*[sdb] Henk, here is my attempt to maybe add a little more context for you.*
1.) Is there an example or a proposal how to express an arc such as
"verifiedUsing" in JSON?
*[sdb] Here is a more cleaned up and realistic version of the external
map example I pulled together from Nisha’s starting point on Tuesday’s
call.*
*I removed any “spdx” references out and just used “3tSBOM” to avoid
confusion with SPDX. We still need to decide on the new name of the
merged efforts standard.*
*This example is using a global JSONLD context defined for the standard
and published as part of the standard to define prefixes such as
“core:”, “software:”, etc. and anything else desired.*
*It also defines an additional JSONLD context locally within the file.
This is useful to define things like the local namespace prefix to
shorten ids of locally defined content.*
*It also currently contains alias mapping for “@id” and “@type” so that
they can be used as simple json “id” and “type” and everything will
still work. It should be noted this is one of many reasons that property
names dealing with “type” should be carefully localized (e.g., fileType,
relationshipType, etc.) to avoid collisions with global terms like this.*
*I hope it is obvious that all of the namespaces here are highly
contrived to make it clear they are not realworld examples. Real content
would need to use realistic namespaces.*
*You can see a realistic use of “core:verifiedUsing” as part of an
externalMap entry. It could just as easily be used directly on any
Element as appropriate.*
*{*
* "@context": [*
* "https://www.3tsbom.org/ontology/3tsbom.jsonld",*
* {*
* "id": "@id",*
* "type": "@type",*
* "docns":
"https://www.acme.org/some/namespace/for/content/defined/in/this/file#"*
* }*
* ],*
* "@graph": [*
* {*
* "id": "docns:Document1",*
* "type": "core:Document",*
* "core:specVersion": "3T-SBOM-Draft",*
* "core:namespace":
"https://www.acme.org/some/namespace/for/content/defined/in/this/file",*
* "core:externalMap": [*
* {*
* "core:externalID":
"https://www.fugazi.org/some/externally/defined/namespace#ExternalDocumentFoo",*
* "core:verifiedUsing": [*
* {*
* "type": "core:Hash",*
* "core:hashAlgorithm": "SHA256",*
* "core:hashValue":
"961B6DD3EDE3CB8ECBAACBD68DE040CD78EB2ED5889130CCEB4C49268EA4D506"*
* }*
* ],*
* "core:elementURL":
"https://www.fugazi.org/some/externally/defined/namespace/docs/#ExternalDocumentFoo-1.2-75306d2f-8dd5-402d-bfbc-d0a97e5a9b20",*
* "core:creator":
"https://www.fugazi.org/some/externally/defined/namespace#identity-75306d2f-8dd5-402d-bfbc-d0a97e5a9b20"*
* },*
* {*
* "core:externalID":
"https://www.fugazi.org/some/externally/defined/namespace/for/ExternalDocumentFoo#cluster-autoscaler-9.9.0",*
* "core:definingDocument":
"https://www.fugazi.org/some/externally/defined/namespace#ExternalDocumentFoo"*
* },*
* {*
* "core:externalID":
"https://www.fugazi.org/some/externally/defined/namespace/for/ExternalDocumentFoo#go",*
* "core:definingDocument":
"https://www.fugazi.org/some/externally/defined/namespace#ExternalDocumentFoo"*
* },*
* {*
* "core:externalID":
"https://www.fugazi.org/some/externally/defined/namespace/for/ExternalDocumentFoo#azure-sdk-for-go",*
* "core:definingDocument":
"https://www.fugazi.org/some/externally/defined/namespace#ExternalDocumentFoo"*
* }*
* ],*
* "core:element": [*
* {*
* "id":
"https://www.fugazi.org/some/externally/defined/namespace/for/ExternalDocumentFoo#cluster-autoscaler-9.9.0",*
* "type": "software:File",*
* "software:fileType": "BINARY",*
* "core:name": "cluster-autoscaler"*
* },*
* {*
* "id":
"https://www.fugazi.org/some/externally/defined/namespace/for/ExternalDocumentFoo#go",*
* "type": "core:Package",*
* "core:name": "cloud.google.com/go"*
* },*
* {*
* "id":
"https://www.fugazi.org/some/externally/defined/namespace/for/ExternalDocumentFoo#azure-sdk-for-go",*
* "type": "core:Package",*
* "core:name": "Azure/azure-sdk-for-go"*
* },*
* {*
* "id": "docns:Relationship1",*
* "type": "core:Relationship",*
* "core:from":
"https://www.fugazi.org/some/externally/defined/namespace/for/ExternalDocumentFoo#go",*
* "core:to":
"https://www.fugazi.org/some/externally/defined/namespace/for/ExternalDocumentFoo#cluster-autoscaler-9.9.0",*
* "core:relationshipType": "STATIC_LINK"*
* },*
* {*
* "id": "docns:Relationship2",*
* "type": "core:Relationship",*
* "from":
"https://www.fugazi.org/some/externally/defined/namespace/for/ExternalDocumentFoo#azure-sdk-for-go",*
* "to":
"https://www.fugazi.org/some/externally/defined/namespace/for/ExternalDocumentFoo#cluster-autoscaler-9.9.0",*
* "relationshipType": "STATIC_LINK"*
* }*
* ]*
* }*
* ]*
*}*
2.) Is there an example or a proposal how to express an arc, such as
"element", in JSON?
