[Openid-specs-ab] FW: NIST 800-63-1 FINAL

Nat Sakimura sakimura at gmail.com
Wed Dec 14 04:47:15 UTC 2011


Actually, Basic's Security consideration is stale.
In standard and messages, we decided to include the description of the
threat directly in the spec so we no longer need to reference SP800-63. It
also removed the word "assertion" as well.

We should do the same with the Basic.

Now, here is a question.

We have been avoiding to reference standard or messages from Basic.
In general, it would be good, but I am not sure if we really need to carry
it through for security consideration as well? Perhaps just referencing the
security consideration of the Standard suffice?

=nat


On Wed, Dec 14, 2011 at 1:33 AM, Mike Jones <Michael.Jones at microsoft.com>wrote:

>  We reference 800-63 in our specs.  We probably should update the
> reference.  I’ll file a bug.****
>
> ** **
>
> Also, oddly, this is referenced in Basic but not in Messages or Standard.
> In the bug, I’ll also include instructions to copy this to the appropriate
> place, since everything in Basic should be in one or the other of these
> specs.****
>
> ** **
>
>                                                             -- Mike****
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Stephen Skordinski [mailto:sskordinski at electrosoft-inc.com]
> *Sent:* Tuesday, December 13, 2011 8:31 AM
> *To:* AB; dsif at tscp.org
> *Subject:* NIST 800-63-1 FINAL****
>
> ** **
>
> No, that's not a typo in the subject, after years of reviews and
> revisions, NIST 800-63-1 is now a final release.****
>
> ** **
>
> Article: http://www.nist.gov/itl/csd/sp80063-121311.cfm****
>
> Document: http://www.nist.gov/customcf/get_pdf.cfm?pub_id=910006****
>
> ** **
>
> -Steve****
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>


-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111214/877ff5d7/attachment.html>


More information about the Openid-specs-ab mailing list