Thanks Sean!
Nicely detailed description and it definitely helped me understand the process in more detail. I like the profile context which would add some additional documentation we are capturing less formally today. There is one area I am still not clear on for this proposal as well as our current template proposal. The question is how we would translate the formal model specification into serialization format specific schemas used to validate if a given document adheres to one or more profiles. Here’s an example scenario: * Software producer generates an SBOM complying with a license profile and a security/defect profile. * The producer chooses a simple JSON output format. * The SPDX organization provides one or more schemas including JSON schemas which can be used to validate. * The consumer runs a JSON schema validation on the SBOM using the provided JSON schemas to validate the SBOM. The main reason I am bringing this up now is to make sure the process we use for specifying the model and profiles capture enough information to generate these schemas. Gary From: [email protected] <[email protected]> On Behalf Of Sean Barnum Sent: Monday, April 26, 2021 2:49 PM To: [email protected] Subject: [spdx-tech] Hoping for clarity on profile planning, model specifications, profile specifications, formal standard, etc. All, I promised to send you all more detail on what I meant when describing a flow from profile planning to specifications where specification of all model content is done in the model specification and the resulting profile specifications simply outline the usage context for the given profile, reference (not define) relevant portions of the model for that profile and give any further relevant usage guidance for that profile. Sorry for the delay. Hopefully the attached diagram and markdown templates are clear and convey what I was attempting to convey verbally. Sean Barnum C – 703-473-8262 <mailto:[email protected]> [email protected] We are here to change the world! <https://www.facebook.com/MITREcorp> <https://www.linkedin.com/company/mitre> <https://twitter.com/MITREcorp> <https://www.youtube.com/user/mitrecorp> <https://plus.google.com/+MitreOrgFFRDCs/posts> <http://www.mitre.org/> -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4046): https://lists.spdx.org/g/Spdx-tech/message/4046 Mute This Topic: https://lists.spdx.org/mt/82390442/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
