Dear David,
With my tech-hat on, I would greatly prefer your second, modified
example. It's much easier to process with the programming languages I
use, which are of the functional paradigm and thus get along really well
with flat arrays or maps. Nesting means hard-coding extra logic to
extract the individual Elements out the extra structure.
Also, donning my outreach-hat now, I'd fully agree with your final
statement; I think the communication for 3.0 (both for publicity and
education) will be improved by prioritising the role of invididual,
atomic and discrete Elements.
Best wishes,
Sebastian
On Tue, Aug 09, 2022 at 02:34:47PM -0400, David Kemp wrote:
> William,
>
> I typed in the SBOM example from the model diagram.
> I then modified it to move the element of type SBOM from the beginning to
> the array of elements.
>
> Neither the original nor the modified JSON-LD serialized file has an
> element of type SpdxDocument containing statements about the serialized
> file. This is good :-). But if in addition to the three elements (SBOM,
> Person, Package) there were a fourth SpdxDocument element, it would replace
> and eliminate the need for ExternalMap by providing URL, elements, and
> verification information, simplifying the model.
>
> Neither the original nor the modified file has an array as root. In
> example2 the root object still has creation/default properties, and it has
> external elements, and it has element values. The difference is that the
> element values are all serialized together. There is no need for a special
> rule that you can nest values one level deep, because there is no nesting
> at all.
>
> Question: Is the second file a valid serialization? Is there any reason to
> use a special nested JSON-LD serialization instead of keeping all the
> elements together in an array?
>
> Original:
> {
> SBOM: ...
> creationInfo: ...
> externalMap: ...
> elements: [
> Person: ...
> Package: ...
> ]
> }
>
> Modified, Not nested:
> {
> creationInfo: ...
> externalMap: ...
> elements: [
> SBOM: ...
> Person: ...
> Package: ...
> ]
> }
>
> In my opinion, it is clearer to always say "this file contains these 3
> elements", instead of saying "this file contains this element and two other
> elements nested inside it". When hashing the SBOM element the hash doesn't
> cover other elements - this is more obvious when one SBOM contains another
> SBOM where the second isn't nested two levels deep.
>
> Regards,
> David
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#4733): https://lists.spdx.org/g/Spdx-tech/message/4733
Mute This Topic: https://lists.spdx.org/mt/92921289/21656
Group Owner: [email protected]
Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
