idnits 2.17.1 draft-birkholz-yang-swid-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 36 instances of too long lines in the document, the longest one being 14 characters in excess of 72. == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 362: '...ame itself. This SHOULD be the relativ...' RFC 2119 keyword, line 473: '... registration ID MUST be a RFC 3986 UR...' RFC 2119 keyword, line 474: '... scope SHOULD be the scope o...' RFC 2119 keyword, line 475: '... registration id MUST be used consiste...' RFC 2119 keyword, line 732: '... If a SWID tag is a patch, it MUST...' (2 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 165 has weird spacing: '...ss-name str...' == Line 180 has weird spacing: '...ty-name str...' -- The document date (October 30, 2017) is 2371 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-24) exists of draft-ietf-sacm-coswid-02 -- Possible downref: Non-RFC (?) normative reference: ref. 'SWID' Summary: 2 errors (**), 0 flaws (~~), 5 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETCONF Working Group H. Birkholz 3 Internet-Draft Fraunhofer SIT 4 Intended status: Standards Track October 30, 2017 5 Expires: May 3, 2018 7 YANG module for Software Identifiers 8 draft-birkholz-yang-swid-00 10 Abstract 12 This document provides a YANG module definition that enables a system 13 entity to provide detailed information about installed software 14 components. The structure of the module is based on the Concise 15 Software Identifier draft and therefore also strongly related to the 16 ISO 19770-2:2015 Software Identifiers standard. Both standards 17 provide no interface to transport the SWID tag information between 18 system entities and this document leverages the wide adoption of YANG 19 based management interfaces. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at https://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on May 3, 2018. 38 Copyright Notice 40 Copyright (c) 2017 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (https://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 56 2. YANG SWID module . . . . . . . . . . . . . . . . . . . . . . 2 57 3. IANA considerations . . . . . . . . . . . . . . . . . . . . . 5 58 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 59 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 60 6. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 6 61 7. Normative References . . . . . . . . . . . . . . . . . . . . 6 62 Appendix A. Detailed YANG SWID module . . . . . . . . . . . . . 6 63 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 18 65 1. Introduction 67 Software Identification Tags (SWID tags [SWID]) or their binary 68 equivalent - the CoSWID tags [I-D.ietf-sacm-coswid] - provide a 69 versatile document standard that can be installed in conjunction with 70 a software component on a system entity. There is no standard 71 interface to access, export, or transfer these tag document between 72 system entities. The following YANG module enables full, fine- 73 grained access to every attribute and metadata defined in the SWID 74 standards via a YANG-based management interface. 76 2. YANG SWID module 78 Every node defined is read-only, as there is no installation or 79 deployment capability associated with tag information. The 80 descriptions of each attribute are derived from the SWID XML schema 81 definition provided by ISO: 83 http://standards.iso.org/iso/19770/-2/2015-current/schema.xsd 85 The definitions were adapted and modified if appropriate. 87 The following summary illustrates the module in tree format. The 88 complete YANG module can be found in Appendix A. 90 91 module: yang-software-identity 92 +--ro concise-software-identities* 93 +--ro concise-software-identity 94 +--ro lang? string 95 +--ro any-element* 96 | +--ro any-attribute 97 | +--ro attribute-name? string 98 | +--ro attribute-value? anydata 99 +--ro tag-id string 100 +--ro swid-name string 101 +--ro (major-ressource-collection)? 102 | +--:(payload) 103 | | +--ro payload 104 | | +--ro lang? string 105 | | +--ro any-element* 106 | | | +--ro any-attribute 107 | | | +--ro attribute-name? string 108 | | | +--ro attribute-value? anydata 109 | | +--ro (item-type)? 