RE: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA registration for media type application/sarif+json

["Larry Golding (Myriad Consulting Inc)" <v-lgold@microsoft.com>]

Fixed ð

-----Original Message-----
From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> On Behalf Of David Keaton
Sent: Friday, April 3, 2020 5:17 PM
To: sarif@lists.oasis-open.org
Subject: Re: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA registration for media type application/sarif+json

      Looking at the draft registration as a whole, the rest looks good to me too (although the last line probably needs a newline at the end).

					David

On 4/3/20 5:06 PM, David Keaton wrote:
>  ÂÂÂÂ That list looks good to me!
> 
>  ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ David
> 
> On 4/3/20 5:05 PM, Larry Golding (Myriad Consulting Inc) wrote:
>> Here you go. "Inspired by" our conformance clauses; not mapped 1:1 
>> with them, but a pretty good sampling of the kinds of uses we'll see:
>>
>> - Static analysis tools
>> - Static analysis results visualization tools (viewers)
>> - Bug filing tools
>> - Defect databases
>> - Compliance systems
>>
>> And yes, still "non-exhaustive".
>>
>> -----Original Message-----
>> From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> On 
>> Behalf Of Larry Golding (Myriad Consulting Inc)
>> Sent: Friday, April 3, 2020 5:01 PM
>> To: David Keaton <dmk@dmk.com>; sarif@lists.oasis-open.org
>> Subject: RE: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA 
>> registration for media type application/sarif+json
>>
>> That sounds like a great idea, thanks! (And the sql example does 
>> answer my question: the intent of the question is "what kinds of 
>> software would use this type", not "what kinds of software are using 
>> it now".)
>>
>> -----Original Message-----
>> From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> On 
>> Behalf Of David Keaton
>> Sent: Friday, April 3, 2020 4:59 PM
>> To: sarif@lists.oasis-open.org
>> Subject: Re: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA 
>> registration for media type application/sarif+json
>>
>> Larry,
>>
>>  Maybe we are being too specific. For example, if you look at 
>> the description for application/sql, it just says "Databases and 
>> related tools" instead of listing product names.
>>
>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftoo
>> ls.ietf.org%2Fhtml%2Frfc6922&amp;data=02%7C01%7Cv-lgold%40microsoft.c
>> om%7C168a1bec792d4fb36c0d08d7d82d814f%7C72f988bf86f141af91ab2d7cd011d
>> b47%7C1%7C0%7C637215562266012765&amp;sdata=x4ZcMPhpW3Ha4qNKZP4el%2FHo
>> VEwSQJQUxoofAncN9Bg%3D&amp;reserved=0
>>
>>
>> ÂÂÂÂÂÂ What if we went through the conformance clauses and picked out 
>> generic descriptions for tools, such as "static analyzers," "static 
>> analysis results visualization tools," etc. (still keeping the list 
>> labeled as not exhaustive)? Does that sound reasonable to you?
>>
>> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ David
>>
>> On 4/3/20 4:51 PM, Larry Golding (Myriad Consulting Inc) wrote:
>>> Oh!
>>>
>>> That is a very interesting point. Maybe I was answering the wrong 
>>> question. I was answering the question "What applications use SARIF 
>>> files?". I was not answering the question "What applications 
>>> currently use application/sarif+json" to designate SARIF files?"
>>>
>>> Because the answer to _that_ question is "None" ð
>>>
>>> David, what should I be doing here?
>>>
>>> -----Original Message-----
>>> From: Yekaterina O'Neil <katrina@microfocus.com>
>>> Sent: Friday, April 3, 2020 4:49 PM
>>> To: Larry Golding (Myriad Consulting Inc) <v-lgold@microsoft.com>; 
>>> James Kupsch <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org
>>> Subject: RE: [EXTERNAL] Re: [sarif] Draft IANA registration for 
>>> media type application/sarif+json
>>>
>>> I am not sure :)
>>> I was just referring to the document you sent where it says:
>>>
>>> " Applications that use this media type: The following list is not
>>> exhaustive:
>>>
>>> - CodeHawk-C
>>> - Fortify
>>> ...
>>> "
>>>
>>> k
>>>
>>> -----Original Message-----
>>> From: Larry Golding (Myriad Consulting Inc) 
>>> [mailto:v-lgold@microsoft.com]
>>> Sent: Friday, April 03, 2020 4:46 PM
