THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Technical Team/SPDX RDF Vocabularies and Terms/1.0/Terms"

From SPDX Wiki
Jump to: navigation, search
(Convert to MediaWiki syntax)
 
Line 1: Line 1:
<h1>SPDX Vocabulary Specification</h1><dl><dt>Version:</dt><dd>1.0</dd><dt>Latest Version:</dt><dd><a href="http://spdx.org/rdf/terms">http://spdx.org/rdf/terms</a></dd><dt>Alternate Formats:</dt><dd><ul><li><a href="http://spdx.org/rdf/terms.rdf">RDF/XML</a></li><li><a href="http://spdx.org/rdf/terms.ttl">Turtle</a></li></ul></dd></dl><p>Copyright © 2010-2011 Linux Foundation and its Contributors. All other rights are expressly reserved.</p><p>Licensed under the <a href="http://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution License 3.0 unported</a>.</p><h2>Abstract</h2><div><p>This specification describes the SPDX language, defined as a dictionary of named properties and classes using W3C's RDF Technology.</p><p>SPDX is a designed to allow the exchange of data about software packages. This information includes general information about the package, licensing information about the package as a whole, a manifest of files contained in the package and licensing information related to the contained files.</p></div><p>The <code>spdx</code> prefix used in this document expands to <code>http://spdx.org/rdf/terms#</code>. Any terms in this document without an explicit prefix may be assumed to be in the <code>spdx</code> namespace.</p><h3>Other vocabularies used by this one</h3><ul><li><span> <a href="http://trac.usefulinc.com/doap">DOAP</a> </span></li></ul><h2>Classes</h2><ul><li><a href="#SpdxDocument"><code>SpdxDocument</code></a></li><li><a href="#CreationInfo"><code>CreationInfo</code></a></li><li><a href="#Package"><code>Package</code></a></li><li><a href="#ExtractedLicensingInfo"><code>ExtractedLicensingInfo</code></a></li><li><a href="#Checksum"><code>Checksum</code></a></li><li><a href="#PackageVerificationCode"><code>PackageVerificationCode</code></a></li><li><a href="#File"><code>File</code></a></li><li><a href="#Review"><code>Review</code></a></li><li><a href="#License"><code>License</code></a></li><li><a href="#ConjunctiveLicenseSet"><code>ConjunctiveLicenseSet</code></a></li><li><a href="#DisjunctiveLicenseSet"><code>DisjunctiveLicenseSet</code></a></li><li><a href="#AnyLicenseInfo"><code>AnyLicenseInfo</code></a></li><li><a href="#SimpleLicenseInfo"><code>SimpleLicenseInfo</code></a></li></ul><div><h3 id="SpdxDocument">Class: <code>SpdxDocument</code></h3><p>An <code>SdpxDocument</code> is a summary of the contents, provenance, ownership and licensing analysis of a specific software package. This is, effectively, the top level of SPDX information.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Properties:</dt><dd><ul><li><p><a href="#specVersion" rel="owl:onProperty"><code>specVersion</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#dataLicense" rel="owl:onProperty"><code>dataLicense</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#creationInfo" rel="owl:onProperty"><code>creationInfo</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#describesPackage" rel="owl:onProperty"><code>describesPackage</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#hasExtractedLicensingInfo"><code>hasExtractedLicensingInfo</code></a> <br />Cardinality: Optional, zero or more</p></li><li><p><a href="#referencesFile" rel="owl:onProperty"><code>referencesFile</code></a> <br />Cardinality: Mandatory, <span>one</span> or more</p></li><li><p><a href="#reviewed"><code>reviewed</code></a> <br />Cardinality: Optional, zero or more.</p></li></ul></dd></dl></div><div><h3 id="CreationInfo">Class: <code>CreationInfo</code></h3><p>A <code>CreationInfo</code> provides information about the individuals, organizations and tools involved in the creation of an <a href="#SpdxDocument"><code>SpdxDocument</code></a>.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Properties:</dt><dd><ul><li><p><a href="#creator" rel="owl:onProperty"><code>creator</code></a> <br />Cardinality: Mandatory, <span>one or more</span></p></li><li><p><a href="#created" rel="owl:onProperty"><code>created</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="http://www.w3.org/TR/rdf-schema/#ch_comment"><code>rdfs:comment</code></a> <br />Cardinality: Optional, <span>zero or one</span></p></li></ul></dd></dl></div><div><h3 id="Package">Class: <code>Package</code></h3><p>A <code>Package</code> represents a collection of software files that are delivered as a single functional component.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Properties:</dt><dd><ul><li><p><a href="#name" rel="owl:onProperty"><code>name</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#versionInfo" rel="owl:onProperty"><code>versionInfo</code></a> <br />Cardinality: Optional, <span>zero or one</span></p></li><li><p><a href="#packageFileName" rel="owl:onProperty"><code>packageFileName</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#supplier" rel="owl:onProperty"><code>supplier</code></a> <br />Cardinality: Optional, <span>zero or one</span></p></li><li><p><a href="#originator" rel="owl:onProperty"><code>originator</code></a> <br />Cardinality: Optional, <span>zero or one</span></p></li><li><p><a href="#downloadLocation" rel="owl:onProperty"><code>downloadLocation</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#packageVerificationCode" rel="owl:onProperty"><code>packageVerificationCode</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#checksum" rel="owl:onProperty"><code>checksum</code></a> <br />Cardinality: Optional, <span>zero or one</span></p></li><li><p><a href="#sourceInfo" rel="owl:onProperty"><code>sourceInfo</code></a> <br />Cardinality: Optional, <span>zero or one</span></p></li><li><p><a href="#licenseConcluded" rel="owl:onProperty"><code>licenseConcluded</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#licenseInfoFromFiles" rel="owl:onProperty"><code>licenseInfoFromFiles</code></a> <br />Cardinality: Mandatory, <span>one or more</span></p></li><li><p><a href="#licenseDeclared" rel="owl:onProperty"><code>licenseDeclared</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#licenseComments" rel="owl:onProperty"><code>licenseComments</code></a> <br />Cardinality: Optional, <span>zero or one</span></p></li><li><p><a href="#copyrightText" rel="owl:onProperty"><code>copyrightText</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#summary" rel="owl:onProperty"><code>summary</code></a> <br />Cardinality: Optional, <span>zero or one</span></p></li><li><p><a href="#description" rel="owl:onProperty"><code>description</code></a> <br />Cardinality: Optional, <span>zero or one</span></p></li><li><p><a href="#hasFile" rel="owl:onProperty"><code>hasFile</code></a> <br />Cardinality: Mandatory, <span>one or more</span></p></li></ul></dd></dl></div><div><h3 id="ExtractedLicensingInfo">Class: <code>ExtractedLicensingInfo</code></h3><p>An <code>ExtractedLicensingInfo</code> represents a license or licensing notice that was found in the package. Any license text that is recognized as a license may be represented as a <a href="#License"><code>License</code></a> rather than an <code>ExtractedLicensingInfo</code>.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Properties:</dt><dd><ul><li><p><a href="#licenseId" rel="owl:onProperty"><code>licenseId</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#extractedText" rel="owl:onProperty"><code>extractedText</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li></ul></dd></dl></div><div><h3 id="File">Class: <code>File</code></h3><p>A <code>File</code> represents a named sequence of information that is contained in a software package.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Properties:</dt><dd><ul><li><p><a href="#fileName" rel="owl:onProperty"><code>fileName</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#fileType" rel="owl:onProperty"><code>fileType</code></a> <br />Cardinality: Optional, <span>zero or one</span></p></li><li><p><a href="#checksum" rel="owl:onProperty"><code>checksum</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#licenseConcluded" rel="owl:onProperty"><code>licenseConcluded</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#licenseInfoInFile" rel="owl:onProperty"><code>licenseInfoInFile</code></a> <br />Cardinality: Mandatory, <span>one or more</span></p></li><li><p><a href="#licenseComments" rel="owl:onProperty"><code>licenseComments</code></a> <br />Cardinality: Optional, <span>zero or one</span></p></li><li><p><a href="#copyrightText" rel="owl:onProperty"><code>copyrightText</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#artifactOf" rel="owl:onProperty"><code>artifactOf</code></a> <br />Cardinality: Optional, <span>zero or one</span></p></li></ul></dd></dl></div><div><h3 id="Review">Class: <code>Review</code></h3><p>A <code>Review</code> represents an audit and signoff by an individual, organization or tool on the information in an <a href="#SpdxDocument"><code>SpdxDocument</code></a>.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Properties:</dt><dd><ul><li><p><a href="#reviewer" rel="owl:onProperty"><code>reviewer</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#reviewDate" rel="owl:onProperty"><code>reviewDate</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="http://www.w3.org/TR/rdf-schema/#ch_comment"><code>rdfs:comment</code></a> <br />Cardinality: Optional, <span>zero or one</span></p></li></ul></dd></dl></div><div><h3 id="License">Class: <code>License</code></h3><p>A <code>License</code> represents a software copyright license. This class is used by the SPDX license list to represent standard licenses.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Properties:</dt><dd><ul><li><p><a href="#licenseId" rel="owl:onProperty"><code>licenseId</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#licenseText" rel="owl:onProperty"><code>licenseText</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li></ul></dd></dl></div><div><h3 id="Checksum">Class: <code>Checksum</code></h3><p>A <code>Checksum</code> is value that allows the contents of a file to be authenticated. Even small changes to the content of the file will change it's checksum. This class allows the results of a variety of checksum and cryptographic message digest algorithms to be represented.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Properties:</dt><dd><ul><li><p><a href="#algorithm" rel="owl:onProperty"><code>algorithm</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li><li><p><a href="#checksumValue" rel="owl:onProperty"><code>checksumValue</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li></ul></dd></dl></div><div><h3 id="PackageVerificationCode">Class: <code>PackageVerificationCode</code></h3><p>A <code>PackageVerificationCode</code> is a value that allows authentication of the package. This differs from the <a href="#Checksum"><code>Checksum</code></a> in that it uses an algorithm that allows the SPDX file to be embedded in the package. This verification code is produced using a cryptographic hash algorithm applied to a manifest of the package. Some files in the package (e.g. the SPDX files) are explicitly excluded from the verification code. This allows those excluded files to not impact the verification code.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Properties:</dt><dd><ul><li><p><a href="#packageVerificationCodeExcludedFile"><code>packageVerificationCodeExcludedFile</code></a> <br />Cardinality: Optional, zero or more</p></li><li><p><a href="#packageVerificationCodeValue" rel="owl:onProperty"><code>packageVerificationCodeValue</code></a> <br />Cardinality: Mandatory, <span>one</span></p></li></ul></dd></dl></div><div><h3 id="ConjunctiveLicenseSet">Class: <code>ConjunctiveLicenseSet</code></h3><p>A <code>ConjunctiveLicenseSet</code> represents a set of <a href="#AnyLicenseInfo">licensing information</a> all of which apply.</p><p>This class refines <a href="http://www.w3.org/TR/rdf-schema/#ch_container"><code>rdfs:Container</code></a>.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Properties:</dt><dd><ul><li><p><a href="#member" rel="owl:onProperty"><code>member</code></a> <br />Cardinality: Mandatory, <span>two</span> or more.</p></li></ul></dd></dl></div><div><h3 id="DisjunctiveLicenseSet">Class: <code>DisjunctiveLicenseSet</code></h3><p>A <code>DisjunctiveLicenseSet</code> represents a set of <a href="#AnyLicenseInfo">licensing information</a> where only one license applies at a time. This class implies that the recipient gets to choose one of these licenses they would prefer to use.</p><p>This class refines <a href="http://www.w3.org/TR/rdf-schema/#ch_container"><code>rdfs:Container</code></a>.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Properties:</dt><dd><ul><li><p><a href="#member" rel="owl:onProperty"><code>member</code></a> <br />Cardinality: Mandatory, <span>two</span> or more.</p></li></ul></dd></dl></div><div><h3 id="AnyLicenseInfo">Class: <code>AnyLicenseInfo</code></h3><p>The <code>AnyLicenseInfo</code> class includes all resources that represent licensing information.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Members</dt><dd>All resources in any of the following classes:<ul><li><a href="#License" rel="rdf:first"><code>License</code></a></li><li><a href="#ExtractedLicensingInfo" rel="rdf:first"><code>ExtractedLicensingInfo</code></a></li><li><a href="#ConjunctiveLicenseSet" rel="rdf:first"><code>ConjunctiveLicenseSet</code></a></li><li><a href="#DisjunctiveLicenseSet" rel="rdf:first"><code>DisjunctiveLicenseSet</code></a></li></ul></dd></dl></div><div><h3 id="SimpleLicenseInfo">Class: <code>SimpleLicenseInfo</code></h3><p>The <code>SimpleLicenseInfo</code> class includes all resources that represent simple, atomic, licensing information.