Update CoSWID templates and schema to comply with RFC 9393 #25
Conversation
Signed-off-by: Priyanshu Thapliyal <[email protected]>
Signed-off-by: Priyanshu Thapliyal <[email protected]>
Priyanshuthapliyal2005
force-pushed
the
coswidtemplate
branch
from
4c4a0d2 to
c373684
Compare
| - **entity (Array, optional):** An array of organizations or roles involved in the software's lifecycle. | ||
| - **link (Array, optional):** References to related resources or manifests. | ||
|
|
||
| ## Key Components |
There was a problem hiding this comment.
The term "key components" is overloaded and hard to disambiguate which you mean. Do you mean to provide an incomplete description of what you think are "key" (important) components? Do you mean to provide the full drill-down of the substructure of the top-level fields?
If it's the former, that is a lot to do in one PR, and if it's the latter, I would think you'd need to reference an issue to fill in the remaining fields.
| ### Validity | ||
| - **Type:** Object | ||
| - **Fields:** | ||
| - **not-before:** The earliest valid timestamp for using this CoSWID. | ||
| - **not-after:** The expiry timestamp after which the CoSWID is invalid. | ||
|
|
||
| ### Entity | ||
| - **Type:** Array of Objects | ||
| - **Purpose:** Identifies the organizations or individuals related to the software. | ||
| - **Fields:** | ||
| - **entity-name:** Human-readable name of the entity. | ||
| - **reg-id:** A registration/domain identifier (e.g., https://example.com). | ||
| - **role:** Array of roles (e.g., [ "tag-creator" ]). | ||
|
|
||
| ### Link |
There was a problem hiding this comment.
Any reason you chose to not give a complete example for these?
| - **Always use UUIDs for tag-id to ensure uniqueness across different systems.** | ||
|
|
||
| ### Regular Updates | ||
| - **Keep the CoSWID files updated with the latest software versions and metadata.** |
There was a problem hiding this comment.
| - **Keep the CoSWID files updated with the latest software versions and metadata.** | |
| - **Keep the CoSWID files updated with the latest software versions and metadata (e.g., by generating the CoSWID at build time).** |
There was a problem hiding this comment.
This is too big to add without a test. Please add unit tests that your examples all satisfy the schema. I would much prefer validating against the CDDL that is directly from RFC9393, since CDDL works for both CBOR and JSON objects. See examples of CDDL validation in cddl_check_template https://github.com/ietf-rats-wg/draft-ietf-rats-corim/blob/main/cddl/Makefile
…lidation Signed-off-by: Priyanshu Thapliyal <[email protected]>
Priyanshuthapliyal2005
force-pushed
the
coswidtemplate
branch
3 times, most recently
from
9afb2e4 to
2a6b379
Compare
…orts Signed-off-by: Priyanshu Thapliyal <[email protected]>
…nterface Signed-off-by: Priyanshu Thapliyal <[email protected]>
Signed-off-by: Priyanshu Thapliyal <[email protected]>
…e cmd/mocks Signed-off-by: Priyanshu Thapliyal <[email protected]>
Signed-off-by: Priyanshu Thapliyal <[email protected]>
Signed-off-by: Priyanshu Thapliyal <[email protected]>
Signed-off-by: Priyanshu Thapliyal <[email protected]>
Priyanshuthapliyal2005
force-pushed
the
coswidtemplate
branch
from
2a6b379 to
09688b2
Compare
… directory walking error reporting in coswidDisplay Signed-off-by: Priyanshu Thapliyal <[email protected]>
…ity structure Signed-off-by: Priyanshu Thapliyal <[email protected]>
…splay, and validation functionalities Signed-off-by: Priyanshu Thapliyal <[email protected]>
|
@deeglaze @thomas-fossati Could you please review the current structure of the files and directories in this pr? The subcommands, unit tests, and documentation are still a work in progress, but I would appreciate your thoughts on the overall setup so far. |
If you want feedback on a setup, I'd say first create an issue that describes the problem you're trying to solve so we can discuss design in the issue. This PR is simply too big and full of uncommittable test code to adequately review. |
I am thinking of breaking this PR into new PRs for their respective issues #28, #27, #26, and #29. Should I do that? |
Pull Request Description
This PR introduces the following changes to the CoSWID templates and schema to ensure compliance with RFC 9393:
Added coswid-meta-mini.json:
Added entity-name and role fields to match the entity-entry map structure.
Added coswid-meta-full.json:
Added entity-name, reg-id, role, and thumbprint fields to match the entity-entry map structure.
Retained the validity field for metadata.
Added coswid-example.json:
Added tag-id, tag-version, software-name, profile, validity, and entity fields to match the concise-swid-tag map structure.
Added coswid-full.json:
Added tag-id, tag-version, software-name, profile, validity, entity, and link fields to match the concise-swid-tag map structure.
Added coswid-schema.json:
Added properties for tag-id, tag-version, corpus, patch, supplemental, software-name, software-version, version-scheme, media, software-meta, entity, link, payload, and evidence to match the concise-swid-tag map structure.
Ensured the schema conforms to the CDDL specification provided in RFC 9393.
fix #19