IETF Logo Mail Archive

Re: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc as a SACM WG document

Michael Godsey <mgodsey@microsoft.com> Wed, 18 May 2016 15:23 UTC

Return-Path: <mgodsey@microsoft.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9292712D0F9 for <sacm@ietfa.amsl.com>; Wed, 18 May 2016 08:23:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.003
X-Spam-Level:
X-Spam-Status: No, score=-2.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xp6mK0cCvozb for <sacm@ietfa.amsl.com>; Wed, 18 May 2016 08:23:33 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0146.outbound.protection.outlook.com [65.55.169.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1192412B05F for <sacm@ietf.org>; Wed, 18 May 2016 08:23:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=qWC2v3bNVab0xq66GZoMiKgCap9rvFeOE5jmrl7WJuo=; b=bYBd6Zge+SgB17y0H2omayRqsq0+W5l9to8Bi4uXZsWQySD+PmkGvbdhvv99QBBwTFIXbQ/oqWDr5gnFCWAvc9vvojwWWL7vRJuv2+rZ2Ihw7BFyl/kmLLYokySN1hTYpMJCzWIPJtFe4XVh+1d7/VG8AyOfnZ8X9o2fWzXbpnQ=
Received: from BN1PR03MB123.namprd03.prod.outlook.com (10.255.201.27) by BN1PR03MB122.namprd03.prod.outlook.com (10.255.201.19) with Microsoft SMTP Server (TLS) id 15.1.497.12; Wed, 18 May 2016 15:23:30 +0000
Received: from BN1PR03MB123.namprd03.prod.outlook.com ([169.254.11.56]) by BN1PR03MB123.namprd03.prod.outlook.com ([169.254.11.56]) with mapi id 15.01.0497.019; Wed, 18 May 2016 15:23:30 +0000
From: Michael Godsey <mgodsey@microsoft.com>
To: Jerome Athias <athiasjerome@gmail.com>, Tony Rutkowski <tony@yaanatech.com>
Thread-Topic: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc as a SACM WG document
Thread-Index: AQHRsIRJYgDnjWKISkyXny5miMOOyp+909wwgADujACAAAf/gIAAA+JA
Date: Wed, 18 May 2016 15:23:29 +0000
Message-ID: <BN1PR03MB1236FEF6EE3127323F9294AAF490@BN1PR03MB123.namprd03.prod.outlook.com>
References: <17198AFF-DF5A-46BC-B84A-2AAF1717BD90@isoc.org> <e8798c66-2ac8-7b24-4ab3-d28b4868c94a@yaanatech.com> <BN1PR03MB1231A9F5A4EE487623E5C82AF490@BN1PR03MB123.namprd03.prod.outlook.com> <0aa7684f-5a47-c00a-4b5b-e19484dd718a@yaanatech.com> <CAA=AuEfepDpmQF7TOLe2nvkgEPU9LD49Fc8bSvUCW+F_6yYy5A@mail.gmail.com>
In-Reply-To: <CAA=AuEfepDpmQF7TOLe2nvkgEPU9LD49Fc8bSvUCW+F_6yYy5A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [131.107.159.195]
x-ms-office365-filtering-correlation-id: 54b7b06d-f557-4ddf-c741-08d37f305dec
x-microsoft-exchange-diagnostics: 1; BN1PR03MB122; 5:VGJWPA2gjEXDtTPvI6y2+Z1/BzUpGWiLlJ7m3HyF9vRbQtBnHVMpMKabOpWLbGbhYq4b0SFGThMhaZtETVnVh9lUkW3UC/S1MXVzutyAjMn70+ieYBa1Y7RrhElayH4JSwvtq4oU6zKgrWhRk+pQfA==; 24:HoPUKU3eUxWh+9ka9emafqYc1rKRZxsDLr+pfScdxVgg2AIA4FaPx9IlDMSJ2i7l0GDKLSIgJ+YRpRGHfa+4T4SryjSnfuLyTgjYIeF+cr0=; 7:MK3M86LXculHCefsiLdDv2lZJrPqevoiOHF/wkWH8aeoqDH5W89iP6tweeSJ9igBlgQ/iuAqDuMuAFuWtAEuCXwFPz3SvXAVot3Y+Z4/mlaPxT4Nl4Lq262OSkpJsbXu57igi5P+5YQiu35M8P8Wzfa4pn+/5BEBnxQejJD2jrN8NAP+rZylVd1NkEUTelvgWiJV7eCUHVoDi6YLHnULmA==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1PR03MB122;
x-o365ent-eop-header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
x-microsoft-antispam-prvs: <BN1PR03MB122F7E2A78B53177F0561DFAF490@BN1PR03MB122.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(61426038)(61427038); SRVR:BN1PR03MB122; BCL:0; PCL:0; RULEID:; SRVR:BN1PR03MB122;
x-forefront-prvs: 0946DC87A1
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(377454003)(24454002)(13464003)(377424004)(99286002)(33656002)(15395725005)(76576001)(6116002)(102836003)(5008740100001)(8676002)(86362001)(81166006)(5001770100001)(5003600100002)(2900100001)(586003)(122556002)(76176999)(2950100001)(5002640100001)(66066001)(15975445007)(54356999)(1220700001)(4326007)(50986999)(3660700001)(106116001)(1720100001)(9686002)(74316001)(86612001)(3280700002)(93886004)(2906002)(92566002)(5004730100002)(10290500002)(87936001)(189998001)(11100500001)(5005710100001)(10400500002)(230783001)(19580395003)(8936002)(19580405001)(7059030); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR03MB122; H:BN1PR03MB123.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 May 2016 15:23:29.5180 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR03MB122
Archived-At: <http://mailarchive.ietf.org/arch/msg/sacm/cYlFvkbUdqnPoSaWjSn_Ke7qDW0>
Cc: "sacm@ietf.org" <sacm@ietf.org>, Karen O'Donoghue <odonoghue@isoc.org>
Subject: Re: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc as a SACM WG document
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 May 2016 15:23:35 -0000

