draft-ietf-sacm-rolie-softwaredescriptor-00.txt   draft-ietf-sacm-rolie-softwaredescriptor-01.txt 
SACM Working Group D. Waltermire SACM Working Group D. Waltermire
Internet-Draft S. Banghart Internet-Draft S. Banghart
Intended status: InformationalNational Institute of Standards and Techno Intended status: InformationalNational Institute of Standards and Techno
Expires: April 29, 2018 October 26, 2017 Expires: September 6, 2018 March 5, 2018
Definition of the ROLIE Software Descriptor Extension Definition of the ROLIE Software Descriptor Extension
draft-ietf-sacm-rolie-softwaredescriptor-00 draft-ietf-sacm-rolie-softwaredescriptor-01
Abstract Abstract
This document extends the Resource-Oriented Lightweight Information This document extends the Resource-Oriented Lightweight Information
Exchange (ROLIE) core to add the information type category and Exchange (ROLIE) core to add the information type category and
related requirements needed to support Software Record and Software related requirements needed to support Software Record and Software
Inventory use cases. The 'software-descriptor' information type is Inventory use cases. The 'software-descriptor' information type is
defined as a ROLIE extension. Additional supporting requirements are defined as a ROLIE extension. Additional supporting requirements are
also defined that describe the use of specific formats and link also defined that describe the use of specific formats and link
relations pertaining to the new information type. relations pertaining to the new information type.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 29, 2018. This Internet-Draft will expire on September 6, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 29 skipping to change at page 2, line 29
6.1. urn:ietf:params:rolie:property:swd:id . . . . . . . . . . 6 6.1. urn:ietf:params:rolie:property:swd:id . . . . . . . . . . 6
6.2. urn:ietf:params:rolie:property:swd:swname . . . . . . . . 6 6.2. urn:ietf:params:rolie:property:swd:swname . . . . . . . . 6
7. atom:link Extensions . . . . . . . . . . . . . . . . . . . . 6 7. atom:link Extensions . . . . . . . . . . . . . . . . . . . . 6
8. Other Registered Extensions . . . . . . . . . . . . . . . . . 7 8. Other Registered Extensions . . . . . . . . . . . . . . . . . 7
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
9.1. software-descriptor information-type . . . . . . . . . . 7 9.1. software-descriptor information-type . . . . . . . . . . 7
9.2. swd:id property . . . . . . . . . . . . . . . . . . . . . 8 9.2. swd:id property . . . . . . . . . . . . . . . . . . . . . 8
9.3. swd:swname property . . . . . . . . . . . . . . . . . . . 8 9.3. swd:swname property . . . . . . . . . . . . . . . . . . . 8
10. Security Considerations . . . . . . . . . . . . . . . . . . . 8 10. Security Considerations . . . . . . . . . . . . . . . . . . . 8
11. Privacy Considerations . . . . . . . . . . . . . . . . . . . 9 11. Privacy Considerations . . . . . . . . . . . . . . . . . . . 9
12. Normative References . . . . . . . . . . . . . . . . . . . . 9 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
12.1. Normative References . . . . . . . . . . . . . . . . . . 9
12.2. Informative References . . . . . . . . . . . . . . . . . 9
Appendix A. Schema . . . . . . . . . . . . . . . . . . . . . . . 9 Appendix A. Schema . . . . . . . . . . . . . . . . . . . . . . . 9
Appendix B. Examples of Use . . . . . . . . . . . . . . . . . . 9 Appendix B. Examples of Use . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction 1. Introduction
This document defines an extension to the Resource-Oriented This document defines an extension to the Resource-Oriented
Lightweight Information Exchange (ROLIE) protocol to support the Lightweight Information Exchange (ROLIE) [RFC8322] protocol to
publication of software descriptor information. Software descriptor support the publication of software descriptor information. Software
information is information that characterizes: descriptor information is information that characterizes:
an installable software package, or an installable software package, or
information about static software components that may be installed information about static software components that may be installed
by a software package or patch. by a software package or patch.
Software descriptor information includes identifying, versioning, Software descriptor information includes identifying, versioning,
software creation and publication, and file artifact information. software creation and publication, and file artifact information.
