We discussed whether elements should be serialized as maps or arrays, and I
provided an example map serialization for discussion. The two
serialization formats are equivalent, in that they deserialize to identical
logical nodes. But the discussion highlighted some practical distinctions:
1) Members of a map are pre-indexed by IRI, while an array must be searched
member by member to find the element with a specified IRI. Because looking
up element references is a common operation, the first step after receiving
an array of elements would be to build an index from IRI to element
position in the array.
2) In order to find the captain of a ship with 1000 rooms, you'd need to
search each room to look for someone wearing a captain's uniform. Or in
order to find an SBOM element in an array of 1000 elements, you'd need to
examine all elements to determine which one(s) are the SBOM type. That's
true whether the 1000 elements are serialized as a map or an array. BUT,
if the 1000 elements were serialized as a map AND a rootElements property
existed to list the SBOM IRI(s), no searching is required, the map points
directly to the captain.
Conclusion: serialization as a map doesn't help finding the captain if the
captain's ID isn't specified along with the map. But if the captain's ID
is specified, map serialization is hugely more efficient than having to
search 1000 elements in an array to find that ID.
In any case, here is the JSON-serialized array equivalent of the previous
map example, along with listing the 5 default properties at the top level
instead of nested in a "defaults" property:
{
"namespace": "urn:acme.dev:",
"createdBy": ["identities:fred"],
"created": "2022-04-05T22:00:00Z",
"specVersion": "3.0",
"profiles": ["Core", "Software"],
"dataLicense": "CC0-1.0",
"elementValues": [
{
"id": "artifacts:gnu-coreutils/v9.1/src/du.c",
"type": {
"file": {
"filePurpose": ["APPLICATION", "SOURCE"]
}
}
},
{
"id": "artifacts:gnu-coreutils/v9.1/src/echo.c",
"type": {
"file": {
"filePurpose": ["APPLICATION", "SOURCE"]
}
}
},
{
"id": "artifacts:gnu-coreutils/v9.1",
"type": {
"package": {
"packagePurpose": ["APPLICATION", "SOURCE"],
"downloadLocation": "
http://mirror.rit.edu/gnu/coreutils/coreutils-9.1.tar.gz";,
"homePage": "https://www.gnu.org/software/coreutils/";
}
},
"name": "GNU Coreutils"
},
{
"id": "relationships:gnu-coreutils/v9.1",
"type": {
"relationship": {
"relationshipType": "CONTAINS",
"from": "urn:acme.dev:artifacts:gnu-coreutils/v9.1",
"to": [
"artifacts:gnu-coreutils/v9.1/src/du.c",
"artifacts:gnu-coreutils/v9.1/src/echo.c"
]
}
}
},
{
"id": "identities:fred",
"type": {
"actor": {}
},
"identifiedBy": [{"email": "[email protected]"}]
},
{
"id": "sboms:gnu-coreutils/v9.1",
"type": {
"sbom": {
"elements": [
"artifacts:gnu-coreutils/v9.1/src/du.c",
"artifacts:gnu-coreutils/v9.1/src/echo.c",
"artifacts:gnu-coreutils/v9.1",
"relationships:gnu-coreutils/v9.1",
"identities:fred"
]
}
}
}
]
}
Regards,
David
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#4667): https://lists.spdx.org/g/Spdx-tech/message/4667
Mute This Topic: https://lists.spdx.org/mt/92509189/21656
Group Owner: [email protected]
Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