>>> To: Yekaterina O'Neil <katrina@microfocus.com>; James Kupsch 
>>> <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org
>>> Subject: RE: [EXTERNAL] Re: [sarif] Draft IANA registration for 
>>> media type application/sarif+json
>>>
>>> It is absolutely not a problem that you're not already using media 
>>> type application/sarif+json for SARIF files.
>>>
>>> Just curious, in what context do you even have occasion to specify a 
>>> media type? And are you currently using something else in that 
>>> context, like application/json?
>>>
>>> -----Original Message-----
>>> From: Yekaterina O'Neil <katrina@microfocus.com>
>>> Sent: Friday, April 3, 2020 4:43 PM
>>> To: Larry Golding (Myriad Consulting Inc) <v-lgold@microsoft.com>; 
>>> James Kupsch <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org
>>> Subject: RE: [EXTERNAL] Re: [sarif] Draft IANA registration for 
>>> media type application/sarif+json
>>>
>>> The first: that we are not already using it k
>>>
>>> -----Original Message-----
>>> From: sarif@lists.oasis-open.org [mailto:sarif@lists.oasis-open.org]
>>> On Behalf Of Larry Golding (Myriad Consulting Inc)
>>> Sent: Friday, April 03, 2020 4:42 PM
>>> To: Yekaterina O'Neil <katrina@microfocus.com>; James Kupsch 
>>> <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org
>>> Subject: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA registration 
>>> for media type application/sarif+json
>>>
>>> Sorry Ykaterina, are you asking if it's a problem that you might 
>>> _not_ already be using it? Or that you _are_ already using it? Or 
>>> that you've already _registered_ it? Or something else entirely? ð 
>>> I think I'm missing some context here.
>>>
>>> -----Original Message-----
>>> From: Yekaterina O'Neil <katrina@microfocus.com>
>>> Sent: Friday, April 3, 2020 4:40 PM
>>> To: Larry Golding (Myriad Consulting Inc) <v-lgold@microsoft.com>; 
>>> James Kupsch <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org
>>> Subject: RE: [EXTERNAL] Re: [sarif] Draft IANA registration for 
>>> media type application/sarif+json
>>>
>>> I am not sure we're already using sarif+json media type -- is this 
>>> an issue?
>>> k
>>>
>>> -----Original Message-----
>>> From: sarif@lists.oasis-open.org [mailto:sarif@lists.oasis-open.org]
>>> On Behalf Of Larry Golding (Myriad Consulting Inc)
>>> Sent: Friday, April 03, 2020 12:53 PM
>>> To: James Kupsch <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org
>>> Subject: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA registration 
>>> for media type application/sarif+json
>>>
>>> Thanks, Jim, that's very helpful. Here's an update.
>>>
>>> The next step (optional, but "strongly encouraged" by RFC 6838 Â5.1) 
>>> is to solicit "community review" by sending our draft to 
>>> media-type@iana.org. After that we can submit our "Application for 
>>> Media Type" using the online form at 
>>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.iana.org%2Fform%2Fmedia-types&amp;data=02%7C01%7Cv-lgold%40microsoft.com%7C168a1bec792d4fb36c0d08d7d82d814f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637215562266012765&amp;sdata=6kIe306IbiRo3jSfWnZX3Nm%2FDw7bBxA6O6ERxEZ%2BWTg%3D&amp;reserved=0.
>>>
>>>
>>> I'll wait until Monday afternoon to give everybody else a chance to 
>>> comment.
>>>
>>> Thanks,
>>> Larry
>>>
>>> -----Original Message-----
>>> From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> On 
>>> Behalf Of James Kupsch
>>> Sent: Friday, April 3, 2020 12:41 PM
>>> To: sarif@lists.oasis-open.org
>>> Subject: [EXTERNAL] Re: [sarif] Draft IANA registration for media 
>>> type application/sarif+json
>>>
>>> Larry,
>>>
>>> Two comments on other fields and other answers below. The other 
>>> field look good to me.
>>>
>>> Thanks,
>>> Jim
>>>
>>> --------
>>> For the contact for further information field should the OASIS SARIF 
>>> mailing list be included in addition (or place of)? I don't know if 
>>> this is used for completing registration process or for long term 
>>> contact information. For long term, an OASIS email might good to 
>>> have as it might exist after you Michael retire.
>>>
>>> --------
>>> For the Intended Usage field something be added to the free form 
>>> field such as:
