| draft-ietf-sacm-rolie-softwaredescriptor-07.txt | draft-ietf-sacm-rolie-softwaredescriptor-08.txt | |||
|---|---|---|---|---|
| SACM Working Group S. Banghart | SACM Working Group S. Banghart | |||
| Internet-Draft D. Waltermire | Internet-Draft D. Waltermire | |||
| Intended status: Informational NIST | Intended status: Informational NIST | |||
| Expires: December 27, 2019 June 25, 2019 | Expires: January 22, 2020 July 21, 2019 | |||
| Definition of the ROLIE Software Descriptor Extension | Definition of the ROLIE Software Descriptor Extension | |||
| draft-ietf-sacm-rolie-softwaredescriptor-07 | draft-ietf-sacm-rolie-softwaredescriptor-08 | |||
| Abstract | Abstract | |||
| This document uses the "information-type" extension point as defined | This document uses the "information-type" extension point as defined | |||
| in the Resource-Oriented Lightweight Information Exchange (ROLIE) | in the Resource-Oriented Lightweight Information Exchange (ROLIE) | |||
| [RFC8322] Section 7.1.2 to better support Software Record and | [RFC8322] Section 7.1.2 to better support Software Record and | |||
| Software Inventory use cases. This specification registers a new | Software Inventory use cases. This specification registers a new | |||
| ROLIE information-type, "software-descriptor", that allows for the | ROLIE information-type, "software-descriptor", that allows for the | |||
| categorization of information relevant to software description | categorization of information relevant to software description | |||
| activities and formats. In particular, the usage of the ISO | activities and formats. In particular, the usage of the ISO | |||
| skipping to change at page 1, line 40 ¶ | skipping to change at page 1, line 40 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on December 27, 2019. | This Internet-Draft will expire on January 22, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 42 ¶ | skipping to change at page 3, line 42 ¶ | |||
| that are to be published to or retrieved from a ROLIE repository. | that are to be published to or retrieved from a ROLIE repository. | |||
| 2. Terminology | 2. Terminology | |||
| The key words "MUST," "MUST NOT," "REQUIRED," "SHALL," "SHALL NOT," | The key words "MUST," "MUST NOT," "REQUIRED," "SHALL," "SHALL NOT," | |||
| "SHOULD," "SHOULD NOT," "RECOMMENDED," "MAY," and "OPTIONAL" in this | "SHOULD," "SHOULD NOT," "RECOMMENDED," "MAY," and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| As an extension of [RFC8322], this document refers to many terms | As an extension of [RFC8322], this document refers to many terms | |||
| defined in that document. In particular, the use of "Entry" and | defined in that document. In particular, the use of "Entry" and | |||
| "Feed" are aligned with the definitions presented in section TODO of | "Feed" are aligned with the definitions presented in RFC8322. | |||
| ROLIE. | ||||
| Several places in this document refer to the "information-type" of a | Several places in this document refer to the "information-type" of a | |||
| Resource (Entry or Feed). This refers to the "term" attribute of an | Resource (Entry or Feed). This refers to the "term" attribute of an | |||
| "atom:category" element whose scheme is | "atom:category" element whose scheme is | |||
| "urn:ietf:params:rolie:category:information-type". For an Entry, | "urn:ietf:params:rolie:category:information-type". For an Entry, | |||
| this value can be inherited from it's containing Feed as per | this value can be inherited from it's containing Feed as per | |||
| [RFC8322]. | [RFC8322]. | |||
| 3. Background | 3. Background | |||
| skipping to change at page 8, line 30 ¶ | skipping to change at page 8, line 30 ¶ | |||
| typical Entry, this is derived from the information-type of the | typical Entry, this is derived from the information-type of the | |||
| Feed it is contained in. For a standalone Entry, this is provided | Feed it is contained in. For a standalone Entry, this is provided | |||
| by an "atom:category" element. | by an "atom:category" element. | |||
| o The document linked to by the "href" attribute of the | o The document linked to by the "href" attribute of the | |||
| "atom:content" element is a COSWID Tag per [I-D.ietf-sacm-coswid] | "atom:content" element is a COSWID Tag per [I-D.ietf-sacm-coswid] | |||
| A "COSWID Tag Entry" MUST conform to the following requirements: | A "COSWID Tag Entry" MUST conform to the following requirements: | |||
| o The value of the "type" attribute of the atom:content element MUST | o The value of the "type" attribute of the atom:content element MUST | |||