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Members</dt><dd>All resources in any of the following classes:<ul><li><a href="#License" rel="rdf:first"><code>License</code></a></li><li><a href="#ExtractedLicensingInfo" rel="rdf:first"><code>ExtractedLicensingInfo</code></a></li></ul></dd></dl></div><h2>Properties</h2><ul><li><a href="#algorithm"><code>algorithm</code></a></li><li><a href="#artifactOf"><code>artifactOf</code></a></li><li><a href="#checksum"><code>checksum</code></a></li><li><a href="#checksumValue"><code>checksumValue</code></a></li><li><a href="#copyrightText"><code>copyrightText</code></a></li><li><a href="#created"><code>created</code></a></li><li><a href="#creationInfo"><code>creationInfo</code></a></li><li><a href="#creator"><code>creator</code></a></li><li><a href="#dataLicense"><code>dataLicense</code></a></li><li><a href="#describesPackage"><code>describesPackage</code></a></li><li><a href="#description"><code>description</code></a></li><li><a href="#downloadLocation"><code>downloadLocation</code></a></li><li><a href="#extractedText"><code>extractedText</code></a></li><li><a href="#fileName"><code>fileName</code></a></li><li><a href="#fileType"><code>fileType</code></a></li><li><a href="#hasExtractedLicensingInfo"><code>hasExtractedLicensingInfo</code></a></li><li><a href="#hasFile"><code>hasFile</code></a></li><li><a href="#licenseComments"><code>licenseComments</code></a></li><li><a href="#licenseConcluded"><code>licenseConcluded</code></a></li><li><a href="#licenseDeclared"><code>licenseDeclared</code></a></li><li><a href="#licenseId"><code>licenseId</code></a></li><li><a href="#licenseText"><code>licenseText</code></a></li><li><a href="#licenseInfoFromFiles"><code>licenseInfoFromFiles</code></a></li><li><a href="#licenseInfoInFile"><code>licenseInfoInFile</code></a></li><li><a href="#member"><code>member</code></a></li><li><a href="#name"><code>name</code></a></li><li><a href="#originator"><code>originator</code></a></li><li><a href="#packageFileName"><code>packageFileName</code></a></li><li><a href="#packageVerificationCode"><code>packageVerificationCode</code></a></li><li><a href="#packageVerificationCodeExcludedFile"><code>packageVerificationCodeExcludedFile</code></a></li><li><a href="#packageVerificationCodeValue"><code>packageVerificationCodeValue</code></a></li><li><a href="#referencesFile"><code>referencesFile</code></a></li><li><a href="#reviewDate"><code>reviewDate</code></a></li><li><a href="#reviewed"><code>reviewed</code></a></li><li><a href="#reviewer"><code>reviewer</code></a></li><li><a href="#sourceInfo"><code>sourceInfo</code></a></li><li><a href="#specVersion"><code>specVerison</code></a></li><li><a href="#summary"><code>summary</code></a></li><li><a href="#supplier"><code>supplier</code></a></li><li><a href="#versionInfo"><code>versionInfo</code></a></li></ul><div id="algorithm"><h3>Property: <code>algorithm</code></h3><p>Identifies the algorithm used to produce the subject <a href="#Checksum"><code>Checksum</code></a>.</p><p>Currently, <a href="http://www.itl.nist.gov/fipspubs/fip180-1.htm">SHA-1</a> is the only supported algorithm. It is anticipated that other algorithms will be supported at a later time.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#Checksum" rel="rdfs:domain"><code>Checksum</code></a></dd><dt>Range:</dt><dd><span> <span> <span> <span> <a href="#checksumAlgorithm_sha1"><code>spdx:checksumAlgorithm_sha1</code></a> </span> </span> </span> </span></dd></dl></div><div id="artifactOf"><h3>Property: <code>artifactOf</code></h3><div><p>Indicates the project in which the file originated.</p><p>Tools must preserve <code>doap:hompage</code> and <code>doap:name</code> properties and the URI (if one is known) of <code>doap:Project</code> resources that are values of this property. All other properties of <code>doap:Projects</code> are not directly supported by SPDX and may be dropped when translating to or from some SPDX formats.</p></div><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#File" rel="rdfs:domain"><code>File</code></a></dd><dt>Range:</dt><dd><a href="http://usefulinc.com/ns/doap#Project" rel="rdfs:range"><code>doap:Project</code></a></dd></dl></div><div id="checksum"><h3>Property: <code>checksum</code></h3><p>The <code>checksum</code> property provides a mechanism that can be used to verify that the contents of a <a href="#File"><code>File</code></a> or <a href="#Package"><code>Package</code></a> have not changed.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd>Any of:<div><ul><li><a href="#Package" rel="rdf:first"><code>Package</code></a></li><li><a href="#File" rel="rdf:first"><code>File</code></a></li></ul></div></dd><dt>Range:</dt><dd><a href="#Checksum" rel="rdfs:range">Checksum</a></dd></dl></div><div id="checksumValue"><h3>Property: <code>checksumValue</code></h3><p>The <code>checksumValue</code> property provides a lower case hexidecimal encoded digest value produced using a specific algorithm.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#Checksum" rel="rdfs:domain"><code>Checksum</code></a></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#hexBinary"><code>xsd:hexBinary</code></a></dd></dl></div><div id="created"><h3>Property: <code>created</code></h3><p>The date and time at which the <a href="#SpdxDocument"><code>SpdxDocument</code></a> was created. This value must in UTC and have 'Z' as its timezone indicator.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#CreationInfo" rel="rdfs:domain"><code>CreationInfo</code></a></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#dateTime"><code>xsd:dateTime</code></a></dd></dl></div><div id="copyrightText"><h3>Property: <code>copyrightText</code></h3><p>The text of copyright declarations recited in the <a href="#Package"><code>Package</code></a> or <a href="#File"><code>File</code></a>.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd>Any of:<div><ul><li><a href="#Package" rel="rdf:first"><code>Package</code></a></li><li><a href="#File" rel="rdf:first"><code>File</code></a></li></ul></div></dd><dt>Range:</dt><dd>Any of:<div><ul><li><a href="http://www.w3.org/TR/rdf-schema/#ch_literal"><code>rdfs:Literal</code></a></li><li><a href="#none"><code>spdx:none</code></a></li><li><a href="#noassertion"><code>spdx:noassertion</code></a></li></ul></div></dd></dl></div><div id="creationInfo"><h3>Property: <code>creationInfo</code></h3><p>The <code>creationInfo</code> property relates an <a href="#SpdxDocument"><code>SpdxDocument</code></a> to a set of information about the creation of the <a href="#SpdxDocument"><code>SpdxDocument</code></a>.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#SpdxDocument" rel="rdfs:domain"><code>SpdxDocument</code></a></dd><dt>Range:</dt><dd><a href="#CreationInfo" rel="rdfs:range"><code>CreationInfo</code></a></dd></dl></div><div id="creator"><h3>Property: <code>creator</code></h3><div><p>The name and, optionally, contact information of a person, organization or tool that created, or was used to create, the <a href="#SpdxDocument"><code>SpdxDocument</code></a>.</p><p>Values of this property must conform to the <a href="#agent-syntax">agent and tool syntax</a>.</p></div><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#CreationInfo" rel="rdfs:domain"><code>CreationInfo</code></a></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#string"><code>xsd:string</code></a></dd></dl></div><div id="dataLicense"><h3>Property: <code>dataLicense</code></h3><div><p>The licensing under which the <a href="#creator"><code>creator</code></a> of this SPDX document allows related data to be reproduced.</p><p>The only valid value for this property is <code>http://spdx.org/licenses/PDDL-1.0</code>. This is to alleviate any concern that content (the data) in an SPDX file is subject to any form of intellectual property right that could restrict the re-use of the information or the creation of another SPDX file for the same project(s). This approach avoids intellectual property and related restrictions over the SPDX file, however individuals can still contract one to one to restrict release of specific collections of SPDX files (which map to software bill of materials) and the identification of the supplier of SPDX files.</p></div><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#SpdxDocument" rel="rdfs:domain"><code>SpdxDocument</code></a></dd><dt>Range:</dt><dd><div><div><div><a href="http://spdx.org/licenses/PDDL-1.0" rel="rdf:first"><code>http://spdx.org/licenses/PDDL-1.0</code></a></div></div></div></dd></dl></div><div id="describesPackage"><h3>Property: <code>describesPackage</code></h3><p>The <code>describesPackage</code> property relates an <code>SpdxDocument</code> to the package which it describes.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#SpdxDocument" rel="rdfs:domain"><code>SpdxDocument</code></a></dd><dt>Range:</dt><dd><a href="#Package" rel="rdfs:range"><code>Package</code></a></dd></dl></div><div id="description"><h3>Property: <code>description</code></h3><p>Provides a detailed description of the package.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#Package" rel="rdfs:domain"><code>Package</code></a></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#string"><code>xsd:string</code></a></dd></dl></div><div id="downloadLocation"><h3>Property: <code>downloadLocation</code></h3><p>The URI at which this package is available for download. Private (i.e., not publicly reachable) URIs are acceptable as values of this property.</p><p>The values <a href="#none"><code>http://spdx.org/rdf/terms#none</code></a> and <a href="#noassertion"><code>http://spdx.org/rdf/terms#noassertion</code></a> may be used to specify that the package is not downloadable or that no attempt was made to determine its download location, respectively.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#Package" rel="rdfs:domain"><code>Package</code></a></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#anyURI"><code>xsd:anyURI</code></a></dd></dl></div><div id="extractedText"><h3>Property: <code>extractedText</code></h3><p>Verbatim license or licensing notice text that was discovered.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#ExtractedLicensingInfo" rel="rdfs:domain"><code>ExtractedLicensingInfo</code></a></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#string"><code>xsd:string</code></a></dd></dl></div><div id="fileName"><h3>Property: <code>fileName</code></h3><p>The name of the file relative to the root of the package.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#File" rel="rdfs:domain"><code>File</code></a></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#string"><code>xsd:string</code></a></dd></dl></div><div id="fileType"><h3>Property: <code>fileType</code></h3><p>The type of the file.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#File" rel="rdfs:domain"><code>File</code></a></dd><dt>Range:</dt><dd>One of:<div><ul><li><span> <a href="#fileType_source"> <code>spdx:fileType_source</code> </a> </span><p>Indicates the file is a source code file.</p></li><li><span> <a href="#fileType_archive"> <code>spdx:fileType_archive</code> </a> </span><p>Indicates the file is an archive file.</p></li><li><span> <a href="#fileType_binary"> <code>spdx:fileType_binary</code></a> </span><p>Indicates the file is not a text file. <code>filetype_archive</code> is preferred for archive files even though they are binary.</p></li><li><span> <a href="#fileType_other"> <code>spdx:fileType_other</code></a> </span><p>Indicates the file did not fall into any of the other categories.</p></li></ul></div></dd></dl></div><div id="hasExtractedLicensingInfo"><h3>Property: <code>hasExtractedLicensingInfo</code></h3><p>Indicates that a particular <a href="#ExtractedLicensingInfo"><code>ExtractedLicensingInfo</code></a> was defined in the subject <a href="#SpdxDocument"><code>SpdxDocument</code></a>.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#SpdxDocument" rel="rdfs:domain"><code>SpdxDocument</code></a></dd><dt>Range:</dt><dd><a href="#ExtractedLicensingInfo" rel="rdfs:range"><code>ExtractedLicensingInfo</code></a></dd></dl></div><div id="hasFile"><h3>Property: <code>hasFile</code></h3><p>Indicates that a particular <a href="#File">file</a> belongs to a <a href="#Package">package</a>.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#Package" rel="rdfs:domain"><code>Package</code></a></dd><dt>Range:</dt><dd><a href="#File" rel="rdfs:range"><code>File</code></a></dd></dl></div><div id="licenseComments"><h3>Property: <code>licenseComments</code></h3><p>The <code>licenseComments</code> property allows the preparer of the SPDX document to describe why the licensing in <a href="#licenseConcluded"><code>spdx:licenseConcluded</code></a> was chosen.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd>Any of:<ul><li><a href="#Package" rel="rdf:first"><code>Package</code></a></li><li><a href="#File" rel="rdf:first"><code>File</code></a></li></ul></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#string"><code>xsd:string</code></a></dd></dl></div><div id="licenseConcluded"><h3>Property: <code>licenseConcluded</code></h3><p>The licensing that the preparer of this SPDX document has concluded, based on the evidence, actually applies to the package.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd>Any of:<div><ul><li><a href="#Package" rel="rdf:first"><code>Package</code></a></li><li><a href="#File" rel="rdf:first"><code>File</code></a></li></ul></div></dd><dt>Range:</dt><dd>Any of:<div><ul><li><a href="#AnyLicenseInfo" rel="rdf:first"><code>AnyLicenseInfo</code></a></li><li><a href="#none"><code>spdx:none</code></a></li><li><a href="#noassertion"><code>spdx:noassertion</code></a></li></ul></div></dd></dl></div><div id="licenseDeclared"><h3>Property: <code>licenseDeclared</code></h3><p>The licensing that the creators of the software in the package, or the packager, have declared. Declarations by the original software creator should be preferred, if they exist.