ajeanmahoney
commented
1 month ago Open cabo opened 1 month ago
ajeanmahoney
commented
1 month ago ajeanmahoney
commented
1 month ago Note that listing both people and organizations as authors of a document is not forbidden by the Style Guide. There are a few RFCs where this is the case: RFC 3245 (J. Klensin, Ed., IAB), BCP 77 (L. Daigle, Ed., Internet Architecture Board), among others. (Lots of discussion about the issue here: https://github.com/ietf-tools/bibxml-service/issues/296)
We have spotted issues with some NIST bibxml entries (#262) where the author list incorrectly lists both authors and organizations. This needs more research to figure out where the issue is coming from.
dcooper16
commented
1 month ago I just noticed https://www.rfc-editor.org/errata/eid8018 and the corresponding issue in http://bib.ietf.org. https://www.rfc-editor.org/errata/eid8018 correctly notes that the bibliography entry is incorrect, but the proposed fix is incorrect.
NIST's Federal Information Processing Standards (FIPS) do not list individuals as authors. I notice that in http://bib.ietf.org many of the FIPS have an individual listed as the author, but I do not know where those names came from.
While FIPS 180-4 (the one mentioned in https://www.rfc-editor.org/errata/eid8018) does not include this text, more recent FIPS include a section titled "How to Cite this Publication." For example, in FIPS 186-5 it is recommended that that document be cited as:
National Institute of Standards and Technology (2023) Digital Signature Standard (DSS). (Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) NIST FIPS 186-5. https://doi.org/10.6028/NIST.FIPS.186-5
tward212
commented
1 month ago Hi @dcooper16, thanks for the clarification on whether the author should be included in this reference.
We did some research on this issue to try to understand where this author name was coming from and found the following:
We've noticed that authors are included for NIST FIPS docs in some instances outside of CSRC and the document's PDF.
For example, a tag for the author ('AU') is included in the .ris file for FIPS 180-4 within the NIST-Tech-Pubs repo. https://github.com/usnistgov/NIST-Tech-Pubs/blob/e409c4b0d9d52117e2a527e7b8c40e074329abc1/bib/NIST.FIPS.180-4.ris
There is also a page for FIPS 180-4 in NIST Publications: https://www.nist.gov/publications/secure-hash-standard with the following recommended citation:
Dang, Q. (2015), Secure Hash Standard, Federal Inf. Process. Stds. (NIST FIPS), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.FIPS.180-4 (Accessed July 10, 2024)
This link also include BibTeX (.bib.) and RIS (.ris) files that use this citation information. (I tested the Zotero plugin at this link and it uses the .ris file to build a citation that includes the author.)
The NIST Research Library also includes the author in its citation information: https://nist.primo.exlibrisgroup.com/permalink/01NIST_INST/irk73q/alma991000626374208106
Note: this inclusion of the author in the .ris and .bib files appears to be the case for most NIST documents.
For example, here are the same links for FIPS 186-5:
NIST Research Library entry: https://nist.primo.exlibrisgroup.com/permalink/01NIST_INST/irk73q/alma991000614605008106
NIST Publications page: https://www.nist.gov/publications/digital-signature-standard-dss-3
cabo
commented
1 month ago Thanks, Ted, for clarifying this. Actually, NIST provides its desired citation data in the DOI registration. Translated to RFCXML format, that is:
seriesinfo:
DOI: 10.6028/nist.fips.180-4
title: Secure Hash Standard
author:
- name: Quynh H. Dang
ins: Q. Dang
date: 2015-07
refcontent: National Institute of Standards and TechnologyI do not think we should deviate from that. Note also that it is long-standing IETF culture to actually provide information about authors of documents. I don't understand why we would want to break with this tradition if the official citation data that NIST provides do include the author(s).
tward212
commented
1 month ago Hi Carsten.
With regard to following what is available in NIST citation data:
I agree with the sentiment, however consider the following:
CMOS offers the following guidance for providing authors' names in reference list entries:
In a reference list as in a bibliography, record the authors’ names as they appear on the title page or at the head of an article or chapter, with the exceptions noted in 14.72–84.
Section 4.8.6.6 of RFC 7322 provides similar guidance to RFC authors when referencing non-RFC SDO documents:
The following format is suggested when referencing a document or
standard from another SDO in which authors are listed:
- [SYMBOLIC-TAG]
Last name, First initial. and First initial. Last name,
"Document Title", Document reference number, Date of
publication, <URI if available>.