110 | | +--:(directory) 111 | | | +--ro directory 112 | | | +--ro directory-path? string 113 | | +--:(file) 114 | | | +--ro file 115 | | | +--ro directory-path? string 116 | | | +--ro size? uint32 117 | | | +--ro file-version? string 118 | | | +--ro file-hash 119 | | | +--ro hash-algo? int16 120 | | | +--ro hash-value? binary 121 | | +--:(key) 122 | | | +--ro key? boolean 123 | | +--:(location) 124 | | | +--ro location? string 125 | | +--:(fs-name) 126 | | | +--ro fs-name string 127 | | +--:(root) 128 | | +--ro root? string 129 | +--:(evidence) 130 | +--ro evidence 131 | +--ro lang? string 132 | +--ro any-element* 133 | | +--ro any-attribute 134 | | +--ro attribute-name? string 135 | | +--ro attribute-value? anydata 136 | +--ro (item-type)? 137 | | +--:(directory) 138 | | | +--ro directory 139 | | | +--ro directory-path? string 140 | | +--:(file) 141 | | | +--ro file 142 | | | +--ro directory-path? string 143 | | | +--ro size? uint32 144 | | | +--ro file-version? string 145 | | | +--ro file-hash 146 | | | +--ro hash-algo? int16 147 | | | +--ro hash-value? binary 148 | | +--:(key) 149 | | | +--ro key? boolean 150 | | +--:(location) 151 | | | +--ro location? string 152 | | +--:(fs-name) 153 | | | +--ro fs-name string 154 | | +--:(root) 155 | | +--ro root? string 156 | +--ro date? string 157 | +--ro device-id? string 158 +--ro additional-resource-collection* 159 | +--ro process 160 | | +--ro lang? string 161 | | +--ro any-element* 162 | | | +--ro any-attribute 163 | | | +--ro attribute-name? string 164 | | | +--ro attribute-value? anydata 165 | | +--ro process-name string 166 | | +--ro pid? uint16 167 | +--ro resource 168 | | +--ro lang? string 169 | | +--ro any-element* 170 | | | +--ro any-attribute 171 | | | +--ro attribute-name? string 172 | | | +--ro attribute-value? anydata 173 | | +--ro type? string 174 | +--ro entity 175 | | +--ro lang? string 176 | | +--ro any-element* 177 | | | +--ro any-attribute 178 | | | +--ro attribute-name? string 179 | | | +--ro attribute-value? anydata 180 | | +--ro entity-name string 181 | | +--ro reg-id? string 182 | | +--ro role? string 183 | | +--ro thumbprint 184 | | +--ro hash-algo? int16 185 | | +--ro thumbprint-value? binary 186 | +--ro link 187 | | +--ro lang? string 188 | | +--ro any-element* 189 | | | +--ro any-attribute 190 | | | +--ro attribute-name? string 191 | | | +--ro attribute-value? anydata 192 | | +--ro artifact? string 193 | | +--ro href string 194 | | +--ro media? string 195 | | +--ro ownership? string 196 | | +--ro rel string 197 | | +--ro type? string 198 | | +--ro use? string 199 | +--ro software-meta 200 | +--ro lang? string 201 | +--ro any-element* 202 | | +--ro any-attribute 203 | | +--ro attribute-name? string 204 | | +--ro attribute-value? anydata 205 | +--ro activation-status? string 206 | +--ro channel-type? string 207 | +--ro colloquial-version? string 208 | +--ro description? string 209 | +--ro edition? string 210 | +--ro entitlement-data-required? boolean 211 | +--ro entitlement-key? string 212 | +--ro generator? string 213 | +--ro persistent-id? string 214 | +--ro product? string 215 | +--ro product-family? string 216 | +--ro revision? string 217 | +--ro summary? string 218 | +--ro unspsc-code? string 219 | +--ro unspsc-version? string 220 +--ro corpus? boolean 221 +--ro patch? boolean 222 +--ro media? boolean 223 +--ro supplemental? boolean 224 +--ro tag-version? string 225 +--ro software-version? string 226 +--ro version-scheme? string 227 229 3. IANA considerations 231 This document includes no requests to IANA. 233 4. Security Considerations 235 This document includes no security considerations yet, but will act 236 as an incubator to create them 238 5. Acknowledgements 240 Eric Voit 242 6. Change Log 244 First version -00 246 7. Normative References 248 [I-D.ietf-sacm-coswid] 249 Birkholz, H., Fitzgerald-McKay, J., Schmidt, C., and D. 250 Waltermire, "Concise Software Identifiers", draft-ietf- 251 sacm-coswid-02 (work in progress), July 2017. 253 [SWID] "Information technology - Software asset management - Part 254 2: Software identification tag'", ISO/IEC 19770-2:2015, 255 October 2015. 257 Appendix A. Detailed YANG SWID module 259 260 module yang-software-identity { 262 namespace "urn:ietf:params:xml:ns:yang:swid"; 263 prefix "yang-swid"; 264 import ietf-yang-types { prefix "yang"; } 265 organization 266 "Fraunhofer SIT"; 267 contact 268 "Henk Birkholz 269 Fraunhofer Institute for Secure Information Technology 270 Email: henk.birkholz@sit.fraunhofer.de"; 271 description 272 "The YANG module to provide SWID tags via YANG modeled 273 management interfaces. 