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#Package" rel="rdfs:domain"><code>Package</code></a></dd><dt>Range:</dt><dd>Any of:<div><ul><li><a href="#AnyLicenseInfo" rel="rdf:first"><code>AnyLicenseInfo</code></a></li><li><a href="#none"><code>spdx:none</code></a></li><li><a href="#noassertion"><code>spdx:noassertion</code></a></li></ul></div></dd></dl></div><div id="licenseId"><h3>Property: <code>licenseId</code></h3><p>A short name for the license that is at least 3 characters long and made up of the characters from the set 'a'-'z', 'A'-'Z', '0'-'9', '+', '_', '.', and '-'. Formally, all <code>licenseId</code> values must match the regular expression: <code>[-+_.a-zA-Z0-9]{3,}</code></p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><ul><li><a href="#License" rel="rdf:first"><code>License</code></a></li><li><a href="#ExtractedLicensingInfo" rel="rdf:first"><code>ExtractedLicensingInfo</code></a></li></ul></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#string"><code>xsd:string</code></a></dd></dl></div><div id="licenseText"><h3>Property: <code>licenseText</code></h3><p>The full text of the license.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#License" rel="rdfs:domain"><code>License</code></a></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#string"><code>xsd:string</code></a></dd></dl></div><div id="licenseInfoFromFiles"><h3>Property: <code>licenseInfoFromFiles</code></h3><p>The licensing information that was discovered directly within the package. There will be an instance of this property for each distinct value of all <a href="#licenseInfoInFile"><code>licenseInfoInFile</code></a> properties of all files contained in the package.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#Package" rel="rdfs:domain"><code>Package</code></a></dd><dt>Range:</dt><dd>Any of:<div><ul><li><a href="#SimpleLicenseInfo" rel="rdf:first"><code>SimpleLicenseInfo</code></a></li><li><a href="#none"><code>spdx:none</code></a></li><li><a href="#noassertion"><code>spdx:noassertion</code></a></li></ul></div></dd></dl></div><div id="licenseInfoInFile"><h3>Property: <code>licenseInfoInFile</code></h3><p>Licensing information that was discovered directly in the subject file.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#File" rel="rdfs:domain"><code>File</code></a></dd><dt>Range:</dt><dd>Any of:<div><ul><li><a href="#SimpleLicenseInfo" rel="rdf:first"><code>SimpleLicenseInfo</code></a></li><li><a href="#none"><code>spdx:none</code></a></li><li><a href="#noassertion"><code>spdx:noassertion</code></a></li></ul></div></dd></dl></div><div id="member"><h3>Property: <code>member</code></h3><p>A <a href="#License">license</a>, or other licensing information, that is a member of the subject license set.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd>Any of:<div><ul><li><a href="#ConjunctiveLicenseSet" rel="rdf:first"><code>ConjunctiveLicenseSet</code></a></li><li><a href="#DisjunctiveLicenseSet" rel="rdf:first"><code>DisjunctiveLicenseSet</code></a></li></ul></div></dd><dt>Range:</dt><dd><a href="#AnyLicenseInfo" rel="rdfs:range"><code>AnyLicenseInfo</code></a></dd><dt>Refines:</dt><dd><span> <a href="http://www.w3.org/TR/rdf-schema/#ch_member"><code>rdfs:member</code></a> </span></dd></dl></div><div id="name"><h3>Property: <code>name</code></h3><p>The full name of the package including version information.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#Package" rel="rdfs:domain"><code>Package</code></a></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#string"><code>xsd:string</code></a></dd></dl></div><div id="originator"><h3>Property: <code>originator</code></h3><div><p>The name and, optionally, contact information of the person or organization that originally created the package.</p><p>Values of this property must conform to the <a href="#agent-syntax">agent and tool syntax</a>.</p></div><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#Package" rel="rdfs:domain"><code>Package</code></a></dd><dt>Range:</dt><dd><span> <span> <span> <a href="http://www.w3.org/TR/xmlschema-2/#string"><code>xsd:string</code></a> </span> or the individual <span> <a href="#noassertion"><code>spdx:noassertion</code></a> </span> </span> </span></dd></dl></div><div id="packageFileName"><h3>Property: <code>packageFileName</code></h3><p>The base name of the package file name. For example, <code>zlib-1.2.5.tar.gz</code>.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#Package" rel="rdfs:domain"><code>Package</code></a></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#string"><code>xsd:string</code></a></dd></dl></div><div id="packageVerificationCode"><h3>Property: <code>packageVerificationCode</code></h3><div><p>A manifest based authentication code for the package. This allows consumers of this data to determine if a package they have in hand is identical to the package from which the data was produced. This algorithm works even if the SPDX document is included in the package. This algorithm is described in detail in the SPDX specification.</p><p>The package verification code algorithm is defined in section 4.7 of the full specification.</p></div><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#Package" rel="rdfs:domain"><code>Package</code></a></dd><dt>Range:</dt><dd><a href="#PackageVerificationCode" rel="rdfs:range"><code>PackageVerificationCode</code></a></dd></dl></div><div id="packageVerificationCodeExcludedFile"><h3>Property: <code>packageVerificationCodeExcludedFile</code></h3><p>A file that was excluded when calculating the <a href="#packageVerificationCode">package verification code</a>. This is usually a file containing SPDX data regarding the package. If a package contains more than one SPDX file all SPDX files must be excluded from the package verification code. If this is not done it would be impossible to correctly calculate the verification codes in both files.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#PackageVerificationCode" rel="rdfs:domain"><code>PackageVerificationCode</code></a></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#string"><code>xsd:string</code></a></dd></dl></div><div id="packageVerificationCodeValue"><h3>Property: <code>packageVerificationCodeValue</code></h3><p>The actual package verification code as a hex encoded value.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#PackageVerificationCode" rel="rdfs:domain"><code>PackageVerificationCode</code></a></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#hexBinary"><code>xsd:hexBinary</code></a></dd></dl></div><div id="referencesFile"><h3>Property: <code>referencesFile</code></h3><p>Indicates that a particular file belongs as part of the set of analyzed files in the <a href="#SpdxDocument"><code>SpdxDocument</code></a>.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#SpdxDocument" rel="rdfs:domain"><code>SpdxDocument</code></a></dd><dt>Range:</dt><dd><a href="#File" rel="rdfs:range"><code>File</code></a></dd></dl></div><div id="reviewDate"><h3>Property: <code>reviewDate</code></h3><p>The date and time at which the <a href="#SpdxDocument"><code>SpdxDocument</code></a> was reviewed. This value must be in UTC and have 'Z' as its timezone indicator.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#Review" rel="rdfs:domain"><code>Review</code></a></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#dateTime"><code>xsd:dateTime</code></a></dd></dl></div><div id="reviewed"><h3>Property: <code>reviewed</code></h3><p>The <code>review</code> property relates a <code>SpdxDocument</code> to the review history.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#SpdxDocument" rel="rdfs:domain"><code>SpdxDocument</code></a></dd><dt>Range:</dt><dd><a href="#Review" rel="rdfs:range"><code>Review</code></a></dd></dl></div><div id="reviewer"><h3>Property: <code>reviewer</code></h3><div><p>The name and, optionally, contact information of the person who performed the review.</p><p>Values of this property must conform to the <a href="#agent-syntax">agent and tool syntax</a>.</p></div><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#Review" rel="rdfs:domain"><code>Review</code></a></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#string"><code>xsd:string</code></a></dd></dl></div><div id="sourceInfo"><h3>Property: <code>sourceInfo</code></h3><p>Allows the producer(s) of the SPDX document to describe how the package was acquired and/or changed from the original source.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#Package" rel="rdfs:domain"><code>Package</code></a></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#string"><code>xsd:string</code></a></dd></dl></div><div id="specVersion"><h3>Property: <code>specVersion</code></h3><p>Identifies the version of this specification that was used to produce this SPDX document. Currently the only supported value is <code>SPDX-1.0</code>.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#SpdxDocument" rel="rdfs:domain"><code>SpdxDocument</code></a></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#string"><code>xsd:string</code></a></dd></dl></div><div id="summary"><h3>Property: <code>summary</code></h3><p>Provides a short description of the package.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#Package" rel="rdfs:domain"><code>Package</code></a></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#string"><code>xsd:string</code></a></dd></dl></div><div id="supplier"><h3>Property: <code>supplier</code></h3><div><p>The name and, optionally, contact information of the person or organization that is the immediate supplier of this package to the recipient. The supplier may be different than <a href="#originator"><code>originator</code></a> when the software has been repackaged. For example if you get glibc from RedHat, RedHat is the Package Supplier, but FSF is the <a href="#originator"><code>originator</code></a>.</p><p>Values of this property must conform to the <a href="#agent-syntax">agent and tool syntax</a>.</p></div><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#Package" rel="rdfs:domain"><code>Package</code></a></dd><dt>Range:</dt><dd><span> <span> <span> <a href="http://www.w3.org/TR/xmlschema-2/#string"><code>xsd:string</code></a> </span> or the individual <span> <a href="#noassertion"><code>spdx:noassertion</code></a> </span> </span> </span></dd></dl></div><div id="versionInfo"><h3>Property: <code>versionInfo</code></h3><p>Provides an indication of the version of the package that is described by this <a href="#SpdxDocument"><code>SpdxDocument</code></a>.</p><dl><dt>Status:</dt><dd>stable</dd><dt>Domain:</dt><dd><a href="#Package" rel="rdfs:domain"><code>Package</code></a></dd><dt>Range:</dt><dd><a href="http://www.w3.org/TR/xmlschema-2/#string"><code>xsd:string</code></a></dd></dl></div><div style="display: none;">&nbsp;</div><h2>Individuals</h2><ul><li><a href="#checksumAlgorithm_sha1"><code>checksumAlgorithm_sha1</code></a></li><li><a href="#fileType_archive"><code>fileType_archive</code></a></li><li><a href="#fileType_binary"><code>fileType_binary</code></a></li><li><a href="#fileType_other"><code>fileType_other</code></a></li><li><a href="#fileType_source"><code>fileType_source</code></a></li><li><a href="#noassertion"><code>noassertion</code></a></li><li><a href="#none"><code>none</code></a></li></ul><div id="checksumAlgorithm_sha1"><h3>Individual: <code>checksumAlgorithm_sha1</code></h3><p>Indicates the algorithm used was <a href="http://www.itl.nist.gov/fipspubs/fip180-1.htm">SHA-1</a></p><dl><dt>Status:</dt><dd>stable</dd></dl></div><div id="fileType_archive"><h3>Individual: <code>fileType_archive</code></h3><p>Indicates the file is an archive file.</p><dl><dt>Status:</dt><dd>stable</dd></dl></div><div id="fileType_binary"><h3>Individual: <code>fileType_binary</code></h3><p>Indicates the file is not a text file. <a href="#fileType_archive"><code>spdx:filetype_archive</code></a> is preferred for archive files even though they are binary.</p><dl><dt>Status:</dt><dd>stable</dd></dl></div><div id="fileType_other"><h3>Individual: <code>fileType_other</code></h3><p>Indicates the file is not a <a href="#fileType_source">source</a>, <a href="#fileType_archive">archive</a> or <a href="#fileType_binary">binary</a> file.</p><dl><dt>Status:</dt><dd>stable</dd></dl></div><div id="fileType_source"><h3>Individual: <code>fileType_source</code></h3><p>Indicates the file is a source code file.</p><dl><dt>Status:</dt><dd>stable</dd></dl></div><div id="noassertion"><h3>Individual: <code>noassertion</code></h3><p>Indicates that the preparer of the SPDX document is not making any assertion regarding the value of this field.</p><dl><dt>Status:</dt><dd>stable</dd></dl><div>&nbsp;</div></div><div id="none"><h3>Individual: <code>none</code></h3><p>When this value is used as the object of a property it indicates that the preparer of the <a href="#SpdxDocument"><code>SpdxDocument</code></a> believes that there is no value for the property. This value should only be used if there is sufficient evidence to support this assertion.</p><dl><dt>Status:</dt><dd>stable</dd></dl><div>&nbsp;</div></div><h2 id="agent-syntax">Agent and Tool Identifiers</h2><p>Fields that identify entities that have acted in relation to the SPDX file are single line of text which name the agent or tool and, optionally, provide contact information. For example, "Person: Jane Doe (jane.doe@example.com)", "Organization: ExampleCodeInspect (contact@example.com)" and "Tool: LicenseFind - 1.0". The exact syntax of agent and tool identifications is described below in <a href="http://tools.ietf.org/html/rfc4234">ABNF</a>.</p><pre><code> agent = person / organization tool = "Tool: " name 0*1( " " DASH " " version) person = "Person: " name 0*1contact-info organization = "Organization: " name 0*1contact-info name = 1*( UNRESERVED ) / U+0022 1*( VCHAR-SANS-QUOTE ) U+0022 contact-info = " (" email-addr ")" email-addr = local-name-atom *( "." local-name-atom ) "@" domain-name-atom 1*( "." domain-name-atom ) version = 1*VCHAR-SANS-QUOTE local-name-atom = 1*( ALPHA / DIGIT / ; Printable US-ASCII "!" / "#" / ; characters not including "$" / "%" / ; specials. "&amp;" / "'" / "*" / "+" / "-" / "/" / "=" / "?" / "^" / "_" / "`" / "{" / "|" / "}" / "~" ) domain-name-atom = 1*( ALPHA / DIGIT / "-" ) DASH = U+2010 / U+2212 / ; hyphen, minus, em dash and U+2013 / U+2014 ; en dash UNRESERVED = U+0020-U+0027 / ; visible unicode characters U+0029-U+0080 / ; except '(' and dashes U+00A0-U+200F / U+2011-U+2027 / U+202A-U+2211 / U+2213-U+E01EF VCHAR-SANS-QUOTE = U+0020-U+0021 / ; visible unicode characters U+0023-U+0080 / ; except quotation mark U+00a0-U+E01EF </code></pre>
+
__NOTOC__
 +
== SPDX Vocabulary Specification ==
 +
 