*[sdb*] @Henk Birkholz <mailto:[email protected]> *when
you say “element” do you mean the property or the class?*
*If you mean the property, I think the above example should show such an
example.*
*If you mean the class, you really would never see an object of class
Element instantiated in content. Element is an abstract class defined as
a basis for defining various concrete subclasses any of which can be
instantiated in content.*
*One of the additions I made in the proposed modications to the spec
template was adding an “Instantiability” property to the metadata table
of each class to specify explicitly whether it is Abstract or Concrete.*
*Does that make sense?*
**
3.) Is there still the notion to use json-ld generics here, e.g. object
always include members, such as @comment and @id?
*[sdb] I think the above example answers this question. Would you agree?*
*The only part I am unsure on is your reference to @comment. Can you
clarify what you mean? *
Sean Barnum
C – 703-473-8262
[email protected] <mailto:[email protected]>
/We are here to change the world!/
signature_1388200754
<https://www.facebook.com/MITREcorp>signature_1442303485
<https://www.linkedin.com/company/mitre>signature_245889441
<https://twitter.com/MITREcorp>signature_984325223
<https://www.youtube.com/user/mitrecorp>signature_929545762
<https://plus.google.com/+MitreOrgFFRDCs/posts>
signature_1845422085 <http://www.mitre.org/>
*From: *<[email protected]> on behalf of "William Bartholomew via
lists.spdx.org" <[email protected]>
*Reply-To: *"[email protected]" <[email protected]>
*Date: *Tuesday, March 23, 2021 at 10:37 PM
*To: *Henk Birkholz <[email protected]>
*Cc: *spdx-tech <[email protected]>
*Subject: *[EXT] Re: [spdx-tech] Model Diagram for 2021-03-23
Hi Henk, answers below...
1.) Is there an example or a proposal how to express an arc such as
"verifiedUsing" in JSON?
Since hashes are not an element they would typically be serialized as an
in-line array, for example:
{
...
"verifiedUsing": [
{
"type": "Hash",
"algorithm": "SHA512",
"hashValue": "A1B2C3..."
}
]
}
2.) Is there an example or a proposal how to express an arc, such as
"element", in JSON?
Good question, in the diagram I used the closed diamond shape which is
composition, however, now that both document and package can contain
elements, and they can also stand alone this should be a hollow diamond
indicating aggregation instead. Typically this would be serialized
something like this:
{
"elements": [
{
"type": "File",
"id": "some-id-a"
},
{
"type": "File",
"id": "some-id-b"
},
{
"type": "Package",
"id": "some-id-c",
"elements": [ "some-id-a", "some-id-b" ],
"rootElements": ["some-id-a"]
]
}
3.) Is there still the notion to use json-ld generics here, e.g. object
always include members, such as @comment and @id?
The logical model is indifferent to this. If we define a JSON-LD
serialization format for the specification then that would describe how
the fields map to JSON-LD constructs.
On Tue, Mar 23, 2021 at 11:50 AM Henk Birkholz
<[email protected]
<mailto:[email protected]>> wrote:
Hi William,
thanks for sending this out!
Wrt the model illustrated I have three specific questions - all of them
related to a potential instantiation of that model in JSON:
1.) Is there an example or a proposal how to express an arc such as
"verifiedUsing" in JSON?
2.) Is there an example or a proposal how to express an arc, such as
"element", in JSON?
3.) Is there still the notion to use json-ld generics here, e.g. object
always include members, such as @comment and @id?
These questions might already have answers. If that is the case, could
you please point me some resources where these notations are defined or
corresponding representative examples? The last time, I created an
exemplary specification from the diagram it looked quite differently
(e.g. Person was fleshed out in more detail).
Viele Grüße,
Henk
On 23.03.21 19:17, William Bartholomew via lists.spdx.org
<http://lists.spdx.org> wrote:
> Attached is the latest diagram from our discussion today.
>
>
>
>
>
