Skip to main content

Concise Software Identification Tags
draft-ietf-sacm-coswid-24

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Christopher Inacio <inacio@cert.org>, Karen O'Donoghue <odonoghue@isoc.org>, The IESG <iesg@ietf.org>, draft-ietf-sacm-coswid@ietf.org, inacio@cert.org, rdd@cert.org, rfc-editor@rfc-editor.org, sacm-chairs@ietf.org, sacm@ietf.org
Subject: Protocol Action: 'Concise Software Identification Tags' to Proposed Standard (draft-ietf-sacm-coswid-22.txt)

The IESG has approved the following document:
- 'Concise Software Identification Tags'
  (draft-ietf-sacm-coswid-22.txt) as Proposed Standard

This document is the product of the Security Automation and Continuous
Monitoring Working Group.

The IESG contact persons are Paul Wouters and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-sacm-coswid/


Ballot Text

Technical Summary

   ISO/IEC 19770-2:2015 Software Identification (SWID) tags provide an
   extensible XML-based structure to identify and describe individual
   software components, patches, and installation bundles.  SWID tag
   representations can be too large for devices with network and storage
   constraints.  This document defines a concise representation of SWID
   tags: Concise SWID (CoSWID) tags.  CoSWID supports a similar set of
   semantics and features as SWID tags, as well as new semantics that
   allow CoSWIDs to describe additional types of information, all in a
   more memory efficient format.

Working Group Summary

The only controversy was related to the document signing defined in CoSWID and if that should be using a JWT/CWT  compatible signature or the one defined in the standard.

Document Quality

This document has been reviewed by the WG and changes were made in response to AD and directorate reviews during IETF LC.  There are dependencies (and review from) the RATS WG.  Maturation was also coordinated with ISO (working on SWID) through a WG participant.

Personnel

* Document Shepherd: Chris Inacio
* Responsible AD: Roman Danyliw

RFC Editor Note