 +
; Version:
 +
: 1.0
 +
; Latest Version:
 +
: http://spdx.org/rdf/terms
 +
; Alternate Formats:
 +
:* [http://spdx.org/rdf/terms.rdf RDF/XML]
 +
:* [http://spdx.org/rdf/terms.ttl Turtle]
 +
 
 +
Copyright © 2010-2011 Linux Foundation and its Contributors. All other rights are expressly reserved.
 +
 
 +
Licensed under the [http://creativecommons.org/licenses/by/3.0/ Creative Commons Attribution License 3.0 unported].
 +
 
 +
==Abstract==
 +
 
 +
This specification describes the SPDX language, defined as a dictionary of named properties and classes using W3C's RDF Technology.
 +
 
 +
SPDX is a designed to allow the exchange of data about software packages. This information includes general information about the package, licensing information about the package as a whole, a manifest of files contained in the package and licensing information related to the contained files.
 +
 
 +
The <code>spdx</code> prefix used in this document expands to <code>http://spdx.org/rdf/terms#</code>. Any terms in this document without an explicit prefix may be assumed to be in the <code>spdx</code> namespace.
 +
 
 +
==Other vocabularies used by this one==
 +
 
 +
* [http://trac.usefulinc.com/doap DOAP]
 +
 
 +
==Classes==
 +
 
 +
* <code>SpdxDocument</code>
 +
* <code>CreationInfo</code>
 +
* <code>Package</code>
 +
* <code>ExtractedLicensingInfo</code>
 +
* <code>Checksum</code>
 +
* <code>PackageVerificationCode</code>
 +
* <code>File</code>
 +
* <code>Review</code>
 +
* <code>License</code>
 +
* <code>ConjunctiveLicenseSet</code>
 +
* <code>DisjunctiveLicenseSet</code>
 +
* <code>AnyLicenseInfo</code>
 +
* <code>SimpleLicenseInfo</code>
 +
 
 +
===Class: <code>SpdxDocument</code>===
 +
 
 +
An <code>SdpxDocument</code> is a summary of the contents, provenance, ownership and licensing analysis of a specific software package. This is, effectively, the top level of SPDX information.
 +
 
 +
; Status:
 +
: stable
 +
; Properties:
 +
:* <code>specVersion</code><br />Cardinality: Mandatory, one
 +
:* <code>dataLicense</code><br />Cardinality: Mandatory, one
 +
:* <code>creationInfo</code><br />Cardinality: Mandatory, one
 +
:* <code>describesPackage</code><br />Cardinality: Mandatory, one
 +
:* <code>hasExtractedLicensingInfo</code><br />Cardinality: Optional, zero or more
 +
:* <code>referencesFile</code><br />Cardinality: Mandatory, one or more
 +
:* <code>reviewed</code><br />Cardinality: Optional, zero or more.
 +
 
 +
===Class: <code>CreationInfo</code>===
 +
 
 +
A <code>CreationInfo</code> provides information about the individuals, organizations and tools involved in the creation of an <code>SpdxDocument</code>.
 +
 
 +
; Status:
 +
: stable
 +
; Properties:
 +
:* <code>creator</code><br />Cardinality: Mandatory, one or more
 +
:* <code>created</code><br />Cardinality: Mandatory, one
 +
:* [http://www.w3.org/TR/rdf-schema/#ch_comment <code>rdfs:comment</code>]<br />Cardinality: Optional, zero or one
 +
 
 +
===Class: <code>Package</code>===
 +
 
 +
A <code>Package</code> represents a collection of software files that are delivered as a single functional component.
 +
 