| be "application/coswid+cbor". | be "application/swid+cbor". | |||
| o There MUST be one "rolie:property" with the "name" attribute equal | o There MUST be one "rolie:property" with the "name" attribute equal | |||
| to "urn:ietf:params:rolie:property:content-id" and the "value" | to "urn:ietf:params:rolie:property:content-id" and the "value" | |||
| attribute exactly equal to the "tag-id" element in the attached | attribute exactly equal to the decoded "tag-id" element in the | |||
| COSWID Tag (mapped to integer 0). This allows ROLIE consumers to | attached COSWID Tag (mapped to integer 0). This allows ROLIE | |||
| more easily search for COSWID tags without needing to download the | consumers to more easily search for COSWID tags without needing to | |||
| tag itself. | download the tag itself. | |||
| o There MUST be one "rolie:property" with the "name" attribute equal | o There MUST be one "rolie:property" with the "name" attribute equal | |||
| to "urn:ietf:params:rolie:property:swd:swname", and the "value" | to "urn:ietf:params:rolie:property:swd:swname", and the "value" | |||
| attribute equal to the value of the "swid-name" element in the | attribute equal to the decoded value of the "swid-name" element in | |||
| attached COSWID Tag (mapped to the integer 1). As above, this | the attached COSWID Tag (mapped to the integer 1). As above, this | |||
| helps ROLIE consumers search and filter Entries. | helps ROLIE consumers search and filter Entries. | |||
| o There MAY be a property element with the "name" attribute equal to | o There MAY be a property element with the "name" attribute equal to | |||
| "urn:ietf:params:rolie:property:swd:swversion". When this | "urn:ietf:params:rolie:property:swd:swversion". When this | |||
| property appears, it's value MUST be equal to the value of the | property appears, it's value MUST be equal to the decoded value of | |||
| tag-version element in the attached COSWID Tag (mapped to the | the tag-version element in the attached COSWID Tag (mapped to the | |||
| integer 12). | integer 12). | |||
| 7. atom:link Extensions | 7. atom:link Extensions | |||
| This section defines additional link relationships that | This section defines additional link relationships that | |||
| implementations MUST support. These relationships are not registered | implementations MUST support. These relationships are not registered | |||
| in the Link Relation IANA table as their use case is too narrow. | in the Link Relation IANA table as their use case is too narrow. | |||
| Each relationship is named and described. | Each relationship is named and described. | |||
| +----------------------+--------------------------------------------+ | +----------------------+--------------------------------------------+ | |||
| skipping to change at page 12, line 15 ¶ | skipping to change at page 12, line 15 ¶ | |||
| Version information is often represented differently across | Version information is often represented differently across | |||
| manufacturers and even across product releases. If using software | manufacturers and even across product releases. If using software | |||
| version information for low fault tolerance comparisons and searches, | version information for low fault tolerance comparisons and searches, | |||
| care should be taken that the correct version scheme is being used. | care should be taken that the correct version scheme is being used. | |||
| 10. Normative References | 10. Normative References | |||
| [I-D.ietf-sacm-coswid] | [I-D.ietf-sacm-coswid] | |||
| Birkholz, H., Fitzgerald-McKay, J., Schmidt, C., and D. | Birkholz, H., Fitzgerald-McKay, J., Schmidt, C., and D. | |||
| Waltermire, "Concise Software Identification Tags", draft- | Waltermire, "Concise Software Identification Tags", draft- | |||
| ietf-sacm-coswid-10 (work in progress), June 2019. | ietf-sacm-coswid-11 (work in progress), June 2019. | |||
| [NISTIR8060] | [NISTIR8060] | |||
| Waltermire, D., Cheikes, B., Feldman, L., and G. Witte, | Waltermire, D., Cheikes, B., Feldman, L., and G. Witte, | |||
| "Guidelines for the Creation of Interoperable Software | "Guidelines for the Creation of Interoperable Software | |||
| Identification (SWID) Tags", NISTIR 8060, April 2016, | Identification (SWID) Tags", NISTIR 8060, April 2016, | |||
| <https://doi.org/10.6028/NIST.IR.8060>. | <https://doi.org/10.6028/NIST.IR.8060>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| End of changes. 9 change blocks. | ||||
| 15 lines changed or deleted | 14 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||