274 Copyright (C) Fraunhofer SIT (2017)."; 275 revision "2017-10-30" { 276 description 277 "Initial version"; 278 reference 279 "draft-birkholz-yang-swid-00"; 280 } 282 grouping global-attributes { 283 leaf lang { 284 type string; 285 description 286 "An RFC5646 conferment language tag"; 287 } 288 list any-element { 289 container any-attribute { 290 leaf attribute-name { 291 type string; 292 description 293 "The name of the custom attribute."; 294 } 295 leaf attribute-value { 296 type anydata; 297 description 298 "The value of the custom attribute."; 299 } 300 } 301 } 302 } 304 grouping relative-path { 305 leaf directory-path { 306 type string; 307 description 308 "A file-system path expression relative to the SWID tag document,"; 309 } 310 } 312 grouping filesystem-item { 313 uses global-attributes; 314 choice item-type { 315 container directory { 316 uses relative-path; 317 } 318 container file { 319 uses relative-path; 320 leaf size { 321 type uint32; 322 description 323 "The file size in bytes of the file."; 324 } 325 leaf file-version { 326 type string; 327 description 328 "The file version."; 329 } 330 container file-hash { 331 leaf hash-algo { 332 type int16; 333 description 334 "The integer index of the IANA Named Information Hash Algorithm 335 Registry table"; 336 } 337 leaf hash-value { 338 type binary; 339 description 340 "The binary hash value of the file"; 341 } 342 } 343 } 344 leaf key { 345 type boolean; 346 description 347 "Files that are considered important or required 348 for the use of a software component. Typical key files 349 would be those which, if not available on a system entity, 350 would cause the software component not to execute or 351 function properly. 352 Key files will typically be used to validate that 353 a software component referenced by the CoSWID tag document 354 is actually installed on a specific system 355 entity."; 356 } 357 leaf location { 358 type string; 359 description 360 "The directory or location where a file was found 361 or can expected to be located. This text-string is intended 362 to include the filename itself. This SHOULD be the relative 363 path represented by the root item."; 364 } 365 leaf fs-name { 366 type string; 367 mandatory true; 368 description 369 "The file name or directory name without any path characters."; 370 } 371 leaf root { 372 type string; 373 description 374 "A system-specific root folder that the location 375 item is an offset from. If this is not specified the 376 assumption is the root is the same folder as the location of 377 the CoSWID tag. The text-string value represents a path 378 expression relative to the CoSWID tag document location in 379 the (composite) file-system hierarchy."; 380 } 381 } 383 } 385 list concise-software-identities { 386 config false; 387 container concise-software-identity { 388 uses global-attributes; 389 leaf tag-id { 390 type string; 391 mandatory true; 392 description 393 "An identifier uniquely referencing a (composite) 394 software component. The tag identifier is intended to be 395 globally unique. There are no strict guidelines on how this 396 identifier is structured, but examples include a 16 byte 397 GUID (e.g. class 4 UUID)."; 398 } 399 leaf swid-name { 400 type string; 401 mandatory true; 402 description 403 "This item provides the software component name as 404 it would typically be referenced. For example, what would 405 be seen in the add/remove dialog on a Windows device, or 406 what is specified as the name of a packaged software product 407 or a patch identifier name on a Linux device."; 408 } 409 choice major-ressource-collection { 410 container payload { 411 uses filesystem-item; 412 } 413 container evidence { 414 uses filesystem-item; 415 leaf date { 416 type string; 417 description 418 "The sate and time evidence represented by an 419 evidence item was gathered."; 420 } 421 leaf device-id { 422 type string; 423 description 424 "A text-string identifier for a device 425 evidence was gathered from."; 426 } 427 } 428 } 429 list additional-resource-collection { 430 container process { 431 uses global-attributes; 432 leaf process-name { 433 type string; 434 mandatory true; 435 