+1 On Mon, May 9, 2022 at 11:06 PM Kay Williams via lists.spdx.org <kayw= [email protected]> wrote:
> +1 > > > > *From:* [email protected] <[email protected]> *On Behalf Of > *William Bartholomew (CELA) via lists.spdx.org > *Sent:* Monday, May 9, 2022 8:00 PM > *To:* spdx-tech <[email protected]> > *Subject:* [spdx-tech] Simplifying Identities > > > > I experimented with something around identities and I'm really liking the > simplicity, so I wanted to run it by you to get your thoughts: > > - We keep "Identity" element with subclasses of "Person" and > "Organization" (I'm ignoring "Tool" for right now). > - Introduce a new data type "Identifier" which could have subtypes > like "EmailAddress" and "Login". > - Add a property to "Element" called "identifiedBy" which is a list of > zero or more "Identifier". > > This means we can have a Person that looks like this: > > > > { > > "SPDXID": "urn:github.com:users:iamwillbar", > > "type": "Person", > > "name": "William Bartholomew", > > "identifiedBy": [ > > {"type": "EmailAddress", "email": "[email protected]"}, > > {"type": "Account", "authority": "github.com", "username": > "iamwillbar"} > > ] > > } > > > > This then got me thinking that "artifactUrl" on "Artifact" is just another > form of "Identifier", which means we could remove that property and so a > "Package" could look like this: > > > > { > > "SPDXID": "urn:spdx.dev:spdx-tools-3.0.0", > > "name": "spdx-tools-3.0.0", > > "identifiedBy": [ > > {"type": "PURL", "locator": "pkg:..."} > > ] > > } > > > > What does that remind you of? "ExternalReferences", so we can then remove > those and merge that concept into identifiers: > > > > { > > "SPDXID": "urn:spdx.dev:spdx-tools-3.0.0", > > "name": "spdx-tools-3.0.0", > > "identifiedBy": [ > > {"type": "PURL", "locator": "pkg:..."}, > > {"type": "cpe22", "locator": "..."}, > > {"type": "SWHID", "locator": "..."} > > ] > > } > > > > And because "identifiedBy" is on "Element" any new types we add in the > future can also have identifiers attached to them: > > > > { > > "SPDXID": "urn:cve:12345", > > "name": "tkvideo has a memory issue in playing videos", > > "identifiedBy": [ > > {"type": "CVE", "locator": "CVE-2022-24902"} > > ] > > } > > > > What do you all think? > > > > Sent from Outlook > <https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Faka.ms%2Fweboutlook&data=05%7C01%7Ckayw%40microsoft.com%7C370f920da385459ee32908da323121a3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637877484467898554%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=wqDX7y4urPF4G5SAmVw4zsRG5IOxWlE1wEMSBFbQ9hg%3D&reserved=0> > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4495): https://lists.spdx.org/g/Spdx-tech/message/4495 Mute This Topic: https://lists.spdx.org/mt/91005596/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
