Thanks for the links, interesting reading.
Here's the RDF for the ISO's SWID updated schema.
http://standards.iso.org/iso/19770/-2/2015/schema.xsd
the part I'm advocating we provide the cross link to is:
<xs:attribute name="uniqueId" type="xs:string" use="optional"
default="unknown"><xs:annotation><xs:documentation>Unique identifier that is
unique, essentially
(publisher)+(product)+(version)</xs:documentation></xs:annotation></xs:attribute>
If you find the CPE RDF definition, I would be very interested in reviewing it.
Thanks, Kate
On Tuesday, July 28, 2015 11:56 AM, Gary O'Neall <[email protected]>
wrote:
#yiv1879908625 #yiv1879908625 -- _filtered #yiv1879908625 {panose-1:2 4 5 3 5
4 6 3 2 4;} _filtered #yiv1879908625 {font-family:Calibri;panose-1:2 15 5 2 2 2
4 3 2 4;} _filtered #yiv1879908625 {font-family:Tahoma;panose-1:2 11 6 4 3 5 4
4 2 4;} _filtered #yiv1879908625 {font-family:Verdana;panose-1:2 11 6 4 3 5 4 4
2 4;} _filtered #yiv1879908625 {panose-1:0 0 0 0 0 0 0 0 0 0;}#yiv1879908625
#yiv1879908625 p.yiv1879908625MsoNormal, #yiv1879908625
li.yiv1879908625MsoNormal, #yiv1879908625 div.yiv1879908625MsoNormal
{margin:0in;margin-bottom:.0001pt;font-size:12.0pt;}#yiv1879908625 a:link,
#yiv1879908625 span.yiv1879908625MsoHyperlink
{color:blue;text-decoration:underline;}#yiv1879908625 a:visited, #yiv1879908625
span.yiv1879908625MsoHyperlinkFollowed
{color:purple;text-decoration:underline;}#yiv1879908625
p.yiv1879908625MsoAcetate, #yiv1879908625 li.yiv1879908625MsoAcetate,
#yiv1879908625 div.yiv1879908625MsoAcetate
{margin:0in;margin-bottom:.0001pt;font-size:8.0pt;}#yiv1879908625
span.yiv1879908625hoenzb {}#yiv1879908625 span.yiv1879908625EmailStyle18
{color:#1F497D;}#yiv1879908625 span.yiv1879908625BalloonTextChar
{}#yiv1879908625 .yiv1879908625MsoChpDefault {font-size:10.0pt;} _filtered
#yiv1879908625 {margin:1.0in 1.0in 1.0in 1.0in;}#yiv1879908625
div.yiv1879908625WordSection1 {}#yiv1879908625 For the RDF section, I did a
quick search and found some interesting research on representing the National
Vulnerability Database (NVD) in the Semantic Web:
http://cs.utdallas.edu/semanticweb/NIST-NVD/Tech-Rep-NIST-NVD.pdf - See page
17 for a nice diagram on the
ontologyhttp://scap.nist.gov/events/2009/itsac/presentations/day3/Day3_SCAPTech_Khadilkar_Rachapalli.pdf
From a quick 5 minute browse of the document, it looks like they have created
an ontology for the CPE structure which we could leverage. Interestingly,
they chose the same basic architecture and tools strategy for their project as
we did for the SPDX tools including using Protégé for OWL. If we want to use a
common CPE RDF definition, I'll see if I can find the OWL document and propose
an RDF set of classes and terms. Gary From: [email protected]
[mailto:[email protected]] On Behalf Of [email protected]
Sent: Tuesday, July 28, 2015 8:31 AM
To: [email protected]
Subject: Proposal: Security and Asset Management Identifier Looks like my
original send didn't make it through the filters... resending. ----------
Forwarded message ----------
From: Kate Stewart <[email protected]>
Date: Tue, Jul 28, 2015 at 7:49 AM
Subject: Proposal: Security and Asset Management Identifier
To: [email protected]
Hi,
https://docs.google.com/document/d/1WfArS8_xR_CQ_5plOOMtj1y9ps5M-gXFjofUBXR8hyE/edit#
Has a proposal for security and assent management identifier for
discussion in the tech team call later today. There is also some background
(with links to other references) for those who want to dig further. This
is being envisioned to be available at the SpdxItem level in the model, as an
optional property. Looking forward to talking to you in a couple of hours.
Kate
_______________________________________________
Spdx-tech mailing list
[email protected]
https://lists.spdx.org/mailman/listinfo/spdx-tech
