A number of comments as a contributor: * The tree diagram doesn't reference RFC8340 (see RFC8407 Section 3.4)
* The description of the transparency-extension grouping is a tautology. This is one of my pet peeves. Can you add more flavor here? * Replace use of s/w and h/w with software and hardware respectively. * Would it make sense to further refine your contact leafs to check for the MUST URI schemas? * Your description for sbom-url and vuln-url are different. One says statically located URI whereas the other says statically located URL. I think the latter is correct. * The type for sbom-local-well-known is an enum. Would it make sense to make this an identityref so that other schemes may be used in the future? * When you say "customers" in this document, I think "users" is a better term. * Your example in Section 5.1 also uses the "ol" extension. I think you should omit that in this draft for better clarity. * In your security considerations, I don't grok this text: In as much as the module itself is made writeable, this only indicates a change in how to retrieve what read-only elements. But it does raise a question: why are these objects read-write? I'd think they'd be more operational and read-only from a Thing or device. * Section 8: "review" is misspelled. Joe On 4/12/22 07:16, Henk Birkholz wrote: Dear OPSAWG members, this email starts a three week period for a Working Group Last Call of > https://datatracker.ietf.org/doc/draft-ietf-opsawg-sbom-access/05/ ending on Wednesday, April 27th. The authors believe the Internet-Draft is ready for a WGLC. The draft has been discussed at meetings, as well as on the list, and review feedback has been incorporated in -05. Please send your comments to the list and your assessment of whether or not it is ready to proceed to publication before April 27th. For the OPSAWG co-chairs, Henk _______________________________________________ OPSAWG mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/opsawg
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
