Originally submitted by M V (Mark Verstege) on 2026-01-28
ISO has approved FAPI 2.0 Attacker Model as a Publicly Available Specification (PAS) subject to the following modifications.
The table below proposes whether this is an errata for FAPI 2.0 Attacker Model, or simply a modification of the ISO PAS submission but it would not result in an errata.
| Comment # |
Section |
ISO Comment |
ISO Proposed Change |
Errata/PAS Only Change |
| 1 |
Not specified |
Update PAS document title to align with FAPI 1.0 submission. |
Modify the title of this document to “Information technology — OpenID Connect FAPI Security Profile 2.0 — Part 2: Attacker Model” |
PAS only |
|
| 2 | 2 | Normative references should be in the clause 2. | Move the clause 11’s normative references to the clause 2. | Errata
|
| 3 | 4 | The ISO House style states that “If the full form of an abbreviated term is not a proper noun, the abbreviated term is generally presented in capital letters, e.g. DMA, but the full written form is not given initial capital letters, e.g. decision-making application and not Decision-Making Application.” | Un-capitalize the full written form of the abbreviated terms. | PAS only
|
| 4 | 11 | As an ISO/IEC document obviously meets the "requirements" of ISO/IEC Directives Part 2, it is not positioned as informative documents. | Remove "ISODIR2 ISO/IEC Directives Part 2" from the Normative References. | PAS Only
|
| 5 | all | The colour of the texts is not black. | Fix the colour of the texts to black. | PAS only
|
| 6 | all | There should be a space between “RFC”/”ISO” and its number. | Insert a space between “RFC”/”ISO” and the numbers afterwards. | Errata
|
| 7 | all | NOTEs do not have to be in bold. | Un-bold “NOTE” in the document. | Errata
|
| 8 | Appendix A | Acknowledgements" in original document is not necessary for ISO/IEC document. | Remove the Appendix A. | PAS only
|
| 9 | Appendix B | Appendix B" corresponds to "Annex B" in ISO/IEC document and the rules of ISO/IEC Directives Part 2, Clause 20 applies. Each annex shall be explicitly referred to within the text. Suggests FAPI specification is changed to refer to Annexes, nor Appendixes, or only the PAS document is updated | Replace "Appendix B. Notices" with "Annex A (informative) Notices". Insert "See Annex A." or corresponding explanation where Annex A is referred within this document. | Errata
|
| 10 | Author’s Addresses | Author’s Addresses" in original document is not necessary for ISO/IEC document. | Remove "Author’s Addresses" | PAS only
|
| 11 | Notational Conventions | As this is an ISO document, there is no need to clarify the notational conventions. | Remove the Notational Conventions clause. | PAS only
|
| 12 | Warning | It states that the document is still a draft. | Remove the Warning clause. | PAS only
|
WG Accept / Reject: to be discussed and handling agreed for each comment.
When commenting on individual comments, can WG members please indicate if it is designated an errata, or it only relates to the PAS submission, but not the specification. Also indicate whether you Accept/Partially Accept/Reject the proposed change.
Bitbucket status: new
Bitbucket origin: issue 850
ISO has approved FAPI 2.0 Attacker Model as a Publicly Available Specification (PAS) subject to the following modifications.
The table below proposes whether this is an errata for FAPI 2.0 Attacker Model, or simply a modification of the ISO PAS submission but it would not result in an errata.
|
| 2 | 2 | Normative references should be in the clause 2. | Move the clause 11’s normative references to the clause 2. | Errata
|
| 3 | 4 | The ISO House style states that “If the full form of an abbreviated term is not a proper noun, the abbreviated term is generally presented in capital letters, e.g. DMA, but the full written form is not given initial capital letters, e.g. decision-making application and not Decision-Making Application.” | Un-capitalize the full written form of the abbreviated terms. | PAS only
|
| 4 | 11 | As an ISO/IEC document obviously meets the "requirements" of ISO/IEC Directives Part 2, it is not positioned as informative documents. | Remove "ISODIR2 ISO/IEC Directives Part 2" from the Normative References. | PAS Only
|
| 5 | all | The colour of the texts is not black. | Fix the colour of the texts to black. | PAS only
|
| 6 | all | There should be a space between “RFC”/”ISO” and its number. | Insert a space between “RFC”/”ISO” and the numbers afterwards. | Errata
|
| 7 | all | NOTEs do not have to be in bold. | Un-bold “NOTE” in the document. | Errata
|
| 8 | Appendix A | Acknowledgements" in original document is not necessary for ISO/IEC document. | Remove the Appendix A. | PAS only
|
| 9 | Appendix B | Appendix B" corresponds to "Annex B" in ISO/IEC document and the rules of ISO/IEC Directives Part 2, Clause 20 applies. Each annex shall be explicitly referred to within the text. Suggests FAPI specification is changed to refer to Annexes, nor Appendixes, or only the PAS document is updated | Replace "Appendix B. Notices" with "Annex A (informative) Notices". Insert "See Annex A." or corresponding explanation where Annex A is referred within this document. | Errata
|
| 10 | Author’s Addresses | Author’s Addresses" in original document is not necessary for ISO/IEC document. | Remove "Author’s Addresses" | PAS only
|
| 11 | Notational Conventions | As this is an ISO document, there is no need to clarify the notational conventions. | Remove the Notational Conventions clause. | PAS only
|
| 12 | Warning | It states that the document is still a draft. | Remove the Warning clause. | PAS only
|
WG Accept / Reject: to be discussed and handling agreed for each comment.
When commenting on individual comments, can WG members please indicate if it is designated an errata, or it only relates to the PAS submission, but not the specification. Also indicate whether you Accept/Partially Accept/Reject the proposed change.
Bitbucket status: new
Bitbucket origin: issue 850