rfc9393v5.txt   rfc9393.txt 
Internet Engineering Task Force (IETF) H. Birkholz Internet Engineering Task Force (IETF) H. Birkholz
Request for Comments: 9393 Fraunhofer SIT Request for Comments: 9393 Fraunhofer SIT
Category: Standards Track J. Fitzgerald-McKay Category: Standards Track J. Fitzgerald-McKay
ISSN: 2070-1721 National Security Agency ISSN: 2070-1721 National Security Agency
C. Schmidt C. Schmidt
The MITRE Corporation The MITRE Corporation
D. Waltermire D. Waltermire
NIST NIST
May 2023 June 2023
Concise Software Identification Tags Concise Software Identification Tags
Abstract Abstract
ISO/IEC 19770-2:2015 Software Identification (SWID) tags provide an ISO/IEC 19770-2:2015 Software Identification (SWID) tags provide an
extensible XML-based structure to identify and describe individual extensible XML-based structure to identify and describe individual
software components, patches, and installation bundles. SWID tag software components, patches, and installation bundles. SWID tag
representations can be too large for devices with network and storage representations can be too large for devices with network and storage
constraints. This document defines a concise representation of SWID constraints. This document defines a concise representation of SWID
skipping to change at line 1064 skipping to change at line 1064
to registered entries in the "Software ID Link Relationship to registered entries in the "Software ID Link Relationship
Values" registry. Values" registry.
media-type (index 41): Supplies the resource consumer with a hint media-type (index 41): Supplies the resource consumer with a hint
regarding what type of resource to expect. A link can point to regarding what type of resource to expect. A link can point to
arbitrary resources on the endpoint, local network, or Internet arbitrary resources on the endpoint, local network, or Internet
using the href item. (This is a _hint_: there is no obligation using the href item. (This is a _hint_: there is no obligation
for the server hosting the target of the URI to use the indicated for the server hosting the target of the URI to use the indicated
media type when the URI is dereferenced.) Media types are media type when the URI is dereferenced.) Media types are
identified by referencing a "Name" from the IANA "Media Types" identified by referencing a "Name" from the IANA "Media Types"
registry (see <http://www.iana.org/assignments/media-types/>). registry (see <https://www.iana.org/assignments/media-types/>).
This item maps to '/SoftwareIdentity/Link/@type' in [SWID]. This item maps to '/SoftwareIdentity/Link/@type' in [SWID].
use (index 42): An integer or textual value (integer label with text use (index 42): An integer or textual value (integer label with text
escape; see Section 2). See Section 4.5 for the list of values escape; see Section 2). See Section 4.5 for the list of values
available for this item. This item is used to determine if the available for this item. This item is used to determine if the
referenced software component has to be installed before referenced software component has to be installed before
installing the software component identified by the CoSWID tag. installing the software component identified by the CoSWID tag.
If an integer value is used, it MUST be an index value in the If an integer value is used, it MUST be an index value in the
range -256 to 255. Integer values in the range -256 to -1 are range -256 to 255. Integer values in the range -256 to -1 are
reserved for testing and use in closed environments (see reserved for testing and use in closed environments (see
skipping to change at line 1243 skipping to change at line 1243
$$software-meta-extension: A CDDL socket that can be used to extend $$software-meta-extension: A CDDL socket that can be used to extend
the software-meta-entry group model. See Section 2.2. the software-meta-entry group model. See Section 2.2.
2.9. The Resource Collection Definition 2.9. The Resource Collection Definition
2.9.1. The hash-entry Array 2.9.1. The hash-entry Array
CoSWID adds explicit support for the representation of hash entries CoSWID adds explicit support for the representation of hash entries
using algorithms that are registered in the IANA "Named Information using algorithms that are registered in the IANA "Named Information
Hash Algorithm Registry" [IANA.named-information] using the hash Hash Algorithm Registry" [IANA.named-information]. This array is
member (index 7) and the corresponding hash-entry type. This is the used by both the hash (index 7) and thumbprint (index 34) values.
equivalent of the namespace qualified "hash" attribute in [SWID]. This is the equivalent of the namespace qualified "hash" attribute in
[SWID].
hash-entry = [ hash-entry = [
hash-alg-id: int, hash-alg-id: int,
hash-value: bytes, hash-value: bytes,
] ]
The number used as a value for hash-alg-id is an integer-based hash The number used as a value for hash-alg-id is an integer-based hash
algorithm identifier whose value MUST refer to an ID in the IANA algorithm identifier whose value MUST refer to an ID in the IANA
"Named Information Hash Algorithm Registry" [IANA.named-information] "Named Information Hash Algorithm Registry" [IANA.named-information]
with a Status of "current" (at the time the generator software was with a Status of "current" (at the time the generator software was
skipping to change at line 1324 skipping to change at line 1325
* $$process-extension, * $$process-extension,
global-attributes, global-attributes,
} }
resource-entry = { resource-entry = {
type => text, type => text,
* $$resource-extension, * $$resource-extension,
global-attributes, global-attributes,
} }
hash = 7
directory = 16 directory = 16
file = 17 file = 17
process = 18 process = 18
resource = 19 resource = 19
size = 20 size = 20
file-version = 21 file-version = 21
key = 22 key = 22
location = 23 location = 23
fs-name = 24 fs-name = 24
root = 25 root = 25
skipping to change at line 1349 skipping to change at line 1351
The following list describes each member of the groups and maps The following list describes each member of the groups and maps
illustrated above. illustrated above.
