THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Technical Team/Proposals/2010-12-07/Tag-value RDF mapping

From SPDX Wiki
< Technical Team‎ | Proposals
Revision as of 03:21, 13 December 2010 by Pezra (Talk | contribs)

Jump to: navigation, search

Status

Draft


Issue

The mechanism and details of how the tag-value format relates to the rdf model are not clear. Also there are many special cases regarding now following lines are parsed based on the tag. These issues combined with the lack of an overview section on the tag-value format make it hard to understand how the tag-value files should be produced.

Proposal

The direct relationship between the tags and rdf properties will be stated explicitly. All simple tag names match rdf property name without the spdx vocabulary prefix. Arbitrary rdf properties will be allows to be tags when they are enclosed in angle brackets ("<", ">"). This will support forward compatibility and innovation by allowing vendor or communities to introduce new data into spdx files.

A uniform way declare new resources (entities) and link to them will be introduced. A new resource would be declared by enclosing the type of the resource and it's uri, either full or a <a href="http://www.w3.org/TR/2007/WD-curie-20070307/">CURIE</a> or node-id if it is a blank node, in square brackets ("[", "]"). The resource type will be Package, File, Project or License

A uniform way to handle multiline values will be introduced. Any tag value that started with double quote ('"') would extend until a second, unescaped, double quote was encountered. If the content of the value included a double quote it could be escaped by prefixing it with a back slash character ("\"). This will allow parsers to handle multiline values on unrecognized fields which dramatically improves forward compatibility.

Values would will be treated as literals unless the SPDX processor is aware that the tag is declared as an owl:ObjectProperty. For owl:ObjectProperty fields the SPDX processor can resolve the value into a resource by first looking at the blank node ids in the document, if the value does not match any of the declared node ids it should be treated as a <a href="http://www.w3.org/TR/2007/WD-curie-20070307/">CURIE</a> or URI. For the purpose of CURIE resolution the following prefixes will be defined: license (the SPDX license repo prefix), doap

Example 1: Simple SPDX file with non-standard license

<code><br />SPDXVersion: SPDX-1.0<br />CreatedBy: Tool: spdx-gen 1.0<br /><br />[Package http://oss.net/foo-1.0.tar.gz]<br />DeclaredLicense: FullLicense-1<br />DeclaredLicense: license:GPL2<br />Description: "This<br />is along<br />multiline value"<br /><br />[License FullLicnse-1]<br />LicenseText: "<br />Some terms and conditions<br />"<br /><br /></code>

Example 2: Simple SPDX file with vendor specific tag

<code><br />SPDXVersion: SPDX-1.0<br />CreatedBy: Tool: spdx-gen 1.0<br /><br />[Package http://oss.net/foo-1.0.tar.gz]<br />DeclaredLicense: license:GPL2<br />Description: "This<br />is a long<br />multiline value"<br /><http://example.org/sha256-signature>: "ac44f9eecaf832..."<br /></code>

Example 3: Simple SPDX file with files

<code><br />SPDXVersion: SPDX-1.0<br />CreatedBy: Tool: spdx-gen 1.0<br /><br />[Package http://oss.net/foo-1.0.tar.gz]<br />DeclaredLicense: license:GPL2<br />Description: "This<br />is along<br />multiline value"<br />Files: http://oss.net/foo-1.0.tar.gz#foo.c, http://oss.net/foo-1.0.tar.gz#bar.c<br /><br />[File http://oss.net/foo-1.0.tar.gz#foo.c]<br />Type: source<br />DetectedLicense: license:GPL2<br /><br />[File http://oss.net/foo-1.0.tar.gz#bar.c]<br />Type: source<br />DetectedLicense: license:GPL2<br /></code>

Example 4: Simple SPDX file with file and artifact info

<code><br />SPDXVersion: SPDX-1.0<br />CreatedBy: Tool: spdx-gen 1.0<br /><br />[Package http://oss.net/foo-1.0.tar.gz]<br />DeclaredLicense: license:GPL2<br />Description: "This<br />is along<br />multiline value"<br />Files: http://oss.net/foo-1.0.tar.gz#foo.c<br /><br />[File http://oss.net/foo-1.0.tar.gz#foo.c]<br />Type: source<br />DetectedLicense: license:GPL2<br />ArtifactOf: JRandomProject<br /><br />[doap:Project JRandomProject]<br />doap:name: J Random Project<br />doap:homepage: http://oss.org/j-random-project<br /><br /></code>