draft-ietf-sacm-rolie-softwaredescriptor-07.txt   draft-ietf-sacm-rolie-softwaredescriptor-08.txt 
SACM Working Group S. Banghart SACM Working Group S. Banghart
Internet-Draft D. Waltermire Internet-Draft D. Waltermire
Intended status: Informational NIST Intended status: Informational NIST
Expires: December 27, 2019 June 25, 2019 Expires: January 22, 2020 July 21, 2019
Definition of the ROLIE Software Descriptor Extension Definition of the ROLIE Software Descriptor Extension
draft-ietf-sacm-rolie-softwaredescriptor-07 draft-ietf-sacm-rolie-softwaredescriptor-08
Abstract Abstract
This document uses the "information-type" extension point as defined This document uses the "information-type" extension point as defined
in the Resource-Oriented Lightweight Information Exchange (ROLIE) in the Resource-Oriented Lightweight Information Exchange (ROLIE)
[RFC8322] Section 7.1.2 to better support Software Record and [RFC8322] Section 7.1.2 to better support Software Record and
Software Inventory use cases. This specification registers a new Software Inventory use cases. This specification registers a new
ROLIE information-type, "software-descriptor", that allows for the ROLIE information-type, "software-descriptor", that allows for the
categorization of information relevant to software description categorization of information relevant to software description
activities and formats. In particular, the usage of the ISO activities and formats. In particular, the usage of the ISO
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 27, 2019. This Internet-Draft will expire on January 22, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 42 skipping to change at page 3, line 42
that are to be published to or retrieved from a ROLIE repository. that are to be published to or retrieved from a ROLIE repository.
2. Terminology 2. Terminology
The key words "MUST," "MUST NOT," "REQUIRED," "SHALL," "SHALL NOT," The key words "MUST," "MUST NOT," "REQUIRED," "SHALL," "SHALL NOT,"
"SHOULD," "SHOULD NOT," "RECOMMENDED," "MAY," and "OPTIONAL" in this "SHOULD," "SHOULD NOT," "RECOMMENDED," "MAY," and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
As an extension of [RFC8322], this document refers to many terms As an extension of [RFC8322], this document refers to many terms
defined in that document. In particular, the use of "Entry" and defined in that document. In particular, the use of "Entry" and
"Feed" are aligned with the definitions presented in section TODO of "Feed" are aligned with the definitions presented in RFC8322.
ROLIE.
Several places in this document refer to the "information-type" of a Several places in this document refer to the "information-type" of a
Resource (Entry or Feed). This refers to the "term" attribute of an Resource (Entry or Feed). This refers to the "term" attribute of an
"atom:category" element whose scheme is "atom:category" element whose scheme is
"urn:ietf:params:rolie:category:information-type". For an Entry, "urn:ietf:params:rolie:category:information-type". For an Entry,
this value can be inherited from it's containing Feed as per this value can be inherited from it's containing Feed as per
[RFC8322]. [RFC8322].
3. Background 3. Background
skipping to change at page 8, line 30 skipping to change at page 8, line 30
typical Entry, this is derived from the information-type of the typical Entry, this is derived from the information-type of the
Feed it is contained in. For a standalone Entry, this is provided Feed it is contained in. For a standalone Entry, this is provided
by an "atom:category" element. by an "atom:category" element.
o The document linked to by the "href" attribute of the o The document linked to by the "href" attribute of the
"atom:content" element is a COSWID Tag per [I-D.ietf-sacm-coswid] "atom:content" element is a COSWID Tag per [I-D.ietf-sacm-coswid]
A "COSWID Tag Entry" MUST conform to the following requirements: A "COSWID Tag Entry" MUST conform to the following requirements:
o The value of the "type" attribute of the atom:content element MUST o The value of the "type" attribute of the atom:content element MUST
be "application/coswid+cbor". be "application/swid+cbor".
o There MUST be one "rolie:property" with the "name" attribute equal o There MUST be one "rolie:property" with the "name" attribute equal
to "urn:ietf:params:rolie:property:content-id" and the "value" to "urn:ietf:params:rolie:property:content-id" and the "value"
attribute exactly equal to the "tag-id" element in the attached attribute exactly equal to the decoded "tag-id" element in the
COSWID Tag (mapped to integer 0). This allows ROLIE consumers to attached COSWID Tag (mapped to integer 0). This allows ROLIE
more easily search for COSWID tags without needing to download the consumers to more easily search for COSWID tags without needing to
tag itself. download the tag itself.
o There MUST be one "rolie:property" with the "name" attribute equal o There MUST be one "rolie:property" with the "name" attribute equal
to "urn:ietf:params:rolie:property:swd:swname", and the "value" to "urn:ietf:params:rolie:property:swd:swname", and the "value"
attribute equal to the value of the "swid-name" element in the attribute equal to the decoded value of the "swid-name" element in
attached COSWID Tag (mapped to the integer 1). As above, this the attached COSWID Tag (mapped to the integer 1). As above, this
helps ROLIE consumers search and filter Entries. helps ROLIE consumers search and filter Entries.
o There MAY be a property element with the "name" attribute equal to o There MAY be a property element with the "name" attribute equal to
"urn:ietf:params:rolie:property:swd:swversion". When this "urn:ietf:params:rolie:property:swd:swversion". When this
property appears, it's value MUST be equal to the value of the property appears, it's value MUST be equal to the decoded value of
tag-version element in the attached COSWID Tag (mapped to the the tag-version element in the attached COSWID Tag (mapped to the
integer 12). integer 12).
7. atom:link Extensions 7. atom:link Extensions
This section defines additional link relationships that This section defines additional link relationships that
implementations MUST support. These relationships are not registered implementations MUST support. These relationships are not registered
in the Link Relation IANA table as their use case is too narrow. in the Link Relation IANA table as their use case is too narrow.
Each relationship is named and described. Each relationship is named and described.
+----------------------+--------------------------------------------+ +----------------------+--------------------------------------------+
skipping to change at page 12, line 15 skipping to change at page 12, line 15
Version information is often represented differently across Version information is often represented differently across
manufacturers and even across product releases. If using software manufacturers and even across product releases. If using software
version information for low fault tolerance comparisons and searches, version information for low fault tolerance comparisons and searches,
care should be taken that the correct version scheme is being used. care should be taken that the correct version scheme is being used.
10. Normative References 10. Normative References
[I-D.ietf-sacm-coswid] [I-D.ietf-sacm-coswid]
Birkholz, H., Fitzgerald-McKay, J., Schmidt, C., and D. Birkholz, H., Fitzgerald-McKay, J., Schmidt, C., and D.
Waltermire, "Concise Software Identification Tags", draft- Waltermire, "Concise Software Identification Tags", draft-
ietf-sacm-coswid-10 (work in progress), June 2019. ietf-sacm-coswid-11 (work in progress), June 2019.
[NISTIR8060] [NISTIR8060]
Waltermire, D., Cheikes, B., Feldman, L., and G. Witte, Waltermire, D., Cheikes, B., Feldman, L., and G. Witte,
"Guidelines for the Creation of Interoperable Software "Guidelines for the Creation of Interoperable Software
Identification (SWID) Tags", NISTIR 8060, April 2016, Identification (SWID) Tags", NISTIR 8060, April 2016,
<https://doi.org/10.6028/NIST.IR.8060>. <https://doi.org/10.6028/NIST.IR.8060>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
 End of changes. 9 change blocks. 
15 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/