Software descriptor information provides data about what might be Software descriptor information provides data about what might be
installed, but doesn't describe where or how a specific software installed, but doesn't describe where or how a specific software
skipping to change at page 5, line 38 skipping to change at page 5, line 38
5.2.1. The ISO SWID 2016 format 5.2.1. The ISO SWID 2016 format
The ISO SWID Tag 2016 format is a software descriptor and software The ISO SWID Tag 2016 format is a software descriptor and software
record data format. It provides several tags: primary, which record data format. It provides several tags: primary, which
provides descriptive and naming information about software, patch, provides descriptive and naming information about software, patch,
which describes non-standalone software meant to patch existing which describes non-standalone software meant to patch existing
software, and corpus, which describes the software installation media software, and corpus, which describes the software installation media
that installs a given piece of software. that installs a given piece of software.
For a more complete overview as well as normative requirements, refer For a more complete overview as well as normative requirements, refer
to TODO(ref?):ISO/IEC 19770-2 to :ISO/IEC 19770-2 [SWID]
5.2.2. The Concise SWID format 5.2.2. The Concise SWID format
The Consise SWID format is an alternative representation of the ISO The Concise SWID (COSWID) format is an alternative representation of
SWID Tag 2016 format using a CBOR encoding defined by a CDDL the ISO SWID Tag 2016 format using a CBOR encoding defined by a CDDL
specification. It provides the same features and attributes as are specification. It provides the same features and attributes as are
specified in ISO 19770-2, plus: specified in ISO 19770-2, plus:
o a straight forward method to sign and encrypt SWID Tags using o a straight forward method to sign and encrypt SWID Tags using
COSE, and COSE, and
o additional attributes that provide an improved structure to o additional attributes that provide an improved structure to
include file hashes intended to be used as Reference Integrity include file hashes intended to be used as Reference Integrity
Measurements (RIM). Measurements (RIM).
skipping to change at page 9, line 17 skipping to change at page 9, line 17
information for low fault tolerance comparisons and searches, care information for low fault tolerance comparisons and searches, care
should be taken that the correct version scheme is being utilized. should be taken that the correct version scheme is being utilized.
11. Privacy Considerations 11. Privacy Considerations
This extension does not introduce any privacy considerations above or This extension does not introduce any privacy considerations above or
beyond that of the core ROLIE document. Any implementations using beyond that of the core ROLIE document. Any implementations using
this extension should understand the privacy considerations of ROLIE this extension should understand the privacy considerations of ROLIE
and the Atom Publishing Protocol. and the Atom Publishing Protocol.
12. Normative References 12. References
12.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2", [RFC4949] Shirey, R., "Internet Security Glossary, Version 2",
FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,
<https://www.rfc-editor.org/info/rfc4949>. <https://www.rfc-editor.org/info/rfc4949>.
[RFC5070] Danyliw, R., Meijer, J., and Y. Demchenko, "The Incident [RFC5070] Danyliw, R., Meijer, J., and Y. Demchenko, "The Incident
Object Description Exchange Format", RFC 5070, Object Description Exchange Format", RFC 5070,
DOI 10.17487/RFC5070, December 2007, DOI 10.17487/RFC5070, December 2007,
<https://www.rfc-editor.org/info/rfc5070>. <https://www.rfc-editor.org/info/rfc5070>.
[RFC8322] Field, J., Banghart, S., and D. Waltermire, "Resource-
Oriented Lightweight Information Exchange (ROLIE)",
RFC 8322, DOI 10.17487/RFC8322, February 2018,
<https://www.rfc-editor.org/info/rfc8322>.
12.2. Informative References
[SWID] ISO, "ISO/IEC 19770-2:2015".
Appendix A. Schema Appendix A. Schema
This document does not require any schema extensions. This document does not require any schema extensions.
Appendix B. Examples of Use Appendix B. Examples of Use
Use of this extension in a ROLIE repository will not typically change Use of this extension in a ROLIE repository will not typically change
that repository's operation. As such, the general examples provided that repository's operation. As such, the general examples provided
by the ROLIE core document would serve as examples. Provided below by the ROLIE core document would serve as examples. Provided below
is a sample SWD ROLIE entry: is a sample SWD ROLIE entry:
 End of changes. 10 change blocks. 
12 lines changed or deleted 25 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/