditional methods #315

Closed spoppe2001 closed 7 years ago

spoppe2001 commented 7 years ago

Organization: self

Type: suggestion

Document (63-3, 63A, 63B, or 63C):63-3

Reference (Include section and paragraph number): Section 4

Comment (Include rationale for comment): Since this document is intended to provide an overview of a more-granular identification and authentication process that differs from many traditional methods, it would be useful to describe how 3 or 4 traditional use cases relate to, and fall short of, this standard.

Suggested Change: Add an appendix that compares 63-3 standards to traditional use cases such as (1) obtaining a passport and presenting it to an immigration officer (2) presenting a government-issue picture ID to a guard and signing a visitor register to enter a building (3) using a hard token such as a SecurID fob or a soft token with a password (4) using a hand-scan biometric device with a PIN to enter a data center.

Organization: 1 = Federal, 2 = Industry, 3 = Other 2 Industry

jimfenton commented 7 years ago

Please note that use cases 1, 2, and 4 that you suggest are outside the scope of this guideline. Digital (remote) authentication does not include in-person authentication or physical access control.