[urn] Re: Registration for the TEI: URN identifier
Peter Saint-Andre <stpeter@stpeter.im> Sat, 07 March 2026 00:00 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: urn@mail2.ietf.org
Delivered-To: urn@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 2A6F3C5F116B for <urn@mail2.ietf.org>; Fri, 6 Mar 2026 16:00:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b="bgZijyKd"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="Ob1jlv5X"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eairq4oy6zQO for <urn@mail2.ietf.org>; Fri, 6 Mar 2026 16:00:30 -0800 (PST)
Received: from fout-b6-smtp.messagingengine.com (fout-b6-smtp.messagingengine.com [202.12.124.149]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id F3ECDC5EC74A for <urn@ietf.org>; Fri, 6 Mar 2026 15:51:42 -0800 (PST)
Received: from phl-compute-06.internal (phl-compute-06.internal [10.202.2.46]) by mailfout.stl.internal (Postfix) with ESMTP id B08F71D0018A; Fri, 6 Mar 2026 18:43:48 -0500 (EST)
Received: from phl-frontend-03 ([10.202.2.162]) by phl-compute-06.internal (MEProxy); Fri, 06 Mar 2026 18:43:48 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h=cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1772840628; x=1772927028; bh=AOOLWU9xkkjZNfi5G27f/nEyyKUP34HUjBE1vaXTBPw=; b= bgZijyKd0ebt1wMLKPec1uql6aJSx2BuTULXITVvRzNdV5UFAZf6cjvxzpyNgxjK QnSVvSQ883Y0H9zmvx7v71G73SkVPo1Fzd4sWm8JZUEkOpdtgMFGIg6s6outU/lW zPYsbUn4gQLlldjhUMD4YVEkJzcOlRGClF+7zV1pYarxlRdv/9EnebStdX5fdVKK XR90chXHVj1MtRidjWOquPF1uNecXqFlb09Ac0HKZ6wuSdCkXbMjZ6NSc8dA1YCI xtWeNS//JoM3hSJVE3/Am8pCsxcfqU5+KdzNtjlwUcABXTWg/eDWgzMeStipFVoC X9nZOTsm2Y2gZfIE1IksyQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; t=1772840628; x=1772927028; bh=A OOLWU9xkkjZNfi5G27f/nEyyKUP34HUjBE1vaXTBPw=; b=Ob1jlv5XV6tI48rmc meg/auC8h79uqfdYXt7jba/Xv0lOyYPo0F2ObnW2OlxCHWZIBiFwJAiaBlpvLZbe uJkTY9RSM/MIY3WIp8jz0AM47PLTgkHUj2wP5vzNO5Ww4OUCQhdqaZsr+6rUO6fF L5tPZW6GfbwrFQPf5AyoX0sjf/C99Knk0/1zWa0EJIPbJMYqKzkwIfhAec45OaOu YvWQeYJMBdkNYApxy06ILr3/gCwXu8IfexwqJqXEzJJT1k2AzHdsmn7qu/9Aa/pa xr2ERXbjsg0LwY0TlDD4wWantMPSDs3OFCZQwLkVQjJIJ/UAo5rGJD+VizI9ZxTK UfLfQ==
X-ME-Sender: <xms:tGarabZvPhpenNbUYtP_FtcNWhXvHCEcs11LURL07A1PsryA6ToXTg> <xme:tGaraR0MjcZsXcHFpuJV9XBHYvp8mfTKUbVKVbh41Qu3OeQRl0-Jg-wwVCoUr_U14 rOBtKRLrZ9xmudF6R4o0U4-pCNltF82J64IFY58AFI3v0wvR80kHpA>
X-ME-Received: <xmr:tGarabU-Ksga-BmVA6THe8Cz9y1XzbgDQTFJrejb2JXvhwLMExJ0w_gfg0-Wi92D>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgddvjedtieehucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucenucfjughrpefkffggfgfuvfhfhfgjtgfgsehtjeertd dtvdejnecuhfhrohhmpefrvghtvghrucfurghinhhtqdetnhgurhgvuceoshhtphgvthgv rhesshhtphgvthgvrhdrihhmqeenucggtffrrghtthgvrhhnpeevueeigeevteegleehte ejjeetgeekffegffetkeektdfhvddtueduteejieejveenucevlhhushhtvghrufhiiigv pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehsthhpvghtvghrsehsthhpvghtvghrrd himhdpnhgspghrtghpthhtohepfedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohep ohhllhgvrdgvrdhjohhhrghnshhsohhnpeegtdhofigrshhprdhorhhgsegumhgrrhgtrd hivghtfhdrohhrghdprhgtphhtthhopehurhhnsehivghtfhdrohhrghdprhgtphhtthho pehsthhpvghtvghrsehsthhpvghtvghrrdhimh
X-ME-Proxy: <xmx:tGarabXU-dvmSpKkVK3RPW50qoQwFMbyvd-vOVdUBdKepPQ4nJLELA> <xmx:tGaraaeqt5U4LYd29QfZhgrgIScPPPfockVcitA1ChOSWqBA88ahtQ> <xmx:tGaraUU0C_FEBShenb5e56Y09IglbUltfu5djxNnDYZL2QTO62KJsg> <xmx:tGaraTdJKianYi9-79Yf2-JJZ1jux9B9jBBh8nchsSsC6w6ZksXJ-g> <xmx:tGaracz_dYq3VciB55NEZZDuw4ecB113JBvSbs0TsForBUfTnaJCXJpB>
Feedback-ID: i24394279:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 6 Mar 2026 18:43:47 -0500 (EST)
Message-ID: <2f6374a6-7744-44eb-988a-2c0df7391840@stpeter.im>
Date: Fri, 06 Mar 2026 16:43:46 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Olle E Johansson <olle.e.johansson=40owasp.org@dmarc.ietf.org>, urn@ietf.org
References: <CF3E8D7B-5D45-4518-9429-9BF7F578DCCC@owasp.org>
From: Peter Saint-Andre <stpeter@stpeter.im>
In-Reply-To: <CF3E8D7B-5D45-4518-9429-9BF7F578DCCC@owasp.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Message-ID-Hash: O3KW5QAPCK63SP3X6RXGSSR7CZHHV7RW
X-Message-ID-Hash: O3KW5QAPCK63SP3X6RXGSSR7CZHHV7RW
X-MailFrom: stpeter@stpeter.im
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-urn.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [urn] Re: Registration for the TEI: URN identifier