description 436 "The process name as it will be found in the 437 system entity's process table."; 438 } 439 leaf pid { 440 type uint16; 441 description 442 "The process ID for the process in execution 443 that can be included in the process item as part of an 444 evidence tag."; 445 } 446 } 447 container resource { 448 uses global-attributes; 449 leaf type { 450 type string; 451 description 452 "The type of resource represented via a 453 text-string (typically, registry-key, port 454 or root-uri)."; 455 } 456 } 457 container entity { 458 uses global-attributes; 459 leaf entity-name { 460 type string; 461 mandatory true; 462 description 463 "The text-string name of the organization 464 claiming a particular role in the SWID tag"; 465 } 466 leaf reg-id { 467 type string; 468 description 469 "The registration id is intended to uniquely 470 identify a naming authority in a given scope (e.g. global, 471 organization, vendor, customer, administrative domain, etc.) 472 that is implied by the referenced naming authority. The 473 value of an registration ID MUST be a RFC 3986 URI. The 474 scope SHOULD be the scope of an organization. In a given 475 scope, the registration id MUST be used consistently."; 476 } 477 leaf role { 478 type string; 479 description 480 "The relationship between this organization 481 and this tag. The role of tag creator is required for every 482 SWID tag. The role of an entity may include any role value, 483 but the per-defined roles include: "aggregator", 484 "distributor", "licensor", "software-creator", 485 "tag-creator". The enumerations of this will include a 486 request to IANA in order to be reference-able via an integer 487 index."; 488 } 489 container thumbprint { 490 leaf hash-algo { 491 type int16; 492 description 493 "The integer index of the IANA Named Information Hash Algorithm 494 Registry table that is used to create the 495 thumbprint."; 496 } 497 leaf thumbprint-value { 498 type binary; 499 description 500 "This value provides a hexadecimal string 501 that contains a hash (i.e. the thumbprint) of the signing 502 entities certificate."; 503 } 504 } 505 } 506 container link { 507 uses global-attributes; 508 leaf artifact { 509 type string; 510 description 511 "For installation media 512 (rel=installation-media); dictates the canonical name for 513 the file. 514 Items with the same artifact name should be considered 515 mirrors of each other (so download from 516 wherever works)."; 517 } 518 leaf href { 519 type string; 520 mandatory true; 521 description 522 "An URI pointing to the resource referenced 523 using a system-acceptable URI scheme (e.g., file:// http:// 524 https:// ftp://), including yang+swid://"; 525 } 526 leaf media { 527 type string; 528 description 529 "This text value is a hint to the tag consumer 530 to understand what this SWID tag applies to. This item can 531 also be included in the link item to represent a attributes 532 defined by the W3C Media Queries Recommendation (see 533 http://www.w3.org/TR/css3-mediaqueries/). A hint to the 534 consumer of the link to what the target item is applicable 535 for."; 536 } 537 leaf ownership { 538 type string; 539 description 540 "Determines the relative strength of ownership 541 of the software components. Valid enumerations are: abandon, 542 private, shared."; 543 } 544 leaf rel { 545 type string; 546 mandatory true; 547 description 548 "The relationship between this SWID and the 549 target file. Relationships can be identified by referencing 550 the IANA registration library: 551 https://www.iana.org/assignments/link-relations/link-relations.xhtml."; 552 } 553 leaf type { 554 type string; 555 description 556 "A longer, detailed description of the 557 software. This description can be multiple sentences 558 (differentiated from summary, which is a very short, 559 one-sentence description)."; 560 } 561 leaf use { 562 type string; 563 description 564 "Determines if the target software is a hard 565 requirement or not. Valid enumerations are: required, 566 recommended, optional."; 567 } 568 } 569 container software-meta { 570 uses global-attributes; 571 leaf activation-status { 572 type string; 573 description 574 "Identification of the activation status of 575 this software title (e.g. Trial, Serialized, Licensed, 576 Unlicensed, etc). Typically, this is used in supplemental 577 tags."; 578 } 579 leaf channel-type { 580 type string; 581 description 582 "Provides information on which channel this 583 particular software was targeted for (e.g. Volume, Retail, 584 OEM, Academic, etc). Typically used in supplemental tags."; 585 } 586 leaf colloquial-version { 587 type string; 588 description 589 "The informal or colloquial version of the 590 product (i.e. 2013). Note that this version may be the same 591 through multiple releases of a software product where the 592 version specified in entity is much more specific and will 593 change for each software release. 