SECDIR Review: Section 10 -- why no reference for JWS algorithms?

Section 10 describes Security Considerations in addition to the ones already describes in RFC 6119 (OAuth 2.0). The wording of Section 10.1 is odd: “ …it MUST either be JWS signed with then considered appropriate algorithm or encrypted using [RFC7516].” Why is there no cite of 7515 for JWS algorithms here, to parallel the cite of JWE?