Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • Lvxferre
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 months ago

    I think so, based on the original: “Verifiers and CSPs [credential service providers] SHALL NOT permit the subscriber to store a hint that is accessible to an unauthenticated claimant.” With “shall not” being used for hard prohibitions.