594 Note that this representation of version is typically used 595 to identify a group of specific software releases that are 596 part of the same release/support infrastructure (i.e. 597 Fabrikam Office 2013). This version is used for string 598 comparisons only and is not compared to be an earlier or 599 later release (that is done via the entity 600 version)."; 601 } 602 leaf description { 603 type string; 604 description 605 "A longer, detailed description of the 606 software. This description can be multiple sentences 607 (differentiated from summary, which is a very short, 608 one-sentence description)."; 609 } 610 leaf edition { 611 type string; 612 description 613 "The variation of the product (Extended, 614 Enterprise, Professional, Standard etc)."; 615 } 616 leaf entitlement-data-required { 617 type boolean; 618 description 619 "An indicator to determine if there should be 620 accompanying proof of entitlement when a software license 621 reconciliation is completed."; 622 } 623 leaf entitlement-key { 624 type string; 625 description 626 "A vendor-specific textual key that can be 627 used to reconcile the validity of an entitlement. (e.g. 628 serial number, product or license key)."; 629 } 630 leaf generator { 631 type string; 632 description 633 "The name of the software tool that created a 634 SWID tag. This item is typically used if tags are created 635 on the fly or via a catalog-based analysis for data found on 636 a computing device."; 637 } 638 leaf persistent-id { 639 type string; 640 description 641 "A GUID used to represent products installed 642 where the product are related, but may be different 643 versions. For example, an "upgradeCode" (see 644 http://msdn.microsoft.com/en-us/library/aa372375(v=vs.85).aspx 645 as an reference for this example)."; 646 } 647 leaf product { 648 type string; 649 description 650 "The base name of the product (e.g. Office, 651 Creative Suites, Websphere, etc)."; 652 } 653 leaf product-family { 654 type string; 655 description 656 "The overall product family this software 657 belongs to. Product family is not used to identify that a 658 product is part of a suite, but is instead used when a set 659 of products that are all related may be installed on 660 multiple different devices. 661 For example, an enterprise backup system may consist of a 662 backup services, multiple different backup services that 663 support mail services, databases and ERP systems, as well as 664 individual software components that backup client system 665 entities. In such an usage scenario, all software components 666 that are part of the backup system would have the same 667 product-family name so they can be grouped together in 668 respect to reporting systems."; 669 } 670 leaf revision { 671 type string; 672 description 673 "The informal or colloquial representation of 674 the sub-version of the given product (ie, SP1, R2, RC1, Beta 675 2, etc). Note that the SoftwareIdentity.version will 676 provide very exact version details, 677 the revision is intended for use in environments where 678 reporting on the informal or colloquial representation of 679 the software is important (for example, if for a certain 680 business process, an organization recognizes that it must 681 have, for example "ServicePack 1" or later of a specific 682 product installed on all devices, they can use the revision 683 data value to quickly identify any devices that do not meet 684 this requirement). 