--- 1/draft-ietf-sacm-rolie-softwaredescriptor-05.txt 2019-03-27 04:14:31.227166869 -0700 +++ 2/draft-ietf-sacm-rolie-softwaredescriptor-06.txt 2019-03-27 04:14:31.263167810 -0700 @@ -1,18 +1,18 @@ SACM Working Group S. Banghart Internet-Draft D. Waltermire Intended status: InformationalNational Institute of Standards and Techno -Expires: September 27, 2019 March 26, 2019 +Expires: September 28, 2019 March 27, 2019 Definition of the ROLIE Software Descriptor Extension - draft-ietf-sacm-rolie-softwaredescriptor-05 + draft-ietf-sacm-rolie-softwaredescriptor-06 Abstract This document uses the "information-type" extension point as defined in the Resource-Oriented Lightweight Information Exchange (ROLIE) [RFC8322] Section 7.1.2 to better support Software Record and Software Inventory use cases. This specification registers a new ROLIE information-type, "software-descriptor", that allows for the categorization of information relevant to software description activities and formats. In particular, the usage of the ISO @@ -29,21 +29,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on September 27, 2019. + This Internet-Draft will expire on September 28, 2019. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -158,21 +158,21 @@ databases, attempts to provide as much data about this software as possible. Once this information is expressed, it needs to be stored and shared to internal and external parties. ROLIE provides a mechanism to handle this sharing in an automation-friendly way. 4. The "software-descriptor" information type When an "atom:category" element has a "scheme" attribute equal to - "urn:ietf:params:rolie:category:information-type", the "value" + "urn:ietf:params:rolie:category:information-type", the "term" attribute defines the information type of the associated resource. A new information type value: "software-descriptor", is described in this section, and registered in Section 8.1. The "software-descriptor" information type represents any static information that describes a piece of software. This document uses the definition of software provided by [RFC4949]. Note that as per this definition, this information type pertains to static software, that is, code on the disc. The "software-descriptor" information type is intended to provide a category for information that does one @@ -316,21 +316,21 @@ o There MUST be one "rolie:property" with the "name" attribute equal to "urn:ietf:params:rolie:property:swd:swname", and the "value" attribute equal to the value of the "" element in the attached SWID Tag. As above, this field aids ROLIE consumers in search and filtering Entries. o There MAY be a property element with the "name" attribute equal to "urn:ietf:params:rolie:property:swd:swversion". When this property appears, it's value MUST be equal to the value of the - "TODO-version" element in the attached SWID Tag. + "version" element in the attached SWID Tag. 6.2. The Concise SWID format 6.2.1. Description The Concise SWID (COSWID) format is an alternative representation of the SWID Tag format using a Concise Binary Object Representation (CBOR) encoding. This provides the format with a reduced size that is more suitable for constrained devices. It provides the same features and attributes as are specified in ISO 19770-2:2015, plus: @@ -358,33 +358,35 @@ [I-D.ietf-sacm-coswid] A "COSWID Tag Entry" MUST conform to the following requirements: o The value of the "type" attribute of the atom:content element MUST be "application/coswid+cbor". o There MUST be one "rolie:property" with the "name" attribute equal to "urn:ietf:params:rolie:property:content-id" and the "value" attribute exactly equal to the "tag-id" element in the attached - COSWID Tag. This allows for ROLIE consumers to more easily search - for COSWID tags without needing to download the tag itself. + COSWID Tag (mapped to integer 0). This allows for ROLIE consumers + to more easily search for COSWID tags without needing to download + the tag itself. o There MUST be one "rolie:property" with the "name" attribute equal to "urn:ietf:params:rolie:property:swd:swname", and the "value" attribute equal to the value of the "swid-name" element in the - attached COSWID Tag. As above, this field aids ROLIE consumers in - searching and filtering Entries. + attached COSWID Tag (mapped to the integer 1). As above, this + field aids ROLIE consumers in searching and filtering Entries. o There MAY be a property element with the "name" attribute equal to "urn:ietf:params:rolie:property:swd:swversion". When this property appears, it's value MUST be equal to the value of the - "TODO-version" element in the attached COSWID Tag. + tag-version element in the attached COSWID Tag (mapped to the + integer 12). 7. atom:link Extensions This section defines additional link relationships that implementations MUST support. These relationships are not registered in the Link Relation IANA table as their use case is too narrow. Each relationship is named and described. These relations come in related pairs. The first of each pair is expected to be more common, as they can be determined at the time @@ -580,21 +582,21 @@ - Authors' Addresses Stephen Banghart National Institute of Standards and Technology 100 Bureau Drive Gaithersburg, Maryland 20877 USA