List-Id: "Discussion about Uniform Resource Names (URNs)." <urn.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/urn/O2zEFiNiCi7XupfP4cONVTDLK8U>
List-Archive: <https://mailarchive.ietf.org/arch/browse/urn>
List-Help: <mailto:urn-request@ietf.org?subject=help>
List-Owner: <mailto:urn-owner@ietf.org>
List-Post: <mailto:urn@ietf.org>
List-Subscribe: <mailto:urn-join@ietf.org>
List-Unsubscribe: <mailto:urn-leave@ietf.org>
Hej Olle! Thanks for submitting this request for community review. Here are some comments... Under the "Registrant" section, in general we prefer role email addresses, such as registrar@owasp.org or whatever. The syntax definition is lacking in detail (e.g., ABNF would be nice). Specifically: 1. <type> - What are the allowable characters? How long can the <type> be? And, under the "Assignment" section, are the types assigned by TC54 or through some other method? Can software/product vendors create their own types? The "Assignment" section seems to hint that this is the case. 2. <domain-name> - There are always complexities with domain names. Can you reference a syntax definition from an RFC? Do you allow internationalized domain names? Etc. 3. <unique-identifier> - What exactly does this construct uniquely identify: a product, a SKU, a "software transparency artefact" (whatever that is)? Here again, what are the allowable characters, length, etc.? The fact that the syntax "is set by the type field" makes it all the more important to clarify how type fields are assigned and defined, since if that process is not well managed then the <unique-identifier> could be just about anything. Please note that, as specified in RFC 8141, URN assignment needs to be a managed process. It's not really satisfactory to say "well if you fiddle this `type` bit over here then the syntax of that `unique-identifier` bit over there could totally change and we have no idea what the end result might be". This is especially concerning if vendors can roll their own. Although the "Resolution" section says that resolution doesn't apply, the "Purpose" section indicates that TEI URNs will enable clients to discover API services via a GUI or a QR code. This talk of discovery makes it sounds to me like resolution is happening somewhere in the overall system. Could you please clarify? The "Interoperablity" section mentions encoding formats. What are these and how are they to be used in the context of the TEI system? What are the implications of these encoding formats for the syntax definitions? Note that I have not taken the time to read the TEA spec. Perhaps some of my questions are answered there. Peter On 3/3/26 4:18 AM, Olle E Johansson wrote: > Hi! > > The OWASP work with an API for automation of supply chain artefacts, like SBOMs, VEX files and other attestations, is reaching version 1 and we will start the formal standardisation work within ECMA International TC54, task group 1, which is tasked with standardisation of the Transparency Exchange API (TEA). > > In TEA, a customer will get a product identifier from the vendor, either on the outside of a package or within the product itself, to be able to discover API services and access documents for a given product and version. > > I attach a PDF and markdown version of our application. Looking forward to your feedback! > > Best regards, > /Olle > > > _______________________________________________ > urn mailing list -- urn@ietf.org > To unsubscribe send an email to urn-leave@ietf.org
- [urn] Registration for the TEI: URN identifier Olle E Johansson
- [urn] Re: Registration for the TEI: URN identifier Peter Saint-Andre
- [urn] Re: Registration for the TEI: URN identifier Olle E Johansson
- [urn] Re: Registration for the TEI: URN identifier worley
- [urn] Re: Registration for the TEI: URN identifier Olle E Johansson
- [urn] Re: Registration for the TEI: URN identifier worley
- [urn] Re: Registration for the TEI: URN identifier Olle E Johansson
- [urn] Re: Registration for the TEI: URN identifier worley
- [urn] Re: Registration for the TEI: URN identifier worley
- [urn] Re: Registration for the TEI: URN identifier Peter Saint-Andre
- [urn] Re: Registration for the TEI: URN identifier Olle E Johansson