OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

sarif message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: First draft of sarif URI scheme registration

Hi Chet,

 

Here is the first draft of the registration for the sarif URI scheme.

 

It cites the SARIF specification. However, the SARIF spec doesn’t really meet the requirements of RFC7595 for a “permanent” scheme registration. A permanent registration requires a “scheme specification”, a document that describes (among other things):

 

   Scheme syntax:
     See Section 3.2 for guidelines.
 
   Scheme semantics:
     See Section 3.3 and Section 3.4 for guidelines.
 
   Encoding considerations:
     See Section 3.3 and Section 3.6 for guidelines.
 
   Interoperability considerations:
     See Section 3.9 for guidelines.
 
   Security considerations:
     See Section 3.7 for guidelines

 

It also needs to include a description of the utility of the scheme, the context of use, and a description of the “operations” that can be performed on URIs that use that scheme (for example, GET).

 

Some of this is implicit in the SARIF spec, a little of it is spelled out, and a lot is missing. In general, the RFC seems to imply that a “scheme specification” is a whole separate document that itself goes through a standards process.

 

One workaround would be to request a “provisional” registration, which doesn’t require a scheme specification document.

 

What do you recommend? Michael and David also explicitly on the To: line for their input.

 

Thanks,

Larry

 

Scheme name: sarif

Status: Permanent

Applications/protocols that use this scheme name:
   The sarif scheme can be used by any application that processes
   file that conform to the SARIF 2.1.0 specification, including
   but not limited to:

   - Static analysis tools
   - Static analysis results visualization tools (viewers)
   - Bug filing tools
   - Defect databases
   - Compliance systems

Contact:
   Michael C. Fanning (mikefan&microsoft.com) and Laurence J. Golding 
   (v-lgold&microsoft.com)

Change controller: OASIS Open (https://www.oasis-open.org/)

References:
   Static Analysis Results Interchange Format (SARIF) Version 2.1.0.
   Edited by Michael C. Fanning and Laurence J. Golding. 27 March 2020.
   OASIS Standard. 

   https://docs.oasisopen.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html.

   Latest stage: 
   https://docs.oasisopen.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]