OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

openc2-lang message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [openc2-lang] Comments of Note from the Actuator Profile subcommittee: New Language Element

Duncan said:
> I agree we define the term Âswid as 4 characters that go in a certain field in OpenC2,
> but our TC does not define the Âblob of text in the response to any greater detail than to say itÂs ÂswidÂ.

Media-types are defined by IANA; the media-type for SWIDs is "application/swid+xml", as defined in https://www.iana.org/assignments/media-types/application/swid+xml.

The standard OpenC2 type "Artifact" would pass an uninterpreted SWID blob as:

    "artifact": {
      "mime_type": "application/swid+xml",
      "payload": {
        "bin": "PFNvZnR3YXJlSWRlbnRpdHkKICB4bWxucz0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1L3NjaGVtYS54c2QiCiAgbmFtZT0iQUNNRSBSb2FkcnVubmVyIERldGVjdG9yIDIwMTMgQ295b3RlIEVkaXRpb24gU1AxIgogIHRhZ0lkPSJjb20uYWNtZS5ycmQyMDEzLWNlLXNwMS12NC0xLTUtMCIKICB2ZXJzaW9uPSI0LjEuNSI+CiAgPEVudGl0eQogICAgbmFtZT0iVGhlIEFDTUUgQ29ycG9yYXRpb24iCiAgICByZWdpZD0iYWNtZS5jb20iCiAgICByb2xlPSJ0YWdDcmVhdG9yIHNvZnR3YXJlQ3JlYXRvciIvPgogIDxFbnRpdHkKICAgIG5hbWU9IkNveW90ZSBTZXJ2aWNlcywgSW5jLiIKICAgIHJlZ2lkPSJteWNveW90ZS5jb20iCiAgICByb2xlPSJkaXN0cmlidXRvciIvPgogIDxMaW5rCiAgICByZWw9ImxpY2Vuc2UiCiAgICBocmVmPSJ3d3cuZ251Lm9yZy9saWNlbnNlcy9ncGwudHh0Ii8+CiAgPE1ldGEKICAgIGFjdGl2YXRpb25TdGF0dXM9InRyaWFsIgogICAgcHJvZHVjdD0iUm9hZHJ1bm5lciBEZXRlY3RvciIKICAgIGNvbGxvcXVpYWxWZXJzaW9uPSIyMDEzIgogICAgZWRpdGlvbj0iY295b3RlIgogICAgcmV2aXNpb249InNwMSIvPgogIDxQYXlsb2FkPgogICAgPERpcmVjdG9yeSByb290PSIlcHJvZ3JhbWRhdGElIiBuYW1lPSJycmRldGVjdG9yIj4KICAgICAgPEZpbGUgbmFtZT0icnJkZXRlY3Rvci5leGUiIHNpemU9IjUzMjcxMiIKICAgICAgICAgU0hBMjU2Omhhc2g9ImEzMTRmYzJkYzY2M2FlN2E2YjZiYzY3ODc1OTQwNTczOTZlNmIzZjU2OWNkNTBmZDVkZGI0ZDFiYmFmZDJiNmEiLz4KICAgIDwvRGlyZWN0b3J5PgogIDwvUGF5bG9hZD4KPC9Tb2Z0d2FyZUlkZW50aXR5Pg"
      }
    }

SPDX has registering a media-type on their roadmap: https://github.com/spdx/spdx-spec/issues/66

I didn't find anything on CycloneDX registration, but that doesn't mean they're not planning to do it.

Once they do the registration, Artifact can carry them too.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]