[sacm] ROLIE Descriptor review
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Wed, 20 November 2019 20:06 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63C0812008D for <sacm@ietfa.amsl.com>; Wed, 20 Nov 2019 12:06:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F5qUF1LA5sAZ for <sacm@ietfa.amsl.com>; Wed, 20 Nov 2019 12:06:40 -0800 (PST)
Received: from mail-ot1-x32a.google.com (mail-ot1-x32a.google.com [IPv6:2607:f8b0:4864:20::32a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D74E11200B4 for <sacm@ietf.org>; Wed, 20 Nov 2019 12:06:39 -0800 (PST)
Received: by mail-ot1-x32a.google.com with SMTP id c14so767691oth.2 for <sacm@ietf.org>; Wed, 20 Nov 2019 12:06:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=L9JsRayxbQJPGu+Z+HqM4pXc5zt16zLYyaEnuR1gPIM=; b=DCoci9SZy1SHBdKOxdj8JKISppN90sKouch8lrmOKm0ZvRvYFh899bLuSn2pDHVWtC 4x20vZCaVvzKQDwc3ZdxcxRXfXjLtR4eHCCPWMm5dljz1kgXBeuds96BLa7thhu2F799 RQIwEUhVKGoeuCOgLBbzoI9gtbeI/BNxC/RCLWOSGGnVIkh5+UjLzFzu/YbhSA2pa2YI cwNCEUhfl9DFaFirUrzo/1z4SIfHYzIOxCQ7BOnRybxhe8nsvYVQNCoL+bYfcUaS5NTH fUAXUMhTjNUNlGEOet+l9763e6hlmbRoYhbnJw/aW/946wC5R3QG1rAkFta/tgyugY9f qXBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=L9JsRayxbQJPGu+Z+HqM4pXc5zt16zLYyaEnuR1gPIM=; b=FKT9V4diQamX1PknJhd8egSP5wmtdCYmkdwUsymkPI8uKBNcBHbNvO6xKZHUDayyA3 JnfK+FpcS75qtwBt54MantIAYfQ9GyliPXzPJR5z7Ux2177N/mPtwlJ9iAf+K76/qo7J 7SHEMGzB/qdMVS/sfcxwcNhugONp/9t+MX7c3NCP8REHboE9obSV97qCo0gCGobgCh3g 1/IQN0w8a/skxkyU1qHNZdsCYIKCQpBVssFoWXuYbtDk+aur8fULuDVmEe4wKprIJbr6 24pPSTZ42OexaosZEqY8dxAM4fu21D4gY/HA8RTAboOaotE72O+SuBf1ijrHapt1q7Ic eynw==
X-Gm-Message-State: APjAAAVS7w+8NbYPcXNftWQEFzDy647gKIHZ0k2f0Lrw8MEPDuWQgXpq sD32BMK3Bhp1KgagPq7hdt7ddxqSI72DakaqbbL2Pn+73tQ=
X-Google-Smtp-Source: APXvYqwwvaNNucAdZgFrmHZhL8PWdxz1ZmS2e4A8fWFUQG+fUKmC64ldNL3E2b2PdbSrFirO0ULKDXn2fMc0hazSR8U=
X-Received: by 2002:a9d:6841:: with SMTP id c1mr3508311oto.224.1574280398870; Wed, 20 Nov 2019 12:06:38 -0800 (PST)
MIME-Version: 1.0
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Wed, 20 Nov 2019 15:06:02 -0500
Message-ID: <CAHbuEH5qBdsYRoBDOSDGJeDdj2bNO7xFYp4pyzqfzdCH2B2xPg@mail.gmail.com>
To: "<sacm@ietf.org>" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f39dac0597ccb75b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/fOrvE8DyVOVJ12bMhfJ4FSKwIFI>
Subject: [sacm] ROLIE Descriptor review
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2019 20:06:41 -0000
Hi Stephen, Dave, and SACM, Thanks for all of your work on this draft. It's well written and easy to follow. I just have a few clarifying comments (that could turn into some more work - but I'm happy to help). In the descriptor description, there's a nit: s/defines an descendent/defines a descendent/ For the "patchedby", it seems confusing to allow this to represent patches that have been applied and ones that can be applied. Can that be separated out into 2 link relationships or is there a reason they are combined? Since the link descriptors are not in a registry, anyone could define additional ones for their own use, is that correct? If not, I want to think about this list more and may have an addition or two (not many, but I need to think a little). In the registry, SWID and CoSWID are not specifically called out. Wouldn't it be helpful to set that as part of this spec to have it retrievable in a consistent pattern? It seems like implementations can vary in lots of ways from what is listed in section 8 to the properties about software in the ATOM link descriptors in the earlier section. I was expecting something more prescriptive, but would be very interested to hear why it's not that way in the document or if there are plans for that? Here are some specific questions on the registry: Is 8.1 supposed to contain a SWID or CoSWID? If so, clarifying would be helpful to avoid misinterpretation. Is the signature included here or not? What is the representation? For 8.2 - is the name supposed to follow a common format, perhaps the name used in a SWID or CoSWID? 8.3 - Is there a preferred or required format to represent the version? It would make things easier if there were I would think 8.4 - Is there a format preference or requirement for the creator? Are you defined objects here all in the SWID and CoSWID or might some be properties carried as additional claims in a CWT if that were used with a CoSWID? Thank you!! -- Best regards, Kathleen
- [sacm] ROLIE Descriptor review Kathleen Moriarty