Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mixing people and organizations #418

Open
1 task done
cabo opened this issue Jul 3, 2024 · 9 comments
Open
1 task done

Mixing people and organizations #418

cabo opened this issue Jul 3, 2024 · 9 comments
Labels
bug Something isn't working

Comments

@cabo
Copy link

cabo commented Jul 3, 2024

Describe the issue

https://www.rfc-editor.org/errata/eid8018

An author list can be made up of people, or of (usually one) organization, but not both.

Code of Conduct
@cabo cabo added the bug Something isn't working label Jul 3, 2024
@ajeanmahoney
Copy link
Collaborator

See also #262

@ajeanmahoney
Copy link
Collaborator

Note that listing both people and organizations as authors of a document is not forbidden by the Style Guide. There are a few RFCs where this is the case: RFC 3245 (J. Klensin, Ed., IAB), BCP 77 (L. Daigle, Ed., Internet Architecture Board), among others. (Lots of discussion about the issue here: #296)

We have spotted issues with some NIST bibxml entries (#262) where the author list incorrectly lists both authors and organizations. This needs more research to figure out where the issue is coming from.

@dcooper16
Copy link

I just noticed https://www.rfc-editor.org/errata/eid8018 and the corresponding issue in http://bib.ietf.org. https://www.rfc-editor.org/errata/eid8018 correctly notes that the bibliography entry is incorrect, but the proposed fix is incorrect.

NIST's Federal Information Processing Standards (FIPS) do not list individuals as authors. I notice that in http://bib.ietf.org many of the FIPS have an individual listed as the author, but I do not know where those names came from.

While FIPS 180-4 (the one mentioned in https://www.rfc-editor.org/errata/eid8018) does not include this text, more recent FIPS include a section titled "How to Cite this Publication." For example, in FIPS 186-5 it is recommended that that document be cited as:

National Institute of Standards and Technology (2023) Digital Signature Standard (DSS).
(Department of Commerce, Washington, D.C.), Federal Information Processing Standards
Publication (FIPS) NIST FIPS 186-5. https://doi.org/10.6028/NIST.FIPS.186-5

@tward212
Copy link

Hi @dcooper16, thanks for the clarification on whether the author should be included in this reference.

We did some research on this issue to try to understand where this author name was coming from and found the following:

We've noticed that authors are included for NIST FIPS docs in some instances outside of CSRC and the document's PDF.

For example, a tag for the author ('AU') is included in the .ris file for FIPS 180-4 within the NIST-Tech-Pubs repo.
https://github.com/usnistgov/NIST-Tech-Pubs/blob/e409c4b0d9d52117e2a527e7b8c40e074329abc1/bib/NIST.FIPS.180-4.ris

There is also a page for FIPS 180-4 in NIST Publications: https://www.nist.gov/publications/secure-hash-standard with the following recommended citation:

Dang, Q. (2015), Secure Hash Standard, Federal Inf. Process. Stds. (NIST FIPS), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.FIPS.180-4 (Accessed July 10, 2024)

This link also include BibTeX (.bib.) and RIS (.ris) files that use this citation information.
(I tested the Zotero plugin at this link and it uses the .ris file to build a citation that includes the author.)

The NIST Research Library also includes the author in its citation information:
https://nist.primo.exlibrisgroup.com/permalink/01NIST_INST/irk73q/alma991000626374208106

Note: this inclusion of the author in the .ris and .bib files appears to be the case for most NIST documents.

For example, here are the same links for FIPS 186-5:

@cabo
Copy link
Author

cabo commented Jul 10, 2024

Thanks, Ted, for clarifying this.
Actually, NIST provides its desired citation data in the DOI registration.
Translated to RFCXML format, that is:

    seriesinfo:
      DOI: 10.6028/nist.fips.180-4
    title: Secure Hash Standard
    author:
    - name: Quynh H. Dang
      ins: Q. Dang
    date: 2015-07
    refcontent: National Institute of Standards and Technology

I do not think we should deviate from that.
Note also that it is long-standing IETF culture to actually provide information about authors of documents.
I don't understand why we would want to break with this tradition if the official citation data that NIST provides do include the author(s).

@tward212
Copy link

Hi Carsten.

With regard to following what is available in NIST citation data:

I agree with the sentiment, however consider the following:

  • CMOS offers the following guidance for providing authors' names in reference list entries:

    In a reference list as in a bibliography, record the authors’ names as
    they appear on the title page or at the head of an article or chapter,
    with the exceptions noted in 14.72–84.

  • Section 4.8.6.6 of RFC 7322 provides similar guidance to RFC authors when referencing non-RFC SDO documents:

    • With a list of authors

      The following format is suggested when referencing a document or
 standard from another SDO in which authors are listed:
- [SYMBOLIC-TAG]
            Last name, First initial. and First initial. Last name,
            "Document Title", Document reference number, Date of
            publication, <URI if available>.

    • Without a list of authors

        - Alternatively, when no list of authors is available, the following
 format is recommended:
- [SYMBOLIC-TAG]  Organization, "Document Title", Document
                    reference number, Date of publication,
                    <URI if available>.

Since there is no author listed in NIST FIPS 180-4, it makes sense to follow the guidance for a reference without a list of authors and cite NIST as the authoring organization.

Furthermore, comparing FIPS 180-4 with other NIST documents, I noticed that authors are listed in NIST Special Publications (NIST SP) and NIST Internal Reports (NIST IR).

