W3C home > Mailing lists > Public > public-credentials@w3.org > July 2020

Re: NIST Identity Guidelines - Review Period

From: Wayne Chang <wyc@fastmail.fm>
Date: Wed, 22 Jul 2020 19:04:07 -0400
Message-Id: <5d7ad6fb-326b-45e7-a4fb-7b2ffe2f487b@www.fastmail.com>
To: "Nader Helmy" <nader.helmy@mattr.global>, "W3C Credentials CG" <public-credentials@w3.org>
Hi Nader, thanks for sharing to the list and for your well-written summary. I think it's important to engage governments to help them understand how technology based on our standards can help protect their citizens and to ensure that recommendations/regulatory requirements make room for or even encourage the adoption of global standards that are inclusively designed. When we don't do this, we run into difficult situations: for example, that the secp256k1 curve is not a NIST curve has caused a divide between enterprise and government usage of smart contract infrastructure. We have a chance to bridge chasms now.

I'd be interested in collaborating with you to create a Work Item within CCG to synthesize the relevant parts of the guidelines, organize a community response, and coordinate guidance from those who have experience with providing impactful feedback to NIST over the next 19 days. If you're open in this approach, I would recommend proposing a new work item using this link:


I am happy to then accept responsibility as a co-owner of this Proposed Work Item, which would help turn this into an official Work Item since we will have two different parties. You can read about the full process here:


We can have more than two owners on a Work Item, in case anyone else on this list is interested. Also Nader, please feel no obligation to take this on as your Work Item should your schedule or other commitments disallow. If no action in two days, I will make a new Proposed Work Item issue and bump this thread due to the short timeline, and invite participation to the GitHub issue.

- Wayne

On Wed, Jul 22, 2020, at 1:01 PM, Nader Helmy wrote:
> Hi all,
> It came to my attention that NIST is currently in an open review period on their Digital Identity Guidelines as published under NIST 800-63-3.
> https://csrc.nist.gov/publications/detail/sp/800-63/4/draft
> Deadline: August 10
> They're seeking feedback on a wide variety of topics to improve the standard, including remote identity proofing, mitigating correlation, and biometric verification. The scope of these regulations is very broad and the open review period seems like a substantial opportunity to provide our input as a community on some practical, real-world identity regulations. I'm sure some of us have already started thinking about this, how might we get organized?
> Thanks,
> Nader
> This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.
Received on Wednesday, 22 July 2020 23:04:41 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:01 UTC