The current version of the 19770-2:2015 schema can always be found here (note difference from below):  
 http://standards.iso.org/iso/19770/-2/2015-current/schema.xsd 

The schema must be published along with and at the time of the standard, thus a "point in time" version is in the 19770/-2/2015/ directory.   The previous as-published version is in the 19770/-2/2009 directory structure as well.   However, the "up to date" version of the 2015 edition of the standard is always at the link above, the 19770/-2/2015-current/ directory. 

RE the NIST IR:  
A few weeks ago NIST hosted a workshop on SWID adoption (which I attended, along with other software publishers, some end customers, and reps from various US Govt agencies).  We mainly reviewed the final draft version (released April 2016)  of NISTIR 8060 – Guidelines for the Creation of Interoperable Software Identification (SWID) Tags.   
•	This NIST IR (plus related reference info) can be found on their portal at: http://csrc.nist.gov/publications/PubsNISTIRs.html 
•	Or here is a direct link to the NIST IR 8060 itself:  http://dx.doi.org/10.6028/NIST.IR.8060  

This is a really good reference which includes sections giving an overview of SWID Tags, the SWID Tag structure, and some implementation guidance for Tag creators.   I think this would be a good reference to include, as it is available without any paywall.   

Also in the TagVault board meeting yesterday we discussed the need to provide some help/guidance for adoption of SWID tags, similar to the NISTIR 8060, which being a US document is not appealing to all countries.   We decided to create a reference implementation guide which would come out of TagVault and be available to anyone.   I am guessing this should be available in maybe 3-4 months.  


