Technical Summary
ISO/IEC 19770-2:2015 Software Identification (SWID) tags provide an
extensible XML-based structure to identify and describe individual
software components, patches, and installation bundles. SWID tag
representations can be too large for devices with network and storage
constraints. This document defines a concise representation of SWID
tags: Concise SWID (CoSWID) tags. CoSWID supports a similar set of
semantics and features as SWID tags, as well as new semantics that
allow CoSWIDs to describe additional types of information, all in a
more memory efficient format.
Working Group Summary
The only controversy was related to the document signing defined in CoSWID and if that should be using a JWT/CWT compatible signature or the one defined in the standard.
Document Quality
This document has been reviewed by the WG and changes were made in response to AD and directorate reviews during IETF LC. There are dependencies (and review from) the RATS WG. Maturation was also coordinated with ISO (working on SWID) through a WG participant.
Personnel
* Document Shepherd: Chris Inacio
* Responsible AD: Roman Danyliw