THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Technical Team/Proposals/2012-02-01/Merged Model Proposal
Below is a class diagram merging Ed Warnicke's proposed SPDX Element model with the 1.0 model. Definately a work in progress. Most of the class definitions can be found in the 1.0 spec in the RDF appendix (model) or in Ed's proposal (<a href="http://spdx.org/wiki/rough-proposal-hierarchy-signing-and-supply-chain-friendliness-spdx-20">http://spdx.org/wiki/rough-proposal-hierarchy-signing-and-supply-chain-friendliness-spdx-20</a>).
The goals of this proposal are to:
- Support the use cases for the 1.0 spec
- Support the supply chain use cases
- Support the "hierarchical" or embedded package use cases
- Provide a more abstract model which can simplify the application of SPDX to some of the more complex use cases
This proposal extends the existing proposals by adding an SPDX Element Relationship which describes the type of relationship from one SPDX element to another.
Mapping SPDX 1.0 Fields to Proposal
SPDX 1.0 | SPDX 2.0 Merged Proposal | Notes | ||
Section | Field | Class | Property | |
Document Information | Version | SpdxDocument | specVersion | No change to current spec – note that SpdxDocument seems equivalent to SPDXFile in Ed’s proposal |
Document Information | Data License | SpdxDocument | dataLicense | No change to current spec - Propose that the SpdxDocument class contain this information since it related to the document itself and not specific to a Licenseable element |
Creation Information | Creator | SpdxDocument | creationInfo | No change to current spec - Propose that the SpdxDocument class contain this information since it related to the file itself and not specific to a Licenseable element. This creationInfo could have a range of an Annotation since the properties are very similar |
Creation Information | Created | CreationInfo | created | This does feel a lot like an annotation. Proposing keeping CreationInfo merely for compability purposes. Could make CreationInfo a subclass of Annotation. |
Creation Information | Comment | CreationInfo | rdfs:comment | This does feel a lot like an annotation. Proposing keeping CreationInfo merely for compability purposes. Could make CreationInfo a subclass of Annotation. |
Creation Information | Creator | CreationInfo | creator | We may want this property to be unique for Creator since it relates to the entire document and not just the author of an annotation. At some point, we should type this so that we can easily distinguish “Tool” from “Person” and “Organization” |
Package Information | Formal Name | SpdxLicensable | name | Suggest that every licenseable would have a name. For file, name could refer to the file name and filename could refer to the path relative to the archive. I don’t believe this would change the current RDF implementation. |
Package Information | Package Version Information | SpdxLicensable | versionInfo | Would argue that version would apply to any Licensable artifact. I don’t believe this would change the current RDF implementation. I don’t believe this would change the current RDF implementation. |
Package Information | Package File Name | Package | packageFileName | No change to current spec. This could also be implemented at the SpdxLicenseable level if we change the property name to fileName. Since this would make it incompatible, I would propose we stay with packageFileName. |
Package Information | Package Supplier | SpdxLicensable | Supplier | No change to current spec. |
Package Information | Package Originator | N/A | N/A | From Ed’s proposal: As the SPDX 2.0 proposal correctly handles the notion of 'things' being repackaged along the way via nesting, this field is no longer necessary. The coreutils.tar.gz upstream is the supplier for coreutils.tar.gz. Someone like Fedora could be the supplier for coreutils.rpm, which would refer to the SPDX data from coreutils.tar.gz. Full provenance abrogates the need for this field. |
Package Information | Package Download Location | Package | downloadLocation | Same as current spec. This is specific to a Package as a distributable unit. |
Package Information | Package Verification Code | Package | packageVerificationCode | Worth a future discussion, but proposing no change in current spec for now. |
Package Information | Package Checksum | Package | checksum | Could make this part of Licensable, however, some future subclasses (such as code snippets) may not have an associated checksum |
Package Information | Source Information | Package | annotation | Propose to deprecate the 1.0 property and replace with Annotations. |
Package Information | Concluded License | SpdxLicenseable | licenseConcluded | No change to current spec. Propose that this is a valuable distinct field and is associated with Package. |
Package Information | All Licenses Information From Files | N/A | N/A | Propose we deprecate this in 2.0 (same reasoning Ed made in his proposal). This could be an independent decision. |
Package Information | Declared License | SpdxLicensable | declaredLicense | No change from current spec. Property should be associated with all Licensable elements. |
Package Information | Comments on License | Package | annotation | Propose we depreciate this field and handle as an Annotation |
Package Information | Copyright Text | SpdxLicensable | copyrightText | No change from current spec. Property should be associated with all Licensable elements. |
Package Information | Package Summary Description | Package | summary | No change from current spec. |
Package Information | Package Detailed Description | Package | description | No change from current spec. |
Other License Information Detected | All fields | AnyLicenseingInfo | All properties | Propose we keep the same licensing model, but associate with the SpdxLicensable class. Note – this probably deserves further analysis |
File Information | File Name | File | filename | No change from current spec. |
File Information | File Type | File | fileType | No change from current spec. |
File Information | File Checksum | File | checksum | No change from current spec. Could make this part of Licensable, however, some future subclasses (such as code snippets) may not have an associated checksum |
File Information | Concluded License | Licensable | licenseConcluded | No change from current spec. Propose that all Licenseable have a licenseConcluded property. |
File Information | License Information in File | File | licenseInformationInFile | No change from current spec. |
File Information | Comment on License | File | annotation | Propose we deprecate this and replace it with annotation |
File Information | Copyright Text | SpdxLicensable | copyrightText | No change to current spec. Property should be associated with all Licensable elements. |
File Information | Artifact of Project Name | SpdxLicensable | relatedLicensable | Replace the Artifact Of with a generalized concept of a related SPDX Licensable. Alternatively, leave the relationship specific to file per Peter’s proposal. |
File Information | Artifact of Project Homepage | SpdxLicensable | relatedLicensable | Replace the Artifact Of with a generalized concept of a related SPDX Licensable. Alternatively, leave the relationship specific to file per Peter’s proposal. |
File Information | Artifact of Project URI | SpdxLicensable | relatedLicensable | Replace the Artifact Of with a generalized concept of a related SPDX Licensable. Alternatively, leave the relationship specific to file per Peter’s proposal. |
Review Information | Reviewer | Review | reviewer | No change to current spec. |
Review Information | Review Date | Review | reviewDate | No change to current spec. |
Review Information | Comments | Review | Rdfs:comment | No change to current spec. |
<img src="http://www.spdx.org/system/files/proposedmodel.png" alt="Class Diagram" width="909" height="529" />