filesystem-item: A list of common items used for representing the filesystem-item: A list of common items used for representing the
filesystem root, relative location, name, and significance of a filesystem root, relative location, name, and significance of a
file or directory item. file or directory item.
global-attributes: The global-attributes group as described in global-attributes: The global-attributes group as described in
Section 2.5. Section 2.5.
hash (index 7): A hash of the file as described in Section 2.9.1. hash (index 7): Value that provides a hash of a file. This item
provides an integrity measurement with respect to a specific file.
See Section 2.9.1 for more details on the use of the hash-entry
data structure.
directory (index 16): Item that allows child directory and file directory (index 16): Item that allows child directory and file
items to be defined within a directory hierarchy for the software items to be defined within a directory hierarchy for the software
component. component.
file (index 17): Item that allows details about a file to be file (index 17): Item that allows details about a file to be
provided for the software component. provided for the software component.
process (index 18): Item that allows details to be provided about process (index 18): Item that allows details to be provided about
the runtime behavior of the software component, such as the runtime behavior of the software component, such as
skipping to change at line 1386 skipping to change at line 1391
'/SoftwareIdentity/(Payload|Evidence)/File/@version' in [SWID]. '/SoftwareIdentity/(Payload|Evidence)/File/@version' in [SWID].
key (index 22): A boolean value indicating if a file or directory is key (index 22): A boolean value indicating if a file or directory is
significant or required for the software component to execute or significant or required for the software component to execute or
function properly. These are files or directories that can be function properly. These are files or directories that can be
used to affirmatively determine if the software component is used to affirmatively determine if the software component is
installed on an endpoint. installed on an endpoint.
location (index 23): The filesystem path where a file is expected to location (index 23): The filesystem path where a file is expected to
be located when installed or copied. The location MUST be either be located when installed or copied. The location MUST be either
relative to the location of the parent directory item (preferred) an absolute path, a path relative to the path value included in
or relative to the location of the CoSWID tag (as indicated in the the parent directory item (preferred), or a path relative to the
location value in the evidence entry map) if no parent is defined. location of the CoSWID tag if no parent is defined. The location
The location MUST NOT include a file's name, which is provided by MUST NOT include a file's name, which is provided by the fs-name
the fs-name item. item.
fs-name (index 24): The name of the directory or file without any fs-name (index 24): The name of the directory or file without any
path information. This aligns with a file "name" in [SWID]. This path information. This aligns with a file "name" in [SWID]. This
item maps to item maps to
'/SoftwareIdentity/(Payload|Evidence)/(File|Directory)/@name' in '/SoftwareIdentity/(Payload|Evidence)/(File|Directory)/@name' in
[SWID]. [SWID].
root (index 25): A host-specific name for the root of the root (index 25): A host-specific name for the root of the
filesystem. The location item is considered relative to this filesystem. The location item is considered relative to this
location if specified. If not provided, the value provided by the location if specified. If not provided, the value provided by the
skipping to change at line 1482 skipping to change at line 1487
device-id = 36 device-id = 36
The following list describes each child item of this group. The following list describes each child item of this group.
global-attributes: The global-attributes group as described in global-attributes: The global-attributes group as described in
Section 2.5. Section 2.5.
resource-collection: The resource-collection group as described in resource-collection: The resource-collection group as described in
Section 2.9.2. Section 2.9.2.
location (index 23): The absolute file path of the location of the location (index 23): The filesystem path of the location of the
CoSWID tag generated as evidence. (Location values in filesystem- CoSWID tag generated as evidence. This path is always an absolute
item instances in the payload can be expressed relative to this file path (unlike the value of a location item found within a
location.) filesystem-item as described in Section 2.9.2, which can be either
a relative path or an absolute path).
date (index 35): The date and time the information was collected date (index 35): The date and time the information was collected
pertaining to the evidence item in epoch-based date/time format as pertaining to the evidence item in epoch-based date/time format as
specified in Section 3.4.2 of [RFC8949]. specified in Section 3.4.2 of [RFC8949].
device-id (index 36): The endpoint's string identifier from which device-id (index 36): The endpoint's string identifier from which
the evidence was collected. the evidence was collected.
$$evidence-extension: A CDDL socket that can be used to extend the $$evidence-extension: A CDDL socket that can be used to extend the
evidence-entry group model. See Section 2.2. evidence-entry group model. See Section 2.2.
 End of changes. 7 change blocks. 
15 lines changed or deleted 21 lines changed or added

This html diff was produced by rfcdiff 1.48.