 +
; Status:
 +
: stable
 +
; Properties:
 +
:* <code>name</code><br />Cardinality: Mandatory, one
 +
:* <code>versionInfo</code><br />Cardinality: Optional, zero or one
 +
:* <code>packageFileName</code><br />Cardinality: Mandatory, one
 +
:* <code>supplier</code><br />Cardinality: Optional, zero or one
 +
:* <code>originator</code><br />Cardinality: Optional, zero or one
 +
:* <code>downloadLocation</code><br />Cardinality: Mandatory, one
 +
:* <code>packageVerificationCode</code><br />Cardinality: Mandatory, one
 +
:* <code>checksum</code><br />Cardinality: Optional, zero or one
 +
:* <code>sourceInfo</code><br />Cardinality: Optional, zero or one
 +
:* <code>licenseConcluded</code><br />Cardinality: Mandatory, one
 +
:* <code>licenseInfoFromFiles</code><br />Cardinality: Mandatory, one or more
 +
:* <code>licenseDeclared</code><br />Cardinality: Mandatory, one
 +
:* <code>licenseComments</code><br />Cardinality: Optional, zero or one
 +
:* <code>copyrightText</code><br />Cardinality: Mandatory, one
 +
:* <code>summary</code><br />Cardinality: Optional, zero or one
 +
:* <code>description</code><br />Cardinality: Optional, zero or one
 +
:* <code>hasFile</code><br />Cardinality: Mandatory, one or more
 +
 
 +
===Class: <code>ExtractedLicensingInfo</code>===
 +
 
 +
An <code>ExtractedLicensingInfo</code> represents a license or licensing notice that was found in the package. Any license text that is recognized as a license may be represented as a <code>License</code> rather than an <code>ExtractedLicensingInfo</code>.
 +
 
 +
; Status:
 +
: stable
 +
; Properties:
 +
:* <code>licenseId</code><br />Cardinality: Mandatory, one
 +
:* <code>extractedText</code><br />Cardinality: Mandatory, one
 +
 
 +
===Class: <code>File</code>===
 +
 
 +
A <code>File</code> represents a named sequence of information that is contained in a software package.
 +
 
 +
; Status:
 +
: stable
 +
; Properties:
 +
:* <code>fileName</code><br />Cardinality: Mandatory, one
 +
:* <code>fileType</code><br />Cardinality: Optional, zero or one
 +
:* <code>checksum</code><br />Cardinality: Mandatory, one
 +
:* <code>licenseConcluded</code><br />Cardinality: Mandatory, one
 +
:* <code>licenseInfoInFile</code><br />Cardinality: Mandatory, one or more
 +
:* <code>licenseComments</code><br />Cardinality: Optional, zero or one
 +
:* <code>copyrightText</code><br />Cardinality: Mandatory, one
 +
:* <code>artifactOf</code><br />Cardinality: Optional, zero or one
 +
 
 +
===Class: <code>Review</code>===
 +
 
 +
A <code>Review</code> represents an audit and signoff by an individual, organization or tool on the information in an <code>SpdxDocument</code>.
 +
 
 +
; Status:
 +
: stable
 +
; Properties:
 +
:* <code>reviewer</code><br />Cardinality: Mandatory, one
 +
:* <code>reviewDate</code><br />Cardinality: Mandatory, one
 +
:* [http://www.w3.org/TR/rdf-schema/#ch_comment <code>rdfs:comment</code>]<br />Cardinality: Optional, zero or one
 +
 
 +
===Class: <code>License</code>===
 +
 
 +
A <code>License</code> represents a software copyright license. This class is used by the SPDX license list to represent standard licenses.
 +
 
 +
; Status:
 +
: stable
 +
; Properties:
 +
:* <code>licenseId</code><br />Cardinality: Mandatory, one
 +
:* <code>licenseText</code><br />Cardinality: Mandatory, one
 +
 
 +
===Class: <code>Checksum</code>===
 +
 
 +
A <code>Checksum</code> is value that allows the contents of a file to be authenticated. Even small changes to the content of the file will change it's checksum. This class allows the results of a variety of checksum and cryptographic message digest algorithms to be represented.
 +
 
 +
; Status:
 +
: stable
 +
; Properties:
 +
:* <code>algorithm</code><br />Cardinality: Mandatory, one
 +
:* <code>checksumValue</code><br />Cardinality: Mandatory, one
 +
 
 +
===Class: <code>PackageVerificationCode</code>===
 +
 
 +
A <code>PackageVerificationCode</code> is a value that allows authentication of the package. This differs from the <code>Checksum</code> in that it uses an algorithm that allows the SPDX file to be embedded in the package. This verification code is produced using a cryptographic hash algorithm applied to a manifest of the package. Some files in the package (e.g. the SPDX files) are explicitly excluded from the verification code. This allows those excluded files to not impact the verification code.
 +
 
 +
; Status:
 +
: stable
 +
; Properties:
 +
:* <code>packageVerificationCodeExcludedFile</code><br />Cardinality: Optional, zero or more
 +
:* <code>packageVerificationCodeValue</code><br />Cardinality: Mandatory, one
 +
 
 +
===Class: <code>ConjunctiveLicenseSet</code>===
 +
 
 +
A <code>ConjunctiveLicenseSet</code> represents a set of licensing information all of which apply.
 +
 
 +
This class refines [http://www.w3.org/TR/rdf-schema/#ch_container <code>rdfs:Container</code>].
 +
 
 +
; Status:
 +
: stable
 +
; Properties:
 +
:* <code>member</code><br />Cardinality: Mandatory, two or more.
 +
 
 +
===Class: <code>DisjunctiveLicenseSet</code>===
 +
 
 +
A <code>DisjunctiveLicenseSet</code> represents a set of licensing information where only one license applies at a time. This class implies that the recipient gets to choose one of these licenses they would prefer to use.
 +
 
 +
This class refines [http://www.w3.org/TR/rdf-schema/#ch_container <code>rdfs:Container</code>].
 +
 
 +
; Status:
 +
: stable
 +
; Properties:
 +
:* <code>member</code><br />Cardinality: Mandatory, two or more.
 +
 
 +
===Class: <code>AnyLicenseInfo</code>===
 +
 
 +
The <code>AnyLicenseInfo</code> class includes all resources that represent licensing information.
 +
 
 +
; Status:
 +
: stable
 +
; Members
 +
: All resources in any of the following classes:
 +
:* <code>License</code>
 +
:* <code>ExtractedLicensingInfo</code>
 +
:* <code>ConjunctiveLicenseSet</code>
 +
:* <code>DisjunctiveLicenseSet</code>
 +
 
 +
===Class: <code>SimpleLicenseInfo</code>===
 +
 
 +
The <code>SimpleLicenseInfo</code> class includes all resources that represent simple, atomic, licensing information.
 +
 
 +
; Status:
 +
: stable
 +
; Members
 +
: All resources in any of the following classes:
 +
:* <code>License</code>
 +
:* <code>ExtractedLicensingInfo</code>
 +
 
 +
==Properties==
 +
 
 +
* <code>algorithm</code>
 +
* <code>artifactOf</code>
 +
* <code>checksum</code>
 +
* <code>checksumValue</code>
 +
* <code>copyrightText</code>
 +
* <code>created</code>
 +
* <code>creationInfo</code>
 +
* <code>creator</code>
 +
* <code>dataLicense</code>
 +
* <code>describesPackage</code>
 +
* <code>description</code>
 +
* <code>downloadLocation</code>
 +
* <code>extractedText</code>
 +
* <code>fileName</code>
 +
* <code>fileType</code>
 +
* <code>hasExtractedLicensingInfo</code>
 +
* <code>hasFile</code>
 +
* <code>licenseComments</code>
 +
* <code>licenseConcluded</code>
 +
* <code>licenseDeclared</code>
 +
* <code>licenseId</code>
 +
* <code>licenseText</code>
 +
* <code>licenseInfoFromFiles</code>
 +
* <code>licenseInfoInFile</code>
 +
* <code>member</code>
 +
* <code>name</code>
 +
* <code>originator</code>
 +
* <code>packageFileName</code>
 +
* <code>packageVerificationCode</code>
 +
* <code>packageVerificationCodeExcludedFile</code>
 +
* <code>packageVerificationCodeValue</code>
 +
* <code>referencesFile</code>
 +
* <code>reviewDate</code>
 +
* <code>reviewed</code>
 +
* <code>reviewer</code>
 +
* <code>sourceInfo</code>
 +
* <code>specVerison</code>
 +
* <code>summary</code>
 +
* <code>supplier</code>
 +
* <code>versionInfo</code>
 +
 
 +
===Property: <code>algorithm</code>===
 +
 
 +
Identifies the algorithm used to produce the subject <code>Checksum</code>.
 +
 
 +
Currently, [http://www.itl.nist.gov/fipspubs/fip180-1.htm SHA-1] is the only supported algorithm. It is anticipated that other algorithms will be supported at a later time.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>Checksum</code>
 +
; Range:
 +
: <code>spdx:checksumAlgorithm_sha1</code>
 +
 
 +
===Property: <code>artifactOf</code>===
 +
 
 +
Indicates the project in which the file originated.
 +
 
 +
Tools must preserve <code>doap:hompage</code> and <code>doap:name</code> properties and the URI (if one is known) of <code>doap:Project</code> resources that are values of this property. All other properties of <code>doap:Projects</code> are not directly supported by SPDX and may be dropped when translating to or from some SPDX formats.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>File</code>
 +
; Range:
 +
: [http://usefulinc.com/ns/doap#Project <code>doap:Project</code>]
 +
 
 +
===Property: <code>checksum</code>===
 +
 
 +
The <code>checksum</code> property provides a mechanism that can be used to verify that the contents of a <code>File</code> or <code>Package</code> have not changed.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: Any of:
 +
:* <code>Package</code>
 +
:* <code>File</code>
 +
; Range:
 +
: Checksum
 +
 
 +
===Property: <code>checksumValue</code>===
 +
 
 +
The <code>checksumValue</code> property provides a lower case hexidecimal encoded digest value produced using a specific algorithm.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>Checksum</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#hexBinary <code>xsd:hexBinary</code>]
 +
 
 +
===Property: <code>created</code>===
 +
 
 +
The date and time at which the <code>SpdxDocument</code> was created. This value must in UTC and have 'Z' as its timezone indicator.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>CreationInfo</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#dateTime <code>xsd:dateTime</code>]
 +
 
 +
===Property: <code>copyrightText</code>===
 +
 
 +
The text of copyright declarations recited in the <code>Package</code> or <code>File</code>.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: Any of:
 +
:* <code>Package</code>
 +
:* <code>File</code>
 +
; Range:
 +
: Any of:
 +
:* [http://www.w3.org/TR/rdf-schema/#ch_literal <code>rdfs:Literal</code>]
 +
:* <code>spdx:none</code>
 +
:* <code>spdx:noassertion</code>
 +
 
 +
===Property: <code>creationInfo</code>===
 +
 
 +
The <code>creationInfo</code> property relates an <code>SpdxDocument</code> to a set of information about the creation of the <code>SpdxDocument</code>.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>SpdxDocument</code>
 +
; Range:
 +
: <code>CreationInfo</code>
 +
 
 +
===Property: <code>creator</code>===
 +
 
 +
The name and, optionally, contact information of a person, organization or tool that created, or was used to create, the <code>SpdxDocument</code>.
 +
 
 +
Values of this property must conform to the agent and tool syntax.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>CreationInfo</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#string <code>xsd:string</code>]
 +
 
 +
===Property: <code>dataLicense</code>===
 +
 
 +
The licensing under which the <code>creator</code> of this SPDX document allows related data to be reproduced.
 +
 
