The third session of the leisurely reading session of the Initial Public Draft of the US NIST SP800-63-4 (released in December last year, accepting public comments until March 12th), which started last week, will be held on February 3nd at 24pm. This time, we will start reading from Part A, Section 3, which is the identity verification standard. I think that this will include discussions on the appropriateness of asking for a name. Wait, isn't it natural to make people enter their "name"? Not at all. In the first place, asking for a name and surname is a very Western-oriented culture. In some cultures, there is no surname, but the process cannot be completed unless the surname is entered, or conversely, if you try to enter it, there is a character limit that makes it impossible to enter, or there are characters that cannot be used.
These issues are in fact also about cultural equity, and this issue of equity is one of the main focuses of the latest revision of SP800-63.
By the way, in Japan, since the Meiji era, the family name system was standardized, this issue is relatively difficult to understand. However, this problem still exists. For example, the person I rent my house to is a foreigner and does not have a family name. Therefore, he repeats his first name in the family name column.
Also, international boarding passes can only contain 8 characters, so mine reads SAKIMURA NATSUHIK. A certain bank's system is the same, and they asked me to shorten it because they couldn't enter the romaji characters on my cash card and credit card. I took advantage of this and wrote NAT SAKIMURA, but1.
To begin with, there are many places where I can't input the kanji for my surname. "﨑". I don't mind "崎", but since my family register says "﨑", I have to use this, otherwise it gets rejected. But even so, I can't input it, and the output is garbled.
That's right, katakana names are also a problem. You can't enter "Nat Consulting" into eLTAX. The small "っ" and "イ" characters won't work. And yet it just pulls them from the kanji column and puts them in. I didn't know what the error was, so I cried, "Please, let me pay my taxes!" It was hard to find the cause. By the way, the advice from the tax accountant was "Pay at the counter"?
When we think about these input restrictions, we should go back to why we have to input names. For example, in the case of eLTAX, the corporate number is sufficient, so that would be sufficient. Corporate names are not unique to begin with, so they cannot be used as identifiers.
Returning to the individual's side, if we stop the process of asking for "name", it may actually reduce various disadvantages caused by changing one's name. It is also important from the perspective of "fairness" to evaluate whether making people enter their names creates obstacles for certain groups, such as making it more difficult for them to apply, or whether it functions in a discriminatory manner. So, if you are a supporter of #SelectiveSeparateSurnamesForMarriedWomen, please think about this together with us.
Well, of course, the real issue with SP800-63-4 is not the name, but things like requiring photo identification.
Version 3 has a much broader scope than version 800, "SP63-3-XNUMX." From this perspective, there are some shortcomings, and when I asked one of the authors, "Isn't there something missing?", he said, "I'm aware of it and plan to write about it in the future." He also said, "All comments are welcome."
SP800-63 is a standard for the US Federal Government, but it has had a major impact on related standards in other countries. The Japanese government's standards are one of them. The Japanese government seems to be considering revising these standards at the moment, so it makes sense to study SP800-63 properly.
So, I'm going to read SP800-63-4 in about eight parts. The relevant documents are
- SP800-63-4 https://nvlpubs.nist.gov/nistpubs/Spe…
- SP800-63A-4 https://doi.org/10.6028/NIST.SP.800-6…
- SP800-63B-4 https://doi.org/10.6028/NIST.SP.800-6…
- SP800-63C-4 https://doi.org/10.6028/NIST.SP.800-6…
There are four books in total, so no matter how you look at it, you can't finish it in one go.
The OpenID Foundation Japan is working hard to translate these into Japanese, so there may be some that are available in Japanese by the time of distribution. If they are usable, I would like to use them as a supplementary reading material.
Chat and video participation2You can also join via video using mmhmm. If you would like to join via mmhmm, please contact us and we will send you a link.This YouTube channelYou should be able to join if you subscribe to the channel and wait at least one minute. However, there have been cases where people who subscribed just before the last time were unable to send chat messages, so we recommend that you register in advance.