>>>
>>> Intended to be used by the software development community as a 
>>> common interchange format for the results of static analysis tools.
>>>
>>>
>>>
>>> On 4/3/20 1:05 PM, Larry Golding (Myriad Consulting Inc) wrote:
>>>> Please take a look and give feedback.
>>>>
>>>> ÂÂÂ * I don't know what to put for "interoperability consideration".
>>>
>>> I would say "None". Based on the examples in RFC 6838, I do not 
>>> think that there are any known interoperability issues, nor can I 
>>> think of any.
>>>
>>>>
>>>> ÂÂÂ * I don't know what to put for "restrictions on usage".
>>>
>>> I would say "None" base on RFC 6838.
>>>
>>>>
>>>> ÂÂÂ * The list of "applications that use this media type" isn't 
>>>> intended
>>>> ÂÂÂÂÂ to be exhaustive, but if you want to add something 
>>>> (especially I
>>>> ÂÂÂÂÂ think Jim will want to add some SWAMP tools) just let me know.
>>>
>>> I think that you can just add
>>>
>>> SWAMP (Software Assurance Marketplace, 
>>> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww
>>> .c
>>> ontinuousassurance.org%2F&amp;data=02%7C01%7Cv-lgold%40microsoft.com
>>> %7
>>> C2887154126f74d2d054108d7d82af939%7C72f988bf86f141af91ab2d7cd011db47
>>> %7 
>>> C1%7C0%7C637215551394693816&amp;sdata=Tq75qcBj%2FSXe%2F1CXtSG8wzizbO
>>> sM
>>> qNmONl14W0kKUBY%3D&amp;reserved=0)
>>>
>>> The SWAMP can produce SARIF output from all the tools in available 
>>> in the SWAMP (still waiting for a bit of UI work to make it publicly 
>>> available).
>>>
>>>>
>>>> ÂÂÂ * Also if I've misnamed any of the tools please let me know.
>>>> ÂÂÂÂÂ CodeHawk-C was formerly KT-Advance.
>>>>
>>>> ÂÂÂ * Let me know if you want to provide something for "Any other
>>>> ÂÂÂÂÂ information" at the bottom.
>>>>
>>>>
>>>>
>>>> -------------------------------------------------------------------
>>>> -- To unsubscribe from this mail list, you must leave the OASIS TC 
>>>> that generates this mail. Follow this link to all your TCs in 
>>>> OASIS at:
>>>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
>>>> oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.ph
>>>> p&
>>>> a
>>>> mp;data=02%7C01%7Cv-lgold%40microsoft.com%7C48cfaf71b8484b5d42cd08d
>>>> 7d
>>>> 8
>>>> 06e646%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637215396456115
>>>> 86
>>>> 3
>>>> &amp;sdata=j7lt0taDwCcA3hGwvYoZ5pZ5qxBnmxNYoe78U5J6p4g%3D&amp;reser
>>>> ve
>>>> d
>>>> =0
>>>>
>>>
>>> --------------------------------------------------------------------
>>> - To unsubscribe from this mail list, you must leave the OASIS TC 
>>> that generates this mail. Follow this link to all your TCs in OASIS 
>>> at:
>>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
>>> oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.php
>>> &a
>>> mp;data=02%7C01%7Cv-lgold%40microsoft.com%7C2887154126f74d2d054108d7
>>> d8
>>> 2af939%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6372155513946938
>>> 16 
>>> &amp;sdata=hJGdyr8vKzRBRKVgYM%2B8ifMrzDh1YUQnAHupSGt78PI%3D&amp;rese
>>> rv
>>> ed=0
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this mail list, you must leave the OASIS TC that 
>> generates this mail. Follow this link to all your TCs in OASIS at:
>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww
>> .oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.php
>> &amp;data=02%7C01%7Cv-lgold%40microsoft.com%7C168a1bec792d4fb36c0d08d
>> 7d82d814f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63721556226602
>> 2756&amp;sdata=00Hs5mObi2XVtBmeDCr2XC4x%2FNmfEVf75gmi2RZOsWQ%3D&amp;r
>> eserved=0
>>
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that 
> generates this mail. Follow this link to all your TCs in OASIS at:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.php&a
> mp;data=02%7C01%7Cv-lgold%40microsoft.com%7C168a1bec792d4fb36c0d08d7d8
> 2d814f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637215562266022756
> &amp;sdata=00Hs5mObi2XVtBmeDCr2XC4x%2FNmfEVf75gmi2RZOsWQ%3D&amp;reserv
> ed=0


---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.php&amp;data=02%7C01%7Cv-lgold%40microsoft.com%7C168a1bec792d4fb36c0d08d7d82d814f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637215562266022756&amp;sdata=00Hs5mObi2XVtBmeDCr2XC4x%2FNmfEVf75gmi2RZOsWQ%3D&amp;reserved=0