For example: NIST SP 800-215 lists Ramaswamy Chandramouli as the author on the front page and provides the following recommended citation:

Chandramouli R (2022) Guide to a Secure Enterprise Network Landscape. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-215.
https://doi.org/10.6028/NIST.SP.800-215

David also provided an example of a more recent FIPS document, NIST FIPS 186-5, which includes a recommended citation in the document itself:

National Institute of Standards and Technology (2023) Digital Signature Standard (DSS).
(Department of Commerce, Washington, D.C.), Federal Information Processing Standards
Publication (FIPS) NIST FIPS 186-5. https://doi.org/10.6028/NIST.FIPS.186-5

(Note that there is no author listed within this document or the recommended citation)

Also, as far as we can tell, it appears that bibxml service is pulling data from one of these repositories:

The latter example contains this YAML file for NIST FIPS 180-4.

Quynh Dang is listed as the author in the data for this entry, and I don't doubt that this is correct information. However, this creates a situation where using the bibxml service to create a reference entry for NIST FIPS documents generates references that do not match the information provided within the document itself.

In other words, if RFC authors use bibxml to build references for NIST FIPS documents, the RPC will have to edit them manually to ensure they match the information listed within the referenced document. It would reduce the work of the RPC team if the NIST FIP entries just listed NIST as the author.

All that being said, I am still curious as to why the author(s) of FIPS are included in the citation data, .ris, .bib, and other NIST sites (e.g., https://www.nist.gov/publications/secure-hash-standard), but then absent from the final document. @dcooper16 do you have any insight into this?

@ronaldtse
Copy link
Collaborator

ronaldtse commented Jul 12, 2024
edited
Loading

I'd like to reply on behalf of the original developers of the current BibXML service and the operator of the Relaton stack.

This thread appears to conflate the following issues:

  • Bibliographic data
  • Citation style

These two issues are related but are entirely separate concerns in both usage and for their roles in the rendered versions of Internet-Drafts and RFCs (and other document types).

Bibliographic data:

  • The BibXML service takes in source information directly from the official NIST Tech Pubs repository run by the NIST Information Services Office. This is the only authoritative bibliographic source of NIST Technical Publications and NIST-published FIPS (and FIPS published by NBS, the predecessor of NIST).
  • Someone mentioned CrossRef data (retrieved using DOI identifiers). CrossRef data of NIST Technical Publications is not authoritative but are downstream submission artifacts of the aforementioned repository. This is the official announcement from NIST.

Citation style:

  • The issue at hand here is the "rendering of the bibliographic listing section inside an Internet-Draft or RFC".
  • A reference list entry, i.e. a bibliographic item cited in the "Normative references" or "Informative references" section, is a "presentation" of underlying bibliographic item data. The presentation does not fully reflect the potential wealth of information provided by the bibliographic item data.
  • Whether the citation style used by the reference list entry includes the organization, or not, has nothing to do with the underlying data.

There are further considerations of the issue of citation style:

  • There exists commonly used citation styles like APA, Chicago and ISO 690.
  • IETF has its own citation style policy for its documents.
  • Some organizations publish recommendations on how to cite their documents. However, not all publishers (e.g. IETF) may adhere to those guidelines, given that usually those guidelines are incomplete
    • Example. My organization requires APA. The organizational author of "document foo" provides guidelines in Chicago. What style do I use to cite "document foo"? Clearly I need to adopt "document foo"'s recommended style to APA.
  • The rendering of the IETF citation style is done by an RFCXML-renderer, i.e. xml2rfc or rfc2629.xslt, and is not directly relevant to the contents of the actual RFC XML containing bibliographic information.

TLDR:

  • This is a discussion about citation style, not bibliographic data. The source bibliographic data should not change. IETF as an organization may decide to modify its citation style policy to accommodate the opinions raised in this issue.

cc: @kmiller621 of NIST ISO, as an example of how external organizations cite NIST Tech Pubs.

@ronaldtse
Copy link
Collaborator

Let's just take this chance to ask @kmiller621 ...

  • When citing NIST Tech Pubs, should authors be rendered?
  • When citing FIPS, should authors be rendered?

Thanks!

@dcooper16
Copy link

Hi @tward212,

I did not know about the various NIST, GitHub, etc. cites that you mentioned that provided bibliographic information about NIST publications. So, I asked about this internally. It seems that the information on these cites is being generated automatically from information in an internal publishing system. That system only allows individuals to be listed as authors (presumably since the list of authors is used to create a workflow). This list of authors is then used in the automatically-generated bibliographic information. So, perhaps the main responsibility is for NIST to fix the entries where an organization is listed as the author.

@ronaldtse: I think the correct answer as to whether authors should be rendered depends on what the document itself says. In the case of FIPS, individuals are never listed as authors, and the author is just "National Institute of Standards and Technology." Individual authors are usually listed for other NIST documents, but not always. For example, NIST Special Publications 800-53, 800-53A, and 800-53B just list "Joint Task Force" as the author.

@cabo: I can understand the desire to provide information about authors, but in this case the information may be incorrect. For example, https://www.nist.gov/publications/security-and-privacy-controls-information-systems-and-organizations-0 lists two authors for SP 800-53 (the same two are listed for SP 800-53B and only one is listed for SP 800-53A). However, the acknowledgements sections of those documents list 20 members of the Joint Task Force Working Group. Given the way the authors list was created for https://www.nist.gov/publications, it likely doesn't list everyone who deserves credit for authoring these documents. It is probably the same with some of the FIPS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ronaldtse @cabo @ajeanmahoney @dcooper16 @tward212