This consultation is open through March 15, 2017. This feedback mechanism is being used to enable the Trust and Identity community supporting the R&E mission to aggregate its comments on NIST's 800-63-3 Digital Identity Guidelines. You are encouraged to provide individual feedback directly to NIST, or to contribute to this aggregation of community feedback and also provide individual feedback. If you have written an extensive feedback piece, please feel free to include a link and summary in your Proposed Text / Query / Suggestion to that external material. And as usual with this consultation process, also feel free to +1 the feedback of your colleagues.
Once this consultation closes, your collective feedback will be given to NIST on behalf of the community. This consultation process will be described as the source of the feedback; it will not be attributed to InCommon, Internet2, or any other organization.
Documents for review/consultation
NIST Instructions for Submitting Comments: https://pages.nist.gov/800-63-3/
Change Proposals and Feedback - We welcome your feedback/suggestions here
If you have comments that do not lend themselves well to the tabular format below, please create a new Google doc and link to it in the suggestion section below.
Number | Section, if applicable (overall comments also welcome) | Current Text if applicable (overall comments also welcome) | Proposed Text / Query / Suggestion | Proposer | +1 (add your name here if you agree with the proposal) |
---|---|---|---|---|---|
1 | 9.3 in 63C | Data Minimization | Providing insufficient attributes may impact the functionality of the application. If the RP can identify which attributes are needed for which functions, it will help a user determine what to release. | Ken Klingenstein | |
2 | 9.3 in 63C | Data minimization for portals is particularly vexing. Guidance on how to do this would be helpful. | Ken Klingenstein | ||
3 | 10.1.1 in 63C | Provide users means to delete their identities completely, removing all information about the user, to include transaction history. | There are often legal or audit reasons to not delete transaction histories. | Ken Klingenstein | |
4 | 10.2.1 in 63C and 9 in 63A | Neither section appears to offer guidance on the translation of technical attribute names and values into user-friendly language. | Ken Klingenstein | ||
5 | |||||
6 | |||||
7 | |||||
8 |