 +
The only valid value for this property is <code>http://spdx.org/licenses/PDDL-1.0</code>. This is to alleviate any concern that content (the data) in an SPDX file is subject to any form of intellectual property right that could restrict the re-use of the information or the creation of another SPDX file for the same project(s). This approach avoids intellectual property and related restrictions over the SPDX file, however individuals can still contract one to one to restrict release of specific collections of SPDX files (which map to software bill of materials) and the identification of the supplier of SPDX files.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>SpdxDocument</code>
 +
; Range:
 +
: [http://spdx.org/licenses/PDDL-1.0 <code>http://spdx.org/licenses/PDDL-1.0</code>]
 +
 
 +
===Property: <code>describesPackage</code>===
 +
 
 +
The <code>describesPackage</code> property relates an <code>SpdxDocument</code> to the package which it describes.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>SpdxDocument</code>
 +
; Range:
 +
: <code>Package</code>
 +
 
 +
===Property: <code>description</code>===
 +
 
 +
Provides a detailed description of the package.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>Package</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#string <code>xsd:string</code>]
 +
 
 +
===Property: <code>downloadLocation</code>===
 +
 
 +
The URI at which this package is available for download. Private (i.e., not publicly reachable) URIs are acceptable as values of this property.
 +
 
 +
The values <code>http://spdx.org/rdf/terms#none</code> and <code>http://spdx.org/rdf/terms#noassertion</code> may be used to specify that the package is not downloadable or that no attempt was made to determine its download location, respectively.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>Package</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#anyURI <code>xsd:anyURI</code>]
 +
 
 +
===Property: <code>extractedText</code>===
 +
 
 +
Verbatim license or licensing notice text that was discovered.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>ExtractedLicensingInfo</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#string <code>xsd:string</code>]
 +
 
 +
===Property: <code>fileName</code>===
 +
 
 +
The name of the file relative to the root of the package.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>File</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#string <code>xsd:string</code>]
 +
 
 +
===Property: <code>fileType</code>===
 +
 
 +
The type of the file.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>File</code>
 +
; Range:
 +
: One of:
 +
:*  <code>spdx:fileType_source</code> Indicates the file is a source code file.
 +
:*  <code>spdx:fileType_archive</code> Indicates the file is an archive file.
 +
:*  <code>spdx:fileType_binary</code> Indicates the file is not a text file. <code>filetype_archive</code> is preferred for archive files even though they are binary.
 +
:*  <code>spdx:fileType_other</code> Indicates the file did not fall into any of the other categories.
 +
 
 +
===Property: <code>hasExtractedLicensingInfo</code>===
 +
 
 +
Indicates that a particular <code>ExtractedLicensingInfo</code> was defined in the subject <code>SpdxDocument</code>.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>SpdxDocument</code>
 +
; Range:
 +
: <code>ExtractedLicensingInfo</code>
 +
 
 +
===Property: <code>hasFile</code>===
 +
 
 +
Indicates that a particular file belongs to a package.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>Package</code>
 +
; Range:
 +
: <code>File</code>
 +
 
 +
===Property: <code>licenseComments</code>===
 +
 
 +
The <code>licenseComments</code> property allows the preparer of the SPDX document to describe why the licensing in <code>spdx:licenseConcluded</code> was chosen.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: Any of:
 +
:* <code>Package</code>
 +
:* <code>File</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#string <code>xsd:string</code>]
 +
 
 +
===Property: <code>licenseConcluded</code>===
 +
 
 +
The licensing that the preparer of this SPDX document has concluded, based on the evidence, actually applies to the package.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: Any of:
 +
:* <code>Package</code>
 +
:* <code>File</code>
 +
; Range:
 +
: Any of:
 +
:* <code>AnyLicenseInfo</code>
 +
:* <code>spdx:none</code>
 +
:* <code>spdx:noassertion</code>
 +
 
 +
===Property: <code>licenseDeclared</code>===
 +
 
 +
The licensing that the creators of the software in the package, or the packager, have declared. Declarations by the original software creator should be preferred, if they exist.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>Package</code>
 +
; Range:
 +
: Any of:
 +
:* <code>AnyLicenseInfo</code>
 +
:* <code>spdx:none</code>
 +
:* <code>spdx:noassertion</code>
 +
 
 +
===Property: <code>licenseId</code>===
 +
 
 +
A short name for the license that is at least 3 characters long and made up of the characters from the set 'a'-'z', 'A'-'Z', '0'-'9', '+', '_', '.', and '-'. Formally, all <code>licenseId</code> values must match the regular expression: <code>[-+_.a-zA-Z0-9]{3,}</code>
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
:* <code>License</code>
 +
:* <code>ExtractedLicensingInfo</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#string <code>xsd:string</code>]
 +
 
 +
===Property: <code>licenseText</code>===
 +
 
 +
The full text of the license.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>License</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#string <code>xsd:string</code>]
 +
 
 +
===Property: <code>licenseInfoFromFiles</code>===
 +
 
 +
The licensing information that was discovered directly within the package. There will be an instance of this property for each distinct value of all <code>licenseInfoInFile</code> properties of all files contained in the package.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>Package</code>
 +
; Range:
 +
: Any of:
 +
:* <code>SimpleLicenseInfo</code>
 +
:* <code>spdx:none</code>
 +
:* <code>spdx:noassertion</code>
 +
 
 +
===Property: <code>licenseInfoInFile</code>===
 +
 
 +
Licensing information that was discovered directly in the subject file.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>File</code>
 +
; Range:
 +
: Any of:
 +
:* <code>SimpleLicenseInfo</code>
 +
:* <code>spdx:none</code>
 +
:* <code>spdx:noassertion</code>
 +
 
 +
===Property: <code>member</code>===
 +
 
 +
A license, or other licensing information, that is a member of the subject license set.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: Any of:
 +
:* <code>ConjunctiveLicenseSet</code>
 +
:* <code>DisjunctiveLicenseSet</code>
 +
; Range:
 +
: <code>AnyLicenseInfo</code>
 +
; Refines:
 +
: [http://www.w3.org/TR/rdf-schema/#ch_member <code>rdfs:member</code>]
 +
 
 +
===Property: <code>name</code>===
 +
 
 +
The full name of the package including version information.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>Package</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#string <code>xsd:string</code>]
 +
 
 +
===Property: <code>originator</code>===
 +
 
 +
The name and, optionally, contact information of the person or organization that originally created the package.
 +
 
 +
Values of this property must conform to the agent and tool syntax.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>Package</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#string <code>xsd:string</code>] or the individual <code>spdx:noassertion</code>
 +
 
 +
===Property: <code>packageFileName</code>===
 +
 
 +
The base name of the package file name. For example, <code>zlib-1.2.5.tar.gz</code>.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>Package</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#string <code>xsd:string</code>]
 +
 
 +
===Property: <code>packageVerificationCode</code>===
 +
 
 +
A manifest based authentication code for the package. This allows consumers of this data to determine if a package they have in hand is identical to the package from which the data was produced. This algorithm works even if the SPDX document is included in the package. This algorithm is described in detail in the SPDX specification.
 +
 
 +
The package verification code algorithm is defined in section 4.7 of the full specification.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>Package</code>
 +
; Range:
 +
: <code>PackageVerificationCode</code>
 +
 
 +
===Property: <code>packageVerificationCodeExcludedFile</code>===
 +
 
 +
A file that was excluded when calculating the package verification code. This is usually a file containing SPDX data regarding the package. If a package contains more than one SPDX file all SPDX files must be excluded from the package verification code. If this is not done it would be impossible to correctly calculate the verification codes in both files.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>PackageVerificationCode</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#string <code>xsd:string</code>]
 +
 
 +
===Property: <code>packageVerificationCodeValue</code>===
 +
 
 +
The actual package verification code as a hex encoded value.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>PackageVerificationCode</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#hexBinary <code>xsd:hexBinary</code>]
 +
 
 +
===Property: <code>referencesFile</code>===
 +
 
 +
Indicates that a particular file belongs as part of the set of analyzed files in the <code>SpdxDocument</code>.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>SpdxDocument</code>
 +
; Range:
 +
: <code>File</code>
 +
 
 +
===Property: <code>reviewDate</code>===
 +
 
 +
The date and time at which the <code>SpdxDocument</code> was reviewed. This value must be in UTC and have 'Z' as its timezone indicator.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>Review</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#dateTime <code>xsd:dateTime</code>]
 +
 
 +
===Property: <code>reviewed</code>===
 +
 
 +
The <code>review</code> property relates a <code>SpdxDocument</code> to the review history.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>SpdxDocument</code>
 +
; Range:
 +
: <code>Review</code>
 +
 
 +
===Property: <code>reviewer</code>===
 +
 
 +
The name and, optionally, contact information of the person who performed the review.
 +
 
 +
Values of this property must conform to the agent and tool syntax.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>Review</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#string <code>xsd:string</code>]
 +
 
 +
===Property: <code>sourceInfo</code>===
 +
 
 +
Allows the producer(s) of the SPDX document to describe how the package was acquired and/or changed from the original source.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>Package</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#string <code>xsd:string</code>]
 +
 
 +
===Property: <code>specVersion</code>===
 +
 
 +
Identifies the version of this specification that was used to produce this SPDX document. Currently the only supported value is <code>SPDX-1.0</code>.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>SpdxDocument</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#string <code>xsd:string</code>]
 +
 
 +
===Property: <code>summary</code>===
 +
 
 +
Provides a short description of the package.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>Package</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#string <code>xsd:string</code>]
 +
 
 +
===Property: <code>supplier</code>===
 +
 
 +
The name and, optionally, contact information of the person or organization that is the immediate supplier of this package to the recipient. The supplier may be different than <code>originator</code> when the software has been repackaged. For example if you get glibc from RedHat, RedHat is the Package Supplier, but FSF is the <code>originator</code>.
 +
 
 +
Values of this property must conform to the agent and tool syntax.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>Package</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#string <code>xsd:string</code>] or the individual  <code>spdx:noassertion</code>
 +
 
 +
===Property: <code>versionInfo</code>===
 +
 
 +
Provides an indication of the version of the package that is described by this <code>SpdxDocument</code>.
 +
 
 +
; Status:
 +
: stable
 +
; Domain:
 +
: <code>Package</code>
 +
; Range:
 +
: [http://www.w3.org/TR/xmlschema-2/#string <code>xsd:string</code>]
 +
 
 +
==Individuals==
 +
 
 +
* <code>checksumAlgorithm_sha1</code>
 +
* <code>fileType_archive</code>
 +
* <code>fileType_binary</code>
 +
* <code>fileType_other</code>
 +
* <code>fileType_source</code>
 +
* <code>noassertion</code>
 +
* <code>none</code>
 +
 
 +
===Individual: <code>checksumAlgorithm_sha1</code>===
 +
 
 +
Indicates the algorithm used was [http://www.itl.nist.gov/fipspubs/fip180-1.htm SHA-1]
 +
 
