[sacm] New version of SWIMA uploaded - resolves all open issues
"Schmidt, Charles M." <cmschmidt@mitre.org> Thu, 05 January 2017 14:50 UTC
Return-Path: <cmschmidt@mitre.org>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F575129B39 for <sacm@ietfa.amsl.com>; Thu, 5 Jan 2017 06:50:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.3
X-Spam-Level:
X-Spam-Status: No, score=-7.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-3.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jjrsEVIK52_Q for <sacm@ietfa.amsl.com>; Thu, 5 Jan 2017 06:50:24 -0800 (PST)
Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) by ietfa.amsl.com (Postfix) with ESMTP id 44E8E129B35 for <sacm@ietf.org>; Thu, 5 Jan 2017 06:50:24 -0800 (PST)
Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id B95BCEBD4B3 for <sacm@ietf.org>; Thu, 5 Jan 2017 09:50:23 -0500 (EST)
Received: from imshyb01.MITRE.ORG (imshyb01.mitre.org [129.83.29.2]) by smtpvmsrv1.mitre.org (Postfix) with ESMTP id ABFB4EBD4A9 for <sacm@ietf.org>; Thu, 5 Jan 2017 09:50:23 -0500 (EST)
Received: from imshyb02.MITRE.ORG (129.83.29.3) by imshyb01.MITRE.ORG (129.83.29.2) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Thu, 5 Jan 2017 09:50:23 -0500
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (10.140.19.249) by imshyb02.MITRE.ORG (129.83.29.3) with Microsoft SMTP Server (TLS) id 15.0.1130.7 via Frontend Transport; Thu, 5 Jan 2017 09:50:23 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.onmicrosoft.com; s=selector1-mitre-org; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=vmy+B9xe3bZYxiI/6UdahtSsm5wdv5owvaSR4VAtpl4=; b=PxYxL27Hk1Ht4olMnEYSCavS2/J3JAnVW6SaLhIbHyHYZPmuxN3xacYPUUbi1akRvaY1GW0oKX2wjvAIUtcxb5lhAq/nw3m0feW9nC97GSOGoZYrPJYVupOenLzjMXr1n7bg2Rz6g9O7a1ZfDabSaSrxJw1RmLkPVnaBU4nkaRU=
Received: from CY1PR09MB0889.namprd09.prod.outlook.com (10.163.43.27) by CY1PR09MB0889.namprd09.prod.outlook.com (10.163.43.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.817.10; Thu, 5 Jan 2017 14:50:16 +0000
Received: from CY1PR09MB0889.namprd09.prod.outlook.com ([10.163.43.27]) by CY1PR09MB0889.namprd09.prod.outlook.com ([10.163.43.27]) with mapi id 15.01.0817.009; Thu, 5 Jan 2017 14:50:16 +0000
From: "Schmidt, Charles M." <cmschmidt@mitre.org>
To: "<sacm@ietf.org>" <sacm@ietf.org>
Thread-Topic: New version of SWIMA uploaded - resolves all open issues
Thread-Index: AdJnYHLibKe3IynWRVqqn4Keth2qqA==
Date: Thu, 05 Jan 2017 14:50:16 +0000
Message-ID: <CY1PR09MB0889BEBA81E08542D37C0AB8AB600@CY1PR09MB0889.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=cmschmidt@mitre.org;
x-originating-ip: [192.80.55.88]
x-ms-office365-filtering-correlation-id: 4015e88a-cff9-466d-6ab9-08d4357a29b3
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:CY1PR09MB0889;
x-microsoft-exchange-diagnostics: 1; CY1PR09MB0889; 7:VzIYxQ2OJjN62k22xYIkXxSoT29P7kdenK7Sg/sibW/78DGFzJHSSQBxDlRu3O9bPYygHm84KlCchdtrXFJ/Qf+ZwhYTPq4GlMazlgaHLj33qD/JN3t6gq1L34zQjCQ/KWpgN7df8gO4GSNTwabaFWwMS+HjOyN+N+AhM+xjhO4/uaDpY0mZsZLJsOoq+v8qmu3s7shODKvSkkVHafl1xboYicTYhqjA/PGzWz5Hq7dc2RwL0IJYBP1U0OoJ4QGWGJ5MkOdqKz1BwAWAAmEZ/Kk1E+yZlTxEzgvI6uW0kCs7XRZwvK98WgoEIwlkveB+bzmFA7Vd2jsSXM/7wGmEsUXG1aJJF4ptV6INt/wrYTx/wL82wFrDcsMKacbkswpJoAH+/+FakwBjqeI8VNz5yixstg9Oe9S/Db2GMMh8QvGZa4ZlnU3V2vojLCszV+kuoYuZQXbdCKogl50uMW3edA==
x-microsoft-antispam-prvs: <CY1PR09MB08899EE137EF94185CCF4C21AB600@CY1PR09MB0889.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(275809806118684)(211171220733660);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(6041248)(20161123555025)(20161123560025)(20161123564025)(20161123562025)(6072148); SRVR:CY1PR09MB0889; BCL:0; PCL:0; RULEID:; SRVR:CY1PR09MB0889;