-----Original Message-----
From: Jerome Athias [mailto:athiasjerome@gmail.com] 
Sent: Wednesday, May 18, 2016 7:58 AM
To: Tony Rutkowski <tony@yaanatech.com>
Cc: Michael Godsey <mgodsey@microsoft.com>; Karen O'Donoghue <odonoghue@isoc.org>; sacm@ietf.org
Subject: Re: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc as a SACM WG document

Maybe a misread and difference between the Specification and the XML Schema in 2.1.
"The SWID specification is available from ISO/IEC at http://www.iso.org/iso/catalogue_detail.htm?csnumber=53670.
The XML schema for a SWID tag file is available from ISO:
http://standards.iso.org/iso/19770/-2/2009/schema.xsd.
The most current working and production versions of the XML schema for SWID tags can be found in the directory listing http://standards.iso.org/iso/19770/-2/.
The US National Institute of Standards and Technology (NIST) also has published guidelines for
   SWID tag creation, which provide further guidance for those
   interested in the use and best practices surrounding SWID tags.
   [NIST-SWID]"





2016-05-18 17:29 GMT+03:00 Tony Rutkowski <tony@yaanatech.com>:
> For those unfamiliar with this topic, there is a fairly good 
> explanation of why the old
> 2009 version was significantly flawed and revised at:
> http://tagvault.org/2015/06/11/isoiec-19770-2-revision-moving-to-publi
> cation/
>
> --tony
>
> ps. Still waiting for someone to request ISO to make the specification 
> publicly available without coughing up CHF 178.  It's not that 
> difficult, and has been widely done for important specifications.  It 
> is also generally required for standards that are imposed as normative 
> requirements by government.
>
>
> On 2016-05-17 8:18 PM, Michael Godsey wrote:
>
> I echo the concern and question.   If this points to the 2009 version, it
> needs to be updated.  Not only did we put a ton of work into revising 
> the -2 standard for 2015, but this also obsoletes the 2009 version.  
> As noted the NISTIR 8060 was based entirely on the 19770-2:2015 
> version, leveraging the many changes implemented for better 
> instrumentation and fidelity of tag data, tag relationships, etc.
>
>
>
> From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Tony Rutkowski
> Sent: Tuesday, May 17, 2016 2:37 PM
> To: Karen O'Donoghue <odonoghue@isoc.org>; sacm@ietf.org
> Subject: Re: [sacm] Call for adoption of 
> draft-coffin-sacm-nea-swid-patnc as a SACM WG document
>
>
>
> Remind us again why this ID references the 2009 version of ISO/IEC 
> 19770-2, when there a 2015 apparently significantly different version 
> has been adopted and is referenced in the NISTIR 8060 as the basis for 
> implementations?
>
> It's interesting that the 2015 version for the GUID data element 
> references 19770-5.  It's great to see it's apparently now publicly 
> available at 
> https://www.iso.org/obp/ui/#iso:std:iso-iec:19770:-5:ed-2:v1:en
>
> The version question seem rather significant for progressing the 
> working group document.  Was there some discussion somewhere?
>
> --tony
>
> On 2016-05-17 12:21 PM, Karen O'Donoghue wrote:
>
> Folks,
>
>
>
> As discussed during our last couple of meetings, this is the official 
> call for adoption of 
> https://datatracker.ietf.org/doc/draft-coffin-sacm-nea-swid-patnc/ as 
> a SACM working group document.
>
>
>
> Please reply with any comments or concerns along your support of this 
> action to the mailing list.
>
>
>
> Thanks,
>
> Karen and Adam
>
>
>
>
> _______________________________________________
>
> sacm mailing list
>
> sacm@ietf.org
>
> https://www.ietf.org/mailman/listinfo/sacm
>
>
>
>
> --
>
> ________________________________
>
> Anthony Michael Rutkowski
>
> EVP, Industry Standards & Regulatory Affairs
>
> tony@yaanatech.com
>
> +1 703 999 8270
>
> ________________________________
>
> Yaana Technologies LLC
>
> 542 Gibraltar Drive
>
> Milpitas CA 95035 USA
>
>
> _______________________________________________
> sacm mailing list
> sacm@ietf.org
> https://www.ietf.org/mailman/listinfo/sacm
>

v2.23.0 | Report a Bug | By Email