draft-ietf-sacm-rolie-softwaredescriptor-05.txt   draft-ietf-sacm-rolie-softwaredescriptor-06.txt 
SACM Working Group S. Banghart SACM Working Group S. Banghart
Internet-Draft D. Waltermire Internet-Draft D. Waltermire
Intended status: InformationalNational Institute of Standards and Techno Intended status: InformationalNational Institute of Standards and Techno
Expires: September 27, 2019 March 26, 2019 Expires: September 28, 2019 March 27, 2019
Definition of the ROLIE Software Descriptor Extension Definition of the ROLIE Software Descriptor Extension
draft-ietf-sacm-rolie-softwaredescriptor-05 draft-ietf-sacm-rolie-softwaredescriptor-06
Abstract Abstract
This document uses the "information-type" extension point as defined This document uses the "information-type" extension point as defined
in the Resource-Oriented Lightweight Information Exchange (ROLIE) in the Resource-Oriented Lightweight Information Exchange (ROLIE)
[RFC8322] Section 7.1.2 to better support Software Record and [RFC8322] Section 7.1.2 to better support Software Record and
Software Inventory use cases. This specification registers a new Software Inventory use cases. This specification registers a new
ROLIE information-type, "software-descriptor", that allows for the ROLIE information-type, "software-descriptor", that allows for the
categorization of information relevant to software description categorization of information relevant to software description
activities and formats. In particular, the usage of the ISO activities and formats. In particular, the usage of the ISO
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 27, 2019. This Internet-Draft will expire on September 28, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 4, line 30 skipping to change at page 4, line 30
databases, attempts to provide as much data about this software as databases, attempts to provide as much data about this software as
possible. possible.
Once this information is expressed, it needs to be stored and shared Once this information is expressed, it needs to be stored and shared
to internal and external parties. ROLIE provides a mechanism to to internal and external parties. ROLIE provides a mechanism to
handle this sharing in an automation-friendly way. handle this sharing in an automation-friendly way.
4. The "software-descriptor" information type 4. The "software-descriptor" information type
When an "atom:category" element has a "scheme" attribute equal to When an "atom:category" element has a "scheme" attribute equal to
"urn:ietf:params:rolie:category:information-type", the "value" "urn:ietf:params:rolie:category:information-type", the "term"
attribute defines the information type of the associated resource. A attribute defines the information type of the associated resource. A
new information type value: "software-descriptor", is described in new information type value: "software-descriptor", is described in
this section, and registered in Section 8.1. this section, and registered in Section 8.1.
The "software-descriptor" information type represents any static The "software-descriptor" information type represents any static
information that describes a piece of software. This document uses information that describes a piece of software. This document uses
the definition of software provided by [RFC4949]. Note that as per the definition of software provided by [RFC4949]. Note that as per
this definition, this information type pertains to static software, this definition, this information type pertains to static software,
that is, code on the disc. The "software-descriptor" information that is, code on the disc. The "software-descriptor" information
type is intended to provide a category for information that does one type is intended to provide a category for information that does one
skipping to change at page 7, line 45 skipping to change at page 7, line 45
o There MUST be one "rolie:property" with the "name" attribute equal o There MUST be one "rolie:property" with the "name" attribute equal
to "urn:ietf:params:rolie:property:swd:swname", and the "value" to "urn:ietf:params:rolie:property:swd:swname", and the "value"
attribute equal to the value of the "<name>" element in the attribute equal to the value of the "<name>" element in the
attached SWID Tag. As above, this field aids ROLIE consumers in attached SWID Tag. As above, this field aids ROLIE consumers in
search and filtering Entries. search and filtering Entries.
o There MAY be a property element with the "name" attribute equal to o There MAY be a property element with the "name" attribute equal to
"urn:ietf:params:rolie:property:swd:swversion". When this "urn:ietf:params:rolie:property:swd:swversion". When this
property appears, it's value MUST be equal to the value of the property appears, it's value MUST be equal to the value of the
"TODO-version" element in the attached SWID Tag. "version" element in the attached SWID Tag.
