Difference between revisions of "Technical Team/Proposals/2010-12-07/Tag-value RDF mapping"

Revision as of 18:50, 7 December 2010

Status

Draft

Issue

The mechanism and details of how the tag-value format relates to the rdf model are not clear. Also there are many special cases regarding now following lines are parsed based on the tag. These issues combined with the lack of an overview section on the tag-value format make it hard to understand how the tag-value files should be produced.

Proposal

The direct relationship between the tags and rdf properties will be stated explicitly. All simple tag names match rdf property name without the spdx vocabulary prefix. Arbitrary rdf properties will be allows to be tags when they are enclosed in angle brackets ("<", ">"). This will support forward compatibility and innovation by allowing vendor or communities to introduce new data into spdx files.

A uniform way declare new resources (entities) and link to them will be introduced. A new resource would be declared by enclosing the type of the resource and it's uri, or node-id if it is a blank node, in square brackets ("[", "]"). The resource type would either be a full uri and enclosed in angle brackets or a spdx class name without the spdx vocabulary prefix.

A uniform way to reference bank nodes would be introduced. A node id reference would be a string that starts with a "@". This would allow any tag to reference a blank node resource declared in the spdx files. Node ids would be scoped to the spdx file in which they occur.

A uniform way to handle multiline values will be introduced. Any tag value that started with double quote ('"') would extend until a second, unescaped, double quote was encountered. If the content of the value included a double quote it could be escaped by prefixing it with a back slash character ("\"). This will allow parsers to handle multiline values on unrecognized fields which dramatically improves forward compatibility.

Example 1: Simple SPDX file with non-standard license

<code><br />SPDXVersion: SPDX-1.0<br />CreatedBy: Tool: spdx-gen 1.0<br /><br />[Package <http://oss.net/foo-1.0.tar.gz>]<br />DeclaredLicense: @FullLicense-1<br />DeclaredLicense: <license:GPL2><br />Description: "This<br />is along<br />multiline value"<br /><br />[License FullLicnse-1]<br />LicenseText: "<br />Some terms and conditions<br />"<br /><br /></code>

Example 2: Simple SPDX file with vendor specific tag

<code><br />SPDXVersion: SPDX-1.0<br />CreatedBy: Tool: spdx-gen 1.0<br /><br />[Package <http://oss.net/foo-1.0.tar.gz>]<br />DeclaredLicense: <license:GPL2><br />Description: "This<br />is along<br />multiline value"<br /><http://example.org/sha256-signature>: "ac44f9eecaf832..."<br /></code>

Example 3: Simple SPDX file with files

<code><br />SPDXVersion: SPDX-1.0<br />CreatedBy: Tool: spdx-gen 1.0<br /><br />[Package <http://oss.net/foo-1.0.tar.gz>]<br />DeclaredLicense: <license:GPL2><br />Description: "This<br />is along<br />multiline value"<br />Files: <http://oss.net/foo-1.0.tar.gz#foo.c>, <http://oss.net/foo-1.0.tar.gz#bar.c><br /><br />[File <http://oss.net/foo-1.0.tar.gz#foo.c>]<br />Type: source<br />DetectedLicense: <license:GPL2><br /><br />[File <http://oss.net/foo-1.0.tar.gz#bar.c>]<br />Type: source<br />DetectedLicense: <license:GPL2><br /><br /></code>

Example 4: Simple SPDX file with file and artifact info

<code><br />SPDXVersion: SPDX-1.0<br />CreatedBy: Tool: spdx-gen 1.0<br /><br />[Package <http://oss.net/foo-1.0.tar.gz>]<br />DeclaredLicense: <license:GPL2><br />Description: "This<br />is along<br />multiline value"<br />Files: <http://oss.net/foo-1.0.tar.gz#foo.c><br /><br />[File <http://oss.net/foo-1.0.tar.gz#foo.c>]<br />Type: source<br />DetectedLicense: <license:GPL2><br />ArtifactOf: @JRandomProject<br /><br />[<doap:Project> JRandomProject]<br /><doap:name>: J Random Project<br /><doap:homepage>: http://oss.org/j-random-project<br /><br /></code>