Concise Software Identification Tags
draft-ietf-sacm-coswid-17
| Document | Type | Active Internet-Draft (sacm WG) | |
|---|---|---|---|
| Authors | Henk Birkholz , Jessica Fitzgerald-McKay , Charles Schmidt , David Waltermire | ||
| Last updated | 2021-02-22 | ||
| Replaces | draft-birkholz-sacm-coswid | ||
| Stream | IETF | ||
| Intended RFC status | Proposed Standard | ||
| Formats | plain text html xml pdf htmlized (tools) htmlized bibtex | ||
| Stream | WG state | Submitted to IESG for Publication (wg milestone: Jun 2019 - WGLC CoSWID... ) | |
| Document shepherd | Christopher Inacio | ||
| Shepherd write-up | Show (last changed 2020-07-27) | ||
| IESG | IESG state | AD Evaluation::AD Followup | |
| Action Holders |
(None)
|
||
| Consensus Boilerplate | Yes | ||
| Telechat date | |||
| Responsible AD | Roman Danyliw | ||
| Send notices to | Christopher Inacio <inacio@cert.org>, Karen O'Donoghue <odonoghue@isoc.org> | ||
SACM Working Group H. Birkholz
Internet-Draft Fraunhofer SIT
Intended status: Standards Track J. Fitzgerald-McKay
Expires: 26 August 2021 National Security Agency
C. Schmidt
The MITRE Corporation
D. Waltermire
NIST
22 February 2021
Concise Software Identification Tags
draft-ietf-sacm-coswid-17
Abstract
ISO/IEC 19770-2:2015 Software Identification (SWID) tags provide an
extensible XML-based structure to identify and describe individual
software components, patches, and installation bundles. SWID tag
representations can be too large for devices with network and storage
constraints. This document defines a concise representation of SWID
tags: Concise SWID (CoSWID) tags. CoSWID supports a similar set of
semantics and features as SWID tags, as well as new semantics that
allow CoSWIDs to describe additional types of information, all in a
more memory efficient format.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 26 August 2021.
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved.
Birkholz, et al. Expires 26 August 2021 [Page 1]
Internet-Draft CoSWID February 2021
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. The SWID and CoSWID Tag Lifecycle . . . . . . . . . . . . 5
1.2. Concise SWID Format . . . . . . . . . . . . . . . . . . . 8
1.3. Requirements Notation . . . . . . . . . . . . . . . . . . 8
2. Concise SWID Data Definition . . . . . . . . . . . . . . . . 8
2.1. Character Encoding . . . . . . . . . . . . . . . . . . . 10
2.2. Concise SWID Extensions . . . . . . . . . . . . . . . . . 10
2.3. The concise-swid-tag Map . . . . . . . . . . . . . . . . 12
2.4. concise-swid-tag Co-Constraints . . . . . . . . . . . . . 16
2.5. The global-attributes Group . . . . . . . . . . . . . . . 17
2.6. The entity-entry Map . . . . . . . . . . . . . . . . . . 18
2.7. The link-entry Map . . . . . . . . . . . . . . . . . . . 19
2.8. The software-meta-entry Map . . . . . . . . . . . . . . . 23
2.9. The Resource Collection Definition . . . . . . . . . . . 27
2.9.1. The hash-entry Array . . . . . . . . . . . . . . . . 27
2.9.2. The resource-collection Group . . . . . . . . . . . . 27
2.9.3. The payload-entry Map . . . . . . . . . . . . . . . . 31
2.9.4. The evidence-entry Map . . . . . . . . . . . . . . . 31
2.10. Full CDDL Specification . . . . . . . . . . . . . . . . . 32
3. Determining the Type of CoSWID . . . . . . . . . . . . . . . 38
4. CoSWID Indexed Label Values . . . . . . . . . . . . . . . . . 38
4.1. Version Scheme . . . . . . . . . . . . . . . . . . . . . 39
4.2. Entity Role Values . . . . . . . . . . . . . . . . . . . 40
4.3. Link Ownership Values . . . . . . . . . . . . . . . . . . 42
4.4. Link Rel Values . . . . . . . . . . . . . . . . . . . . . 43
4.5. Link Use Values . . . . . . . . . . . . . . . . . . . . . 45
5. URI Schemes . . . . . . . . . . . . . . . . . . . . . . . . . 45
5.1. "swid" URI Scheme Specification . . . . . . . . . . . . . 46
Show full document text