The IESG has approved the following document: - 'Concise Software Identification Tags' (draft-ietf-sacm-coswid-22.txt) as Proposed Standard
This document is the product of the Security Automation and Continuous Monitoring Working Group. The IESG contact persons are Paul Wouters and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-sacm-coswid/ Technical Summary ISO/IEC 19770-2:2015 Software Identification (SWID) tags provide an extensible XML-based structure to identify and describe individual software components, patches, and installation bundles. SWID tag representations can be too large for devices with network and storage constraints. This document defines a concise representation of SWID tags: Concise SWID (CoSWID) tags. CoSWID supports a similar set of semantics and features as SWID tags, as well as new semantics that allow CoSWIDs to describe additional types of information, all in a more memory efficient format. Working Group Summary The only controversy was related to the document signing defined in CoSWID and if that should be using a JWT/CWT compatible signature or the one defined in the standard. Document Quality This document has been reviewed by the WG and changes were made in response to AD and directorate reviews during IETF LC. There are dependencies (and review from) the RATS WG. Maturation was also coordinated with ISO (working on SWID) through a WG participant. Personnel * Document Shepherd: Chris Inacio * Responsible AD: Roman Danyliw _______________________________________________ IETF-Announce mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-announce
