My preference would be the second non-nested for 2 reasons: * It is similar and more compatible with the current serialization in JSON (not JSON-LD) * It is simpler to deserialize using an object oriented deserializer (like Jackson)
From: [email protected] <[email protected]> On Behalf Of David Kemp Sent: Tuesday, August 9, 2022 11:35 AM To: SPDX-list <[email protected]> Subject: [spdx-tech] No Array root William, I typed in the SBOM example from the model diagram. I then modified it to move the element of type SBOM from the beginning to the array of elements. Neither the original nor the modified JSON-LD serialized file has an element of type SpdxDocument containing statements about the serialized file. This is good :-). But if in addition to the three elements (SBOM, Person, Package) there were a fourth SpdxDocument element, it would replace and eliminate the need for ExternalMap by providing URL, elements, and verification information, simplifying the model. Neither the original nor the modified file has an array as root. In example2 the root object still has creation/default properties, and it has external elements, and it has element values. The difference is that the element values are all serialized together. There is no need for a special rule that you can nest values one level deep, because there is no nesting at all. Question: Is the second file a valid serialization? Is there any reason to use a special nested JSON-LD serialization instead of keeping all the elements together in an array? Original: { SBOM: ... creationInfo: ... externalMap: ... elements: [ Person: ... Package: ... ] } Modified, Not nested: { creationInfo: ... externalMap: ... elements: [ SBOM: ... Person: ... Package: ... ] } In my opinion, it is clearer to always say "this file contains these 3 elements", instead of saying "this file contains this element and two other elements nested inside it". When hashing the SBOM element the hash doesn't cover other elements - this is more obvious when one SBOM contains another SBOM where the second isn't nested two levels deep. Regards, David -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4732): https://lists.spdx.org/g/Spdx-tech/message/4732 Mute This Topic: https://lists.spdx.org/mt/92921289/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