x-forefront-prvs: 0178184651
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(39840400002)(39450400003)(39860400002)(39850400002)(39410400002)(199003)(53754006)(189002)(76104003)(81166006)(9686002)(6506006)(77096006)(74316002)(5660300001)(38730400001)(6436002)(55016002)(101416001)(122556002)(105586002)(107886002)(305945005)(2906002)(33656002)(50986999)(450100001)(97736004)(106356001)(54356999)(8676002)(86362001)(3660700001)(25786008)(189998001)(3280700002)(92566002)(7696004)(81156014)(99286003)(66066001)(102836003)(8936002)(7736002)(6116002)(2900100001)(68736007)(3846002)(110136003)(491001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR09MB0889; H:CY1PR09MB0889.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: mitre.org does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jan 2017 14:50:16.5677 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR09MB0889
X-OriginatorOrg: mitre.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/xMwanEVhv8AnF0Z2JTEOGzVJu2A>
Subject: [sacm] New version of SWIMA uploaded - resolves all open issues
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2017 14:50:25 -0000
Hi all, Happy 2017. To celebrate the occasion, I have prepared a new draft of the SWIMA specification. The new draft closes out all the To-Do items in the previous draft (namely, the new IANA registry for Software Data Models, and providing instructions on using 2015 and 2009 SWID tags in XML) and also addresses all open issues. The new draft is named draft-ietf-sacm-nea-swid-patnc-00, reflecting that it is a WG draft. This draft has been uploaded both to the SACM portal and to GitHub. With regard to said open issues: Issue #1: Identification of data sources - There is a new section 3.1 that introduces Information Source, a new section 3.4.5 that describes how Information Sources are captured when reporting records, and then all attributes that deliver records have new fields that are used for indicating the data source of each record. Issue #3: Include installation location - There is a new section 3.4.4 that describes how software location information is captured when reporting records, and all attributes that deliver records have new fields used to indicate the software location. Issue #4: Support of user/vendor-defined data models - The data model is now indicated with a combination of PEN and data model type identifier. (Previously it was just a data model type identifier). Each vendor can use their PEN to define their own namespace of data model type identifier values. The spec also reserves all values greater than or equal to 192 in the IANA PEN (0) as definable by the local enterprise. There is a new section 3.2 that discusses data models in more detail, a new section 3.4.2 that describes how data model information is captured in records, and all attributes have been updated with new fields to capture this. In addition, section 9.4 has been filled in and describes the IANA registry for Software Data Models. Issue #5: Clarify that SWIMA servers (specifically SW-PVs) MUST accept all data models - This is included in section 3.2 Issue #6: MTI Data Models - Also addressed in section 3.2. Requirement is to support (i.e., be able to generate Software Identifiers for) the formats specified in section 5 of the spec. Currently, those are SWID 2015 in XML and SWID 2009 in XML. We can add others for which there is interest. (COSWID anyone?) Please check out these new sections and let me know what you think. I'm interested in whether people agree that these actually resolve the open issues adequately. Thanks, Charles
- [sacm] New version of SWIMA uploaded - resolves a… Schmidt, Charles M.