I like the idea of clarifying the distinction between STIX Bundle and Document.
BTW - I may be able to join the call tomorrow morning – the time zone difference isn’t as large as I thought due to standard time. Regards, Gary From: [email protected] <[email protected]> On Behalf Of David Kemp Sent: Saturday, November 6, 2021 1:25 PM To: SPDX-list <[email protected]> Subject: Re: [EXTERNAL] Re: [spdx-tech] Collection member Elements Clarifying the distinction between STIX Bundle and Document is my motivation for proposing Bundle: * There has been discussion of "unit of transfer" as being a justification for Document. I don't object to transferring Documents, but it is also useful to transfer a unit without requiring the unit to be a Document. If there are SBOMs for three different software Packages, they can be put on a thumb drive, or in a tarfile, or downloaded from Google Drive without needing to create a Document to hold all three of them. Bundle is a "unit of transfer" for Elements without SPDX relying on other mechanisms to group those Elements into a unit. * Bundle can be used to contain copies of external Elements purely for convenience. An Element is always uniquely identified by IRI, but if the ability to retrieve external Elements is iffy or time consuming, they can be copied into a Bundle along with any Collection(s) that reference them. Unlike tarfiles or FAT filesystems on thumb drives, SPDX would define what a "Bundle of Elements" data structure (little-d document) looks like. * The logical model has a Collection type that is a supertype of ContextualCollection and Document. People see that and wonder what "contextual" is supposed to mean, and whether Document may be, should be, or should not be, contextual. Bundle makes it clear that if you want a bunch of SPDX Elements without implying any relationship or context, they have a home. In the logical model Bundle would be a Class with one property: "element" with 1..* Element values. Unlike Collection it doesn't have any designated rootElement, has no namespaceMap or externalMap, and isn't a subclass of Element. Regards, Dave On Sat, Nov 6, 2021 at 2:58 PM Gary O'Neall <[email protected] <mailto:[email protected]> > wrote: * I believe it should continue to be named Document for compatibility – but naming is secondary to getting the structure right * Although I don’t really see much value in having a class called Bundle with the exact same semantics as the STIX Bundle, I have no problem adding that to the model if others find it useful. One advantage to having the STIX Bundle in our model would make it clearer the difference between a Bundle and a Document. [Dave]: The new proposal is to create a logical model class that is NOT an Element and does not exist in the current logical model. As described above, it has no IRI, no name, no creation info, nothing except the Elements to be transferred. It has the semantics of a STIX "Bundle", not a v2 or v3 "Document", so the previous discussion does not apply. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4240): https://lists.spdx.org/g/Spdx-tech/message/4240 Mute This Topic: https://lists.spdx.org/mt/86776587/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