685 Depending on how a software organizations distributes 686 revisions, this value could be specified in a primary (if 687 distributed as an upgrade) or supplemental (if distributed 688 as a patch) SWID tag."; 689 } 690 leaf summary { 691 type string; 692 description 693 "A short (one-sentence) description of the 694 software."; 695 } 696 leaf unspsc-code { 697 type string; 698 description 699 "An 8 digit code that provides UNSPSC 700 classification of the software product this SWID tag 701 identifies. For more information see, 702 http://www.unspsc.org/."; 703 } 704 leaf unspsc-version { 705 type string; 706 description 707 "An 8 digit code that provides UNSPSC 708 classification of the software product this SWID tag 709 identifies. For more information see, 710 http://www.unspsc.org/."; 711 } 712 } 713 } 714 leaf corpus { 715 type boolean; 716 description 717 "Set to true, if this attribute specifies that this SWID tag is a 718 collection of information that describes the pre-installation 719 data of software component."; 720 } 721 leaf patch { 722 type boolean; 723 description 724 "A set of files that is intended to modify an 725 existing set of files (including configuration files, 726 scripts and corresponding environment variables that are 727 create by the OS for the runtime environment) that composes 728 a software component. A software component patch does 729 neither alter the version number (see 13) nor the release 730 details (descriptive english text, see 44) of a software 731 components. 732 If a SWID tag is a patch, it MUST 733 contain the patch item and its value MUST be set 734 to true. 736 It is recommended but not required to include a 737 rel(ation) item in a patch CoSWID. If a CoSWID includes a 738 patch member, but not a rel member, it is implied that it 739 SHOULD be installed independently of any other CoSWID tag 740 document -- even if an effective but not explicit 741 relationship exists."; 742 } 743 leaf media { 744 type boolean; 745 description 746 "This text value is a hint to the tag consumer to 747 understand what this SWID tag applies to. This item can also 748 be included in the link item to represent a attributes 749 defined by the W3C Media Queries Recommendation (see 750 http://www.w3.org/TR/css3-mediaqueries/). A hint to the 751 consumer of the link to what the target item is applicable 752 for."; 753 } 754 leaf supplemental { 755 type boolean; 756 description 757 "Specifies that this tag provides supplemental tag 758 data that can be merged with primary tag data to create a 759 complete record of the software information. Supplemental 760 tags will often be provided at install time and may be 761 provided by different entities (such as the tag consumer, or 762 a Value Added Reseller)."; 763 } 764 leaf tag-version { 765 type string; 766 description 767 "This item indicates if a specific release of a 768 software component has more than one tag that can represent 769 that specific release. This may be the case if a CoSWID tag 770 producer creates and releases an incorrect tag that they 771 subsequently want to fix, but with no underlying changes to 772 the product the CoSWID tag represents. This could happen if, 773 for example, a patch is distributed that has a link 774 reference that does not cover all the various software 775 releases it can patch. A newer CoSWID tag for that patch can 776 be generated and the tag-version value incremented to 777 indicate that the data is updated."; 779 } 780 leaf software-version { 781 type string; 782 description 783 "Underlying development version for the software 784 component."; 785 } 786 leaf version-scheme { 787 type string; 788 description 789 "Scheme used for the version number. Valid 790 enumerations are : 791 * alphanumeric: strictly a string, sorting alphanumerically 792 * decimal: a floating point number (i.e., 1.25 is less than 793 1.3 ) 794 * multipartnumeric: numbers separated via dots, where the 795 numbers are interpreted as integers (ie, 1.2.3 , 1.4.5.6 796 , 1.2.3.4.5.6.7). This string convention is similar to 797 OIDs. 798 * multipartnumeric+suffix: numbers separated via dots, where 799 the numbers are interpreted as integers with an additional 800 string suffix (e.g., 1.2.3a). 801 * semver: a string as defined by the semver.org spec [FiXME: 802 reference] 803 * unknown: the last resort choice, no attempt should be made 804 to order these"; 805 } 806 } 807 } 808 } 809 810 Author's Address 812 Henk Birkholz 813 Fraunhofer SIT 814 Rheinstrasse 75 815 Darmstadt 64295 816 Germany 818 Email: henk.birkholz@sit.fraunhofer.de