 +
; Status:
 +
: stable
 +
 
 +
===Individual: <code>fileType_archive</code>===
 +
 
 +
Indicates the file is an archive file.
 +
 
 +
; Status:
 +
: stable
 +
 
 +
===Individual: <code>fileType_binary</code>===
 +
 
 +
Indicates the file is not a text file. <code>spdx:filetype_archive</code> is preferred for archive files even though they are binary.
 +
 
 +
; Status:
 +
: stable
 +
 
 +
===Individual: <code>fileType_other</code>===
 +
 
 +
Indicates the file is not a source, archive or binary file.
 +
 
 +
; Status:
 +
: stable
 +
 
 +
===Individual: <code>fileType_source</code>===
 +
 
 +
Indicates the file is a source code file.
 +
 
 +
; Status:
 +
: stable
 +
 
 +
===Individual: <code>noassertion</code>===
 +
 
 +
Indicates that the preparer of the SPDX document is not making any assertion regarding the value of this field.
 +
 
 +
; Status:
 +
: stable
 +
 
 +
===Individual: <code>none</code>===
 +
 
 +
When this value is used as the object of a property it indicates that the preparer of the <code>SpdxDocument</code> believes that there is no value for the property. This value should only be used if there is sufficient evidence to support this assertion.
 +
 
 +
; Status:
 +
: stable
 +
 
 +
==Agent and Tool Identifiers==
 +
 
 +
Fields that identify entities that have acted in relation to the SPDX file are single line of text which name the agent or tool and, optionally, provide contact information. For example, "Person: Jane Doe (jane.doe@example.com)", "Organization: ExampleCodeInspect (contact@example.com)" and "Tool: LicenseFind - 1.0". The exact syntax of agent and tool identifications is described below in [http://tools.ietf.org/html/rfc4234 ABNF].
 +
 
 +
    agent = person / organization tool = "Tool: " name 0*1( " " DASH " " version) person =
 +
    "Person: " name 0*1contact-info organization = "Organization: " name 0*1contact-info name =
 +
    1*( UNRESERVED ) / U+0022 1*( VCHAR-SANS-QUOTE ) U+0022 contact-info = " (" email-addr ")"
 +
    email-addr = local-name-atom *( "." local-name-atom ) "@" domain-name-atom 1*( "." domain-
 +
    name-atom ) version = 1*VCHAR-SANS-QUOTE local-name-atom = 1*( ALPHA / DIGIT / ; Printable
 +
    US-ASCII "!" / "#" / ; characters not including "$" / "%" / ; specials. "&amp;" / "'" / "*" /
 +
    "+" / "-" / "/" / "=" / "?" / "^" / "_" / "`" / "{" / "|" / "}" / "~" ) domain-name-atom =
 +
    1*( ALPHA / DIGIT / "-" ) DASH = U+2010 / U+2212 / ; hyphen, minus, em dash and U+2013 /
 +
    U+2014 ; en dash UNRESERVED = U+0020-U+0027 / ; visible unicode characters U+0029-U+0080 /
 +
    ; except '(' and dashes U+00A0-U+200F / U+2011-U+2027 / U+202A-U+2211 / U+2213-U+E01EF
 +
    VCHAR-SANS-QUOTE = U+0020-U+0021 / ; visible unicode characters U+0023-U+0080 / ; except
 +
    quotation mark U+00a0-U+E01EF
 +
 
 +
[[Category:Technical]]

Latest revision as of 15:35, 7 March 2013

SPDX Vocabulary Specification

Version
1.0
Latest Version
http://spdx.org/rdf/terms
Alternate Formats

Copyright © 2010-2011 Linux Foundation and its Contributors. All other rights are expressly reserved.

Licensed under the Creative Commons Attribution License 3.0 unported.

Abstract

This specification describes the SPDX language, defined as a dictionary of named properties and classes using W3C's RDF Technology.

SPDX is a designed to allow the exchange of data about software packages. This information includes general information about the package, licensing information about the package as a whole, a manifest of files contained in the package and licensing information related to the contained files.

The spdx prefix used in this document expands to http://spdx.org/rdf/terms#. Any terms in this document without an explicit prefix may be assumed to be in the spdx namespace.

Other vocabularies used by this one

Classes

  • SpdxDocument
  • CreationInfo
  • Package
  • ExtractedLicensingInfo
  • Checksum
  • PackageVerificationCode
  • File
  • Review
  • License
  • ConjunctiveLicenseSet
  • DisjunctiveLicenseSet
  • AnyLicenseInfo
  • SimpleLicenseInfo

Class: SpdxDocument

An SdpxDocument is a summary of the contents, provenance, ownership and licensing analysis of a specific software package. This is, effectively, the top level of SPDX information.

Status
stable
Properties
  • specVersion
    Cardinality: Mandatory, one
  • dataLicense
    Cardinality: Mandatory, one
  • creationInfo
    Cardinality: Mandatory, one
  • describesPackage
    Cardinality: Mandatory, one
  • hasExtractedLicensingInfo
    Cardinality: Optional, zero or more
  • referencesFile
    Cardinality: Mandatory, one or more
  • reviewed
    Cardinality: Optional, zero or more.

Class: CreationInfo

A CreationInfo provides information about the individuals, organizations and tools involved in the creation of an SpdxDocument.

Status
stable
Properties
  • creator
    Cardinality: Mandatory, one or more
  • created
    Cardinality: Mandatory, one
  • rdfs:comment
    Cardinality: Optional, zero or one

Class: Package

A Package represents a collection of software files that are delivered as a single functional component.

Status
stable
Properties
  • name
    Cardinality: Mandatory, one
  • versionInfo
    Cardinality: Optional, zero or one
  • packageFileName
    Cardinality: Mandatory, one
  • supplier
    Cardinality: Optional, zero or one
  • originator
    Cardinality: Optional, zero or one
  • downloadLocation
    Cardinality: Mandatory, one
  • packageVerificationCode
    Cardinality: Mandatory, one
  • checksum
    Cardinality: Optional, zero or one
  • sourceInfo
    Cardinality: Optional, zero or one
  • licenseConcluded
    Cardinality: Mandatory, one
  • licenseInfoFromFiles
    Cardinality: Mandatory, one or more
  • licenseDeclared
    Cardinality: Mandatory, one
  • licenseComments
    Cardinality: Optional, zero or one
  • copyrightText
    Cardinality: Mandatory, one
  • summary
    Cardinality: Optional, zero or one
  • description
    Cardinality: Optional, zero or one
  • hasFile
    Cardinality: Mandatory, one or more

Class: ExtractedLicensingInfo

An ExtractedLicensingInfo represents a license or licensing notice that was found in the package. Any license text that is recognized as a license may be represented as a License rather than an ExtractedLicensingInfo.

Status
stable
Properties
  • licenseId
    Cardinality: Mandatory, one
  • extractedText
    Cardinality: Mandatory, one

Class: File

A File represents a named sequence of information that is contained in a software package.

Status
stable
Properties
  • fileName
    Cardinality: Mandatory, one
  • fileType
    Cardinality: Optional, zero or one
  • checksum
    Cardinality: Mandatory, one
  • licenseConcluded
    Cardinality: Mandatory, one
  • licenseInfoInFile
    Cardinality: Mandatory, one or more
  • licenseComments
    Cardinality: Optional, zero or one
  • copyrightText
    Cardinality: Mandatory, one
  • artifactOf
    Cardinality: Optional, zero or one

Class: Review

A Review represents an audit and signoff by an individual, organization or tool on the information in an SpdxDocument.

Status
stable
Properties
  • reviewer
    Cardinality: Mandatory, one
  • reviewDate
    Cardinality: Mandatory, one
  • rdfs:comment
    Cardinality: Optional, zero or one

Class: License

A License represents a software copyright license. This class is used by the SPDX license list to represent standard licenses.

Status
stable
Properties
  • licenseId
    Cardinality: Mandatory, one
  • licenseText
    Cardinality: Mandatory, one

Class: Checksum

A Checksum is value that allows the contents of a file to be authenticated. Even small changes to the content of the file will change it's checksum. This class allows the results of a variety of checksum and cryptographic message digest algorithms to be represented.

Status
stable
Properties
  • algorithm
    Cardinality: Mandatory, one
  • checksumValue
    Cardinality: Mandatory, one

Class: PackageVerificationCode

A PackageVerificationCode is a value that allows authentication of the package. This differs from the Checksum in that it uses an algorithm that allows the SPDX file to be embedded in the package. This verification code is produced using a cryptographic hash algorithm applied to a manifest of the package. Some files in the package (e.g. the SPDX files) are explicitly excluded from the verification code. This allows those excluded files to not impact the verification code.

Status
stable
Properties
  • packageVerificationCodeExcludedFile
    Cardinality: Optional, zero or more
  • packageVerificationCodeValue
    Cardinality: Mandatory, one

Class: ConjunctiveLicenseSet

A ConjunctiveLicenseSet represents a set of licensing information all of which apply.

This class refines rdfs:Container.

Status
stable
Properties
  • member
    Cardinality: Mandatory, two or more.

Class: DisjunctiveLicenseSet

A DisjunctiveLicenseSet represents a set of licensing information where only one license applies at a time. This class implies that the recipient gets to choose one of these licenses they would prefer to use.

This class refines rdfs:Container.

Status
stable
Properties
  • member
    Cardinality: Mandatory, two or more.

Class: AnyLicenseInfo

The AnyLicenseInfo class includes all resources that represent licensing information.

Status
stable
Members
All resources in any of the following classes:
  • License
  • ExtractedLicensingInfo
  • ConjunctiveLicenseSet
  • DisjunctiveLicenseSet

Class: SimpleLicenseInfo

The SimpleLicenseInfo class includes all resources that represent simple, atomic, licensing information.

Status
stable
Members
All resources in any of the following classes:
  • License
  • ExtractedLicensingInfo

Properties

  • algorithm
  • artifactOf
  • checksum
  • checksumValue
  • copyrightText
  • created
  • creationInfo
  • creator
  • dataLicense
  • describesPackage
  • description
  • downloadLocation
  • extractedText
  • fileName
  • fileType
  • hasExtractedLicensingInfo
  • hasFile
  • licenseComments
  • licenseConcluded
  • licenseDeclared
  • licenseId
  • licenseText
  • licenseInfoFromFiles
  • licenseInfoInFile
  • member
  • name
  • originator
  • packageFileName
  • packageVerificationCode
  • packageVerificationCodeExcludedFile
  • packageVerificationCodeValue
  • referencesFile
  • reviewDate
  • reviewed
  • reviewer
  • sourceInfo
  • specVerison
  • summary
  • supplier
  • versionInfo

Property: algorithm

Identifies the algorithm used to produce the subject Checksum.

Currently, SHA-1 is the only supported algorithm. It is anticipated that other algorithms will be supported at a later time.

Status
stable
Domain
Checksum
Range
spdx:checksumAlgorithm_sha1

Property: artifactOf

Indicates the project in which the file originated.

Tools must preserve doap:hompage and doap:name properties and the URI (if one is known) of doap:Project resources that are values of this property. All other properties of doap:Projects are not directly supported by SPDX and may be dropped when translating to or from some SPDX formats.

