Editor: Yves Lafon
Status: Final
Visibility: Public
The Federated Identity Working Group is developing the Digital Credentials API.
Publicly recorded Formal Objection, pointing to the dissent email.
This DC API work is one of the few meaningful leverage points available to encourage broader access to currently fee-gated specification(s), and to do so in a way that benefits implementers and the wider community. My understanding is that any free availability, if it happens, would be time-limited. Against that backdrop, it seems unfortunate to relinquish that leverage based on an expectation or hope that the ISO specification “will likely be made freely available next year,”[3] particularly given the history and incentives involved.
[..]
This part too,
https://www.w3.org/guide/process/tilt/normative-references.html#orgs or especially? I've not consulted "the Team" myself but don't see how the answers to #1 and #3 can be anything but a hard "no."Who produced the document?
- Is it produced by a group that the Team believes follows the OpenStand principles <https://open-stand.org/about-us/principles/>?
- Is the normative version of the referenced document available in English? If not, is there an English translation?
- Is the referenced document available on the Web at no cost and without limitation?
The W3C has a long-standing history of normatively referencing ISO standards. In most cases, these references are facilitated by ISO's Publicly Available Specification (PAS) process.
Notable examples include:
Note that the list in non-exhaustive.
Also Note that ISO 16684-1, ISO 8601, CIE 015:2018, ISO 8859-1 amongst others are not PAS, ISO 8859-1 being "Information technology — 8-bit single-byte coded graphic character sets", ISO 8601 being "Date and time — Representations for information interchange", ISO 639 being "Code for individual languages and language groups"
Some references are still freely available indirectly, like Unicode, as indicated in its appendix C; ISO 8824 / 8825 is available freely as ITU-T X.680/X.690. Those are examples of Normative References that are not free, but where content is freely available indirectly.
Some references have been made as it was the only reference available, CIE 015:2018 in PNG is one such example, there are also indirect references that are non-free, like Web Authentication: An API for accessing Public Key Credentials Level 2, referencing FIDO-CTAP which in turns, normatively references ISO7816-4, not PAS.
The Normative References Guidebook entry lists many factors to be considered, but explicitely state that "No single factor is decisive. Different cases will involve different combinations of these factors.", and the examples above show that the situation is complex and diverse.
The core of the issue is about the interpretation of the factors required to link normatively to a document produced by an external organization, in this case ISO, and because ISO/IEC 18013-7:2025 has not yet been confirmed as a free-to-access PAS, and the possible impact on implementations, leading to possible interoperability problems.
The Team recommends to maintain the Normative reference but also to request ISO PAS status for ISO/IEC 18013-7:2025 Annex C, as has happened with some ISO/IEC standards referenced, and revisit the need for that reference when exiting Candidate Recommendation, based on implementation feedback.