- Alternatively, when no list of authors is available, the following
format is recommended:Since there is no author listed in NIST FIPS 180-4, it makes sense to follow the guidance for a reference without a list of authors and cite NIST as the authoring organization.
Furthermore, comparing FIPS 180-4 with other NIST documents, I noticed that authors are listed in NIST Special Publications (NIST SP) and NIST Internal Reports (NIST IR).
For example: NIST SP 800-215 lists Ramaswamy Chandramouli as the author on the front page and provides the following recommended citation:
Chandramouli R (2022) Guide to a Secure Enterprise Network Landscape. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-215. https://doi.org/10.6028/NIST.SP.800-215
David also provided an example of a more recent FIPS document, NIST FIPS 186-5, which includes a recommended citation in the document itself:
National Institute of Standards and Technology (2023) Digital Signature Standard (DSS). (Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) NIST FIPS 186-5. https://doi.org/10.6028/NIST.FIPS.186-5
(Note that there is no author listed within this document or the recommended citation)
Also, as far as we can tell, it appears that bibxml service is pulling data from one of these repositories:
The latter example contains this YAML file for NIST FIPS 180-4.
Quynh Dang is listed as the author in the data for this entry, and I don't doubt that this is correct information. However, this creates a situation where using the bibxml service to create a reference entry for NIST FIPS documents generates references that do not match the information provided within the document itself.
In other words, if RFC authors use bibxml to build references for NIST FIPS documents, the RPC will have to edit them manually to ensure they match the information listed within the referenced document. It would reduce the work of the RPC team if the NIST FIP entries just listed NIST as the author.
All that being said, I am still curious as to why the author(s) of FIPS are included in the citation data, .ris, .bib, and other NIST sites (e.g., https://www.nist.gov/publications/secure-hash-standard), but then absent from the final document. @dcooper16 do you have any insight into this?
ronaldtse
commented
1 month ago I'd like to reply on behalf of the original developers of the current BibXML service and the operator of the Relaton stack.
This thread appears to conflate the following issues:
These two issues are related but are entirely separate concerns in both usage and for their roles in the rendered versions of Internet-Drafts and RFCs (and other document types).
Bibliographic data:
Citation style:
There are further considerations of the issue of citation style:
xml2rfc or rfc2629.xslt, and is not directly relevant to the contents of the actual RFC XML containing bibliographic information.TLDR:
cc: @kmiller621 of NIST ISO, as an example of how external organizations cite NIST Tech Pubs.
ronaldtse
commented
1 month ago Let's just take this chance to ask @kmiller621 ...
Thanks!
dcooper16
commented
1 month ago Hi @tward212,
I did not know about the various NIST, GitHub, etc. cites that you mentioned that provided bibliographic information about NIST publications. So, I asked about this internally. It seems that the information on these cites is being generated automatically from information in an internal publishing system. That system only allows individuals to be listed as authors (presumably since the list of authors is used to create a workflow). This list of authors is then used in the automatically-generated bibliographic information. So, perhaps the main responsibility is for NIST to fix the entries where an organization is listed as the author.
@ronaldtse: I think the correct answer as to whether authors should be rendered depends on what the document itself says. In the case of FIPS, individuals are never listed as authors, and the author is just "National Institute of Standards and Technology." Individual authors are usually listed for other NIST documents, but not always. For example, NIST Special Publications 800-53, 800-53A, and 800-53B just list "Joint Task Force" as the author.
@cabo: I can understand the desire to provide information about authors, but in this case the information may be incorrect. For example, https://www.nist.gov/publications/security-and-privacy-controls-information-systems-and-organizations-0 lists two authors for SP 800-53 (the same two are listed for SP 800-53B and only one is listed for SP 800-53A). However, the acknowledgements sections of those documents list 20 members of the Joint Task Force Working Group. Given the way the authors list was created for https://www.nist.gov/publications, it likely doesn't list everyone who deserves credit for authoring these documents. It is probably the same with some of the FIPS.
Describe the issue
https://www.rfc-editor.org/errata/eid8018
An author list can be made up of people, or of (usually one) organization, but not both.
Code of Conduct