[Openid-specs-fapi] Issue #762: FAPI1: [ISO/IEC 25791-1 Review Comments] Normative references or Bibliography, choose one (openid/fapi)

[Hodari McClain]

New issue 762: FAPI1: [ISO/IEC 25791-1 Review Comments] Normative references or Bibliography, choose one
https://bitbucket.org/openid/fapi/issues/762/fapi1-iso-iec-25791-1-review-comments

Hodari McClain:

* Member Body / National Committee: JP/04-009
* Subclause: 2/10
* Type: Editorial
* Comments: It is wrong that a document is listed both in Normative references and in Bibliography since a document should be classified to either one.

    However, referred documents are listed both in Normative references and in Bibliography.



    On the other hand, ISO/IEC Directives, Part 2:2021, “10.2 Permitted referenced documents” defines the following. 



    “Normatively referenced documents shall be documents published by ISO or IEC. In the absence of appropriate ISO or IEC documents, those published by other bodies may be listed as normative references provided that



    a\) the referenced document is recognized by the committee as having wide acceptance and authoritative status,



    b\) the committee has the agreement of the authors or publishers \(where known\) of the referenced document for its inclusion as a reference,



    c\) the authors or publishers \(where known\) have also agreed to inform the committee of their intention to revise the referenced document and what points the revision will affect,



    d\) the document is available under commercial terms which are fair, reasonable and non-discriminatory, and



    e\) any patented item required for the implementation of the document is available to be licensed in accordance with the ISO/IEC Directives, Part 1, 2021, 2.14, “Reference to patented items”.”


* Proposed Change: Documents should not be listed both in Normative references and in Bibliography. So that delete referred documents from Normative references if they do not meet the 5 conditions. 

    Or delete the referred documents from Bibliography if they meet the 5 conditions.


* WG Accept / Reject: Accept.  Remove them from the bibliography except for RFC6819 - OAuth 2.0 Threat Model and Security Considerations which is removed from the Normative reference instead. Also remove FAPI2 reference \(Part2 Financial grade API Security Profile 1.0 Part 2: Advanced\)

‌