V2 chapter texts

[elarlang]

• "NIST SP 800-63" vs "NIST SP 800-63B" mixed usage, those are different things, so we need to be sure that all the references are correct
• Get rid of section title "NIST SP 800-63 - Modern, evidence-based authentication standard" - this is the only separate level 2 (##) title, it would be also helpful and precondition to extract section texts to JSON file, in case we want to solve Machine parseable format does not include informative text #821
• Get rid of "We strongly urge US government agencies to review and implement NIST SP 800-63 in its entirety."
• Some of the references to NIST sections are links and some are not.
• When I saw the line "The requirements in this section relate to a variety of sections of NIST's Guidance, including: 4.2.1, 4.3.1, 5.2.2, and 6.1.2." I first had a question why we are referencing to authorization requirements here, but those are actually NIST numbers, not ASVS requirement numbers...

edit:

• remove the line or smoothen the message "NIST SP 800-63 terminology can be a little confusing and we have tried to standardise the terminology to optimize for clarity, using more commonly understood terminology where possible."

[jmanico]

I think these are all solid suggestions. Thumbs up.

[randomstuff]

Get rid of "We strongly urge US government agencies to review and implement NIST SP 800-63 in its entirety."

😄

[elarlang]

Get rid of "We strongly urge US government agencies to review and implement NIST SP 800-63 in its entirety."

😄

Well, the recommendation should not be read out of context :) It has already been said a few lines before ("The standard is helpful for all organizations all over the world but is particularly relevant to US agencies and those dealing with US agencies."). US agencies anyway need to follow it and they don't need to read it from the ASVS. For every other audience, it is just a noise and may make a feeling, that ASVS is US-audience oriented as well.

[tghosth]

"NIST SP 800-63" vs "NIST SP 800-63B" mixed usage, those are different things, so we need to be sure that all the references are correct

I have tried to tidy those up.

Get rid of section title "NIST SP 800-63 - Modern, evidence-based authentication standard" - this is the only separate level 2 (##) title, it would be also helpful and precondition to extract section texts to JSON file, in case we want to solve #821

Changed it to bold

Get rid of "We strongly urge US government agencies to review and implement NIST SP 800-63 in its entirety."

Removed

Some of the references to NIST sections are links and some are not.

Fixed.

When I saw the line "The requirements in this section relate to a variety of sections of NIST's Guidance, including: 4.2.1, 4.3.1, 5.2.2, and 6.1.2." I first had a question why we are referencing to authorization requirements here, but those are actually NIST numbers, not ASVS requirement numbers...

Added the § symbol which hopefully makes it clearer.

remove the line or smoothen the message "NIST SP 800-63 terminology can be a little confusing and we have tried to standardise the terminology to optimize for clarity, using more commonly understood terminology where possible."

Tried to clean this up

All these changes are here: 9c3f14d

[tghosth]

Even after #2588 is merged, this should stay open for a final review of the text.

[elarlang]

However, NIST SP 800-63 terminology can sometimes be a little hard to understand and we have therefore tried to use more commonly understood terminology where possible. to make the chapter clearer.

this "little hard to undestand" part should be turned to "is different", or the entire line can be deleted.

[tghosth]

However, NIST SP 800-63 terminology can sometimes be a little hard to understand and we have therefore tried to use more commonly understood terminology where possible. to make the chapter clearer.

this "little hard to undestand" part should be turned to "is different", or the entire line can be deleted.

@elarlang what do you think about #2619

[tghosth]

Final review changes in #2656