William, There are two different types hanging off of Collection. One is a BOM / SBOM, where the collection is a list of all of the Elements that are part of the BOM regardless of where they may be serialized.
The other is a description of the transfer unit, where the collection is a list of all of the Elements that are serialized in the transfer unit regardless of the element types. I would show Document/TransferUnit as one extension of Collection, and BOM as the other extension. Dave On Mon, May 2, 2022 at 7:16 PM William Bartholomew (CELA) via lists.spdx.org <[email protected]> wrote: > I’ve attached a simplified SPDX 3.0 diagram that treats the types that > have value type/struct semantics as data types rather than entities. I > think this greatly simplifies the diagram and makes it easier to understand > (basically boxes are elements). Technically Extension shouldn’t be a box > following that logic, but I need to work out how to represent Map<string, > any> nicely. Please check the document over and file any issues in the > spdx-3-model > repository <https://github.com/spdx/spdx-3-model/issues>. > > > > This diagram does not incorporate the suggestions around Identity, I will > send a separate email with that. > > > > I can’t make tomorrow’s meeting, but it would be good to conclude on a > name for Document/ContextualCollection. I’m leaning towards Document as > long as the definition doesn’t require serialization, describing BOM and > SBOM as specializations of Document feels natural and it doesn’t need to > imply serialized to disk. This will also feel more natural to people moving > from SPDX 2.x. I don’t feel strongly and will defer to consensus. > > > > Regards, > > > > William Bartholomew (he/him) – Let’s chat > <https://outlook.office.com/bookwithme/user/[email protected]/meetingtype/SVRwCe7HMUGxuT6WGxi68g2?anonymous&ep=mlink> > > Principal Security Strategist > > Global Cybersecurity Policy – Microsoft > > > > *My working day may not be your working day. Please don’t feel obliged to > reply to this e-mail outside of your normal working hours.* > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4487): https://lists.spdx.org/g/Spdx-tech/message/4487 Mute This Topic: https://lists.spdx.org/mt/90848340/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