6.2. The Concise SWID format 6.2. The Concise SWID format
6.2.1. Description 6.2.1. Description
The Concise SWID (COSWID) format is an alternative representation of The Concise SWID (COSWID) format is an alternative representation of
the SWID Tag format using a Concise Binary Object Representation the SWID Tag format using a Concise Binary Object Representation
(CBOR) encoding. This provides the format with a reduced size that (CBOR) encoding. This provides the format with a reduced size that
is more suitable for constrained devices. It provides the same is more suitable for constrained devices. It provides the same
features and attributes as are specified in ISO 19770-2:2015, plus: features and attributes as are specified in ISO 19770-2:2015, plus:
skipping to change at page 8, line 43 skipping to change at page 8, line 43
[I-D.ietf-sacm-coswid] [I-D.ietf-sacm-coswid]
A "COSWID Tag Entry" MUST conform to the following requirements: A "COSWID Tag Entry" MUST conform to the following requirements:
o The value of the "type" attribute of the atom:content element MUST o The value of the "type" attribute of the atom:content element MUST
be "application/coswid+cbor". be "application/coswid+cbor".
o There MUST be one "rolie:property" with the "name" attribute equal o There MUST be one "rolie:property" with the "name" attribute equal
to "urn:ietf:params:rolie:property:content-id" and the "value" to "urn:ietf:params:rolie:property:content-id" and the "value"
attribute exactly equal to the "tag-id" element in the attached attribute exactly equal to the "tag-id" element in the attached
COSWID Tag. This allows for ROLIE consumers to more easily search COSWID Tag (mapped to integer 0). This allows for ROLIE consumers
for COSWID tags without needing to download the tag itself. to more easily search for COSWID tags without needing to download
the tag itself.
o There MUST be one "rolie:property" with the "name" attribute equal o There MUST be one "rolie:property" with the "name" attribute equal
to "urn:ietf:params:rolie:property:swd:swname", and the "value" to "urn:ietf:params:rolie:property:swd:swname", and the "value"
attribute equal to the value of the "swid-name" element in the attribute equal to the value of the "swid-name" element in the
attached COSWID Tag. As above, this field aids ROLIE consumers in attached COSWID Tag (mapped to the integer 1). As above, this
searching and filtering Entries. field aids ROLIE consumers in searching and filtering Entries.
o There MAY be a property element with the "name" attribute equal to o There MAY be a property element with the "name" attribute equal to
"urn:ietf:params:rolie:property:swd:swversion". When this "urn:ietf:params:rolie:property:swd:swversion". When this
property appears, it's value MUST be equal to the value of the property appears, it's value MUST be equal to the value of the
"TODO-version" element in the attached COSWID Tag. tag-version element in the attached COSWID Tag (mapped to the
integer 12).
7. atom:link Extensions 7. atom:link Extensions
This section defines additional link relationships that This section defines additional link relationships that
implementations MUST support. These relationships are not registered implementations MUST support. These relationships are not registered
in the Link Relation IANA table as their use case is too narrow. in the Link Relation IANA table as their use case is too narrow.
Each relationship is named and described. Each relationship is named and described.
These relations come in related pairs. The first of each pair is These relations come in related pairs. The first of each pair is
expected to be more common, as they can be determined at the time expected to be more common, as they can be determined at the time
skipping to change at page 14, line 24 skipping to change at page 14, line 24
<link rel="self" href="http://www.example.org/rolie/SWD/123456"/> <link rel="self" href="http://www.example.org/rolie/SWD/123456"/>
<link rel="feed" href="http://www.example.org/rolie/SWD/"/> <link rel="feed" href="http://www.example.org/rolie/SWD/"/>
<link rel="requires" href="http://www.example.org/rolie/SWD/78430"/> <link rel="requires" href="http://www.example.org/rolie/SWD/78430"/>
<rolie:property name=urn:ietf:params:rolie:property:swd:swname <rolie:property name=urn:ietf:params:rolie:property:swd:swname
value="Example Software Name"/> value="Example Software Name"/>
<category <category
scheme="urn:ietf:params:rolie:category:information-type" scheme="urn:ietf:params:rolie:category:information-type"
term="software-descriptor"/> term="software-descriptor"/>
<rolie:format <rolie:format
ns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd"/> ns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd"/>
<content type="application/swid+xml" <content type="application/xml"
src="http://www.example.org/rolie/SWD/123456/data"/> src="http://www.example.org/rolie/SWD/123456/data"/>
</entry> </entry>
Authors' Addresses Authors' Addresses
Stephen Banghart Stephen Banghart
National Institute of Standards and Technology National Institute of Standards and Technology
100 Bureau Drive 100 Bureau Drive
Gaithersburg, Maryland 20877 Gaithersburg, Maryland 20877
USA USA
 End of changes. 9 change blocks. 
11 lines changed or deleted 13 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/