I experimented with something around identities and I'm really liking the
simplicity, so I wanted to run it by you to get your thoughts:
* We keep "Identity" element with subclasses of "Person" and "Organization"
(I'm ignoring "Tool" for right now).
* Introduce a new data type "Identifier" which could have subtypes like
"EmailAddress" and "Login".
* Add a property to "Element" called "identifiedBy" which is a list of zero
or more "Identifier".
This means we can have a Person that looks like this:
{
"SPDXID": "urn:github.com:users:iamwillbar",
"type": "Person",
"name": "William Bartholomew",
"identifiedBy": [
{"type": "EmailAddress", "email": "[email protected]"},
{"type": "Account", "authority": "github.com", "username": "iamwillbar"}
]
}
This then got me thinking that "artifactUrl" on "Artifact" is just another form
of "Identifier", which means we could remove that property and so a "Package"
could look like this:
{
"SPDXID": "urn:spdx.dev:spdx-tools-3.0.0",
"name": "spdx-tools-3.0.0",
"identifiedBy": [
{"type": "PURL", "locator": "pkg:..."}
]
}
What does that remind you of? "ExternalReferences", so we can then remove those
and merge that concept into identifiers:
{
"SPDXID": "urn:spdx.dev:spdx-tools-3.0.0",
"name": "spdx-tools-3.0.0",
"identifiedBy": [
{"type": "PURL", "locator": "pkg:..."},
{"type": "cpe22", "locator": "..."},
{"type": "SWHID", "locator": "..."}
]
}
And because "identifiedBy" is on "Element" any new types we add in the future
can also have identifiers attached to them:
{
"SPDXID": "urn:cve:12345",
"name": "tkvideo has a memory issue in playing videos",
"identifiedBy": [
{"type": "CVE", "locator": "CVE-2022-24902"}
]
}
What do you all think?
Sent from Outlook<http://aka.ms/weboutlook>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#4493): https://lists.spdx.org/g/Spdx-tech/message/4493
Mute This Topic: https://lists.spdx.org/mt/91005596/21656
Group Owner: [email protected]
Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
