The US NIST SP800-63-4 pre-draft, which was delayed for nearly a year, was released in December and is accepting public comments until March 12th. Compared to version 3, "SP24-3-800," the scope is much broader. From this perspective, there are some shortcomings, and when I asked one of the authors, "Isn't there something missing?", he said, "We are aware of this and plan to write it in the future." He also said, "All comments are welcome."
SP800-63 is a standard for the US Federal Government, but it has had a major impact on related standards in other countries. The Japanese government's standards are one of them. The Japanese government seems to be considering revising these standards at the moment, so it makes sense to study SP800-63 properly.
So, I'm going to read SP800-63-4 in two parts. The related documents are
- SP800-63-4 https://nvlpubs.nist.gov/nistpubs/Spe…
- SP800-63A-4 https://doi.org/10.6028/NIST.SP.800-6…
- SP800-63B-4 https://doi.org/10.6028/NIST.SP.800-6…
- SP800-63C-4 https://doi.org/10.6028/NIST.SP.800-6…
There are four books in total, so no matter how you look at it, you can't finish it in one go.
The OpenID Foundation Japan is working hard to translate these into Japanese, so there may be some that are available in Japanese by the time of distribution. If they are usable, I would like to use them as a supplementary reading material.
The reason why we are doing this now, even though there is ample time until the public comment period ends on March 3, is because the Japanese government1This is because there is a related meeting at a certain government agency.
Chat and video participation2You can also join via video using mmhmm. If you would like to join via mmhmm, please contact us and we will send you a link.This YouTube channelYou should be able to join if you subscribe to the channel and wait at least one minute. However, there have been cases where people who subscribed just before the last time were unable to send chat messages, so we recommend that you register in advance.