Status
stable
Domain
File
Range
doap:Project

Property: checksum

The checksum property provides a mechanism that can be used to verify that the contents of a File or Package have not changed.

Status
stable
Domain
Any of:
  • Package
  • File
Range
Checksum

Property: checksumValue

The checksumValue property provides a lower case hexidecimal encoded digest value produced using a specific algorithm.

Status
stable
Domain
Checksum
Range
xsd:hexBinary

Property: created

The date and time at which the SpdxDocument was created. This value must in UTC and have 'Z' as its timezone indicator.

Status
stable
Domain
CreationInfo
Range
xsd:dateTime

Property: copyrightText

The text of copyright declarations recited in the Package or File.

Status
stable
Domain
Any of:
  • Package
  • File
Range
Any of:

Property: creationInfo

The creationInfo property relates an SpdxDocument to a set of information about the creation of the SpdxDocument.

Status
stable
Domain
SpdxDocument
Range
CreationInfo

Property: creator

The name and, optionally, contact information of a person, organization or tool that created, or was used to create, the SpdxDocument.

Values of this property must conform to the agent and tool syntax.

Status
stable
Domain
CreationInfo
Range
xsd:string

Property: dataLicense

The licensing under which the creator of this SPDX document allows related data to be reproduced.

The only valid value for this property is http://spdx.org/licenses/PDDL-1.0. This is to alleviate any concern that content (the data) in an SPDX file is subject to any form of intellectual property right that could restrict the re-use of the information or the creation of another SPDX file for the same project(s). This approach avoids intellectual property and related restrictions over the SPDX file, however individuals can still contract one to one to restrict release of specific collections of SPDX files (which map to software bill of materials) and the identification of the supplier of SPDX files.

Status
stable
Domain
SpdxDocument
Range
http://spdx.org/licenses/PDDL-1.0

Property: describesPackage

The describesPackage property relates an SpdxDocument to the package which it describes.

Status
stable
Domain
SpdxDocument
Range
Package

Property: description

Provides a detailed description of the package.

Status
stable
Domain
Package
Range
xsd:string

Property: downloadLocation

The URI at which this package is available for download. Private (i.e., not publicly reachable) URIs are acceptable as values of this property.

The values http://spdx.org/rdf/terms#none and http://spdx.org/rdf/terms#noassertion may be used to specify that the package is not downloadable or that no attempt was made to determine its download location, respectively.

Status
stable
Domain
Package
Range
xsd:anyURI

Property: extractedText

Verbatim license or licensing notice text that was discovered.

Status
stable
Domain
ExtractedLicensingInfo
Range
xsd:string

Property: fileName

The name of the file relative to the root of the package.

Status
stable
Domain
File
Range
xsd:string

Property: fileType

The type of the file.

Status
stable
Domain
File
Range
One of:
  • spdx:fileType_source Indicates the file is a source code file.
  • spdx:fileType_archive Indicates the file is an archive file.
  • spdx:fileType_binary Indicates the file is not a text file. filetype_archive is preferred for archive files even though they are binary.
  • spdx:fileType_other Indicates the file did not fall into any of the other categories.

Property: hasExtractedLicensingInfo

Indicates that a particular ExtractedLicensingInfo was defined in the subject SpdxDocument.

Status
stable
Domain
SpdxDocument
Range
ExtractedLicensingInfo

Property: hasFile

Indicates that a particular file belongs to a package.

Status
stable
Domain
Package
Range
File

Property: licenseComments

The licenseComments property allows the preparer of the SPDX document to describe why the licensing in spdx:licenseConcluded was chosen.

Status
stable
Domain
Any of:
  • Package
  • File
Range
xsd:string

Property: licenseConcluded

The licensing that the preparer of this SPDX document has concluded, based on the evidence, actually applies to the package.

Status
stable
Domain
Any of:
  • Package
  • File
Range
Any of:
  • AnyLicenseInfo
  • spdx:none
  • spdx:noassertion

Property: licenseDeclared

The licensing that the creators of the software in the package, or the packager, have declared. Declarations by the original software creator should be preferred, if they exist.

Status
stable
Domain
Package
Range
Any of:
  • AnyLicenseInfo
  • spdx:none
  • spdx:noassertion

Property: licenseId

A short name for the license that is at least 3 characters long and made up of the characters from the set 'a'-'z', 'A'-'Z', '0'-'9', '+', '_', '.', and '-'. Formally, all licenseId values must match the regular expression: [-+_.a-zA-Z0-9]{3,}

Status
stable
Domain
  • License
  • ExtractedLicensingInfo
Range
xsd:string

Property: licenseText

The full text of the license.

Status
stable
Domain
License
Range
xsd:string

Property: licenseInfoFromFiles

The licensing information that was discovered directly within the package. There will be an instance of this property for each distinct value of all licenseInfoInFile properties of all files contained in the package.

Status
stable
Domain
Package
Range
Any of:
  • SimpleLicenseInfo
  • spdx:none
  • spdx:noassertion

Property: licenseInfoInFile

Licensing information that was discovered directly in the subject file.

Status
stable
Domain
File
Range
Any of:
  • SimpleLicenseInfo
  • spdx:none
  • spdx:noassertion

Property: member

A license, or other licensing information, that is a member of the subject license set.

Status
stable
Domain
Any of:
  • ConjunctiveLicenseSet
  • DisjunctiveLicenseSet
Range
AnyLicenseInfo
Refines
rdfs:member

Property: name

The full name of the package including version information.

Status
stable
Domain
Package
Range
xsd:string

Property: originator

The name and, optionally, contact information of the person or organization that originally created the package.

Values of this property must conform to the agent and tool syntax.

Status
stable
Domain
Package
Range
xsd:string or the individual spdx:noassertion

Property: packageFileName

The base name of the package file name. For example, zlib-1.2.5.tar.gz.

Status
stable
Domain
Package
Range
xsd:string

Property: packageVerificationCode

A manifest based authentication code for the package. This allows consumers of this data to determine if a package they have in hand is identical to the package from which the data was produced. This algorithm works even if the SPDX document is included in the package. This algorithm is described in detail in the SPDX specification.

The package verification code algorithm is defined in section 4.7 of the full specification.

Status
stable
Domain
Package
Range
PackageVerificationCode

Property: packageVerificationCodeExcludedFile

A file that was excluded when calculating the package verification code. This is usually a file containing SPDX data regarding the package. If a package contains more than one SPDX file all SPDX files must be excluded from the package verification code. If this is not done it would be impossible to correctly calculate the verification codes in both files.

Status
stable
Domain
PackageVerificationCode
Range
xsd:string

Property: packageVerificationCodeValue

The actual package verification code as a hex encoded value.

Status
stable
Domain
PackageVerificationCode
Range
xsd:hexBinary

Property: referencesFile

Indicates that a particular file belongs as part of the set of analyzed files in the SpdxDocument.

Status
stable
Domain
SpdxDocument
Range
File

Property: reviewDate

The date and time at which the SpdxDocument was reviewed. This value must be in UTC and have 'Z' as its timezone indicator.

Status
stable
Domain
Review
Range
xsd:dateTime

Property: reviewed

The review property relates a SpdxDocument to the review history.

Status
stable
Domain
SpdxDocument
Range
Review

Property: reviewer

The name and, optionally, contact information of the person who performed the review.

Values of this property must conform to the agent and tool syntax.

Status
stable
Domain
Review
Range
xsd:string

Property: sourceInfo

Allows the producer(s) of the SPDX document to describe how the package was acquired and/or changed from the original source.

Status
stable
Domain
Package
Range
xsd:string

Property: specVersion

Identifies the version of this specification that was used to produce this SPDX document. Currently the only supported value is SPDX-1.0.

Status
stable
Domain
SpdxDocument
Range
xsd:string

Property: summary

Provides a short description of the package.

Status
stable
Domain
Package
Range
xsd:string

Property: supplier

The name and, optionally, contact information of the person or organization that is the immediate supplier of this package to the recipient. The supplier may be different than originator when the software has been repackaged. For example if you get glibc from RedHat, RedHat is the Package Supplier, but FSF is the originator.

Values of this property must conform to the agent and tool syntax.

Status
stable
Domain
Package
Range
xsd:string or the individual spdx:noassertion

Property: versionInfo

Provides an indication of the version of the package that is described by this SpdxDocument.

Status
stable
Domain
Package
Range
xsd:string

Individuals

  • checksumAlgorithm_sha1
  • fileType_archive
  • fileType_binary
  • fileType_other
  • fileType_source
  • noassertion
  • none

Individual: checksumAlgorithm_sha1

Indicates the algorithm used was SHA-1

Status
stable

Individual: fileType_archive

Indicates the file is an archive file.

Status
stable

Individual: fileType_binary

Indicates the file is not a text file. spdx:filetype_archive is preferred for archive files even though they are binary.

Status
stable

Individual: fileType_other

Indicates the file is not a source, archive or binary file.

Status
stable

Individual: fileType_source

Indicates the file is a source code file.

Status
stable

Individual: noassertion

Indicates that the preparer of the SPDX document is not making any assertion regarding the value of this field.

Status
stable

Individual: none

When this value is used as the object of a property it indicates that the preparer of the SpdxDocument believes that there is no value for the property. This value should only be used if there is sufficient evidence to support this assertion.

Status
stable

Agent and Tool Identifiers

Fields that identify entities that have acted in relation to the SPDX file are single line of text which name the agent or tool and, optionally, provide contact information. For example, "Person: Jane Doe (jane.doe@example.com)", "Organization: ExampleCodeInspect (contact@example.com)" and "Tool: LicenseFind - 1.0". The exact syntax of agent and tool identifications is described below in ABNF.

   agent = person / organization tool = "Tool: " name 0*1( " " DASH " " version) person =
   "Person: " name 0*1contact-info organization = "Organization: " name 0*1contact-info name =
   1*( UNRESERVED ) / U+0022 1*( VCHAR-SANS-QUOTE ) U+0022 contact-info = " (" email-addr ")"
   email-addr = local-name-atom *( "." local-name-atom ) "@" domain-name-atom 1*( "." domain-
   name-atom ) version = 1*VCHAR-SANS-QUOTE local-name-atom = 1*( ALPHA / DIGIT / ; Printable
   US-ASCII "!" / "#" / ; characters not including "$" / "%" / ; specials. "&" / "'" / "*" /
   "+" / "-" / "/" / "=" / "?" / "^" / "_" / "`" / "{" / "|" / "}" / "~" ) domain-name-atom =
   1*( ALPHA / DIGIT / "-" ) DASH = U+2010 / U+2212 / ; hyphen, minus, em dash and U+2013 /
   U+2014 ; en dash UNRESERVED = U+0020-U+0027 / ; visible unicode characters U+0029-U+0080 /
   ; except '(' and dashes U+00A0-U+200F / U+2011-U+2027 / U+202A-U+2211 / U+2213-U+E01EF
   VCHAR-SANS-QUOTE = U+0020-U+0021 / ; visible unicode characters U+0023-U+0080 / ; except
   quotation mark U+00a0-U+E01EF