THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Technical Team/Proposals/SPDX 2.0 Model Proposals"

From SPDX Wiki
Jump to: navigation, search
 
Line 1: Line 1:
<p>&nbsp;</p><p>3. This page brings together various modelling proposals for 2.0 under a common page.</p><p>&nbsp;</p><p>The models currently under discusson are:</p><p>&nbsp;</p><p>1. <a title="Rough Conceptual Model" href="http://spdx.org/wiki/yet-another-rough-proposal-conceptual-model-spdx-2%20">Rough Conceptual Model</a> </p><p>"This conceptual model is an attempt to incrementally add hierarchy and provenance capabilities to the existing SPDX model. Many of the <a href="http://spdx.org/wiki/spdx-20-use-cases">use cases</a> have been considered but further analysis is necessary to ensure that this model covers all scenarios. ..."</p><p>&nbsp;</p><p>2. <a title="Supply Chain Model" href="http://spdx.org/wiki/rough-proposal-hierarchy-signing-and-supply-chain-friendliness-spdx-20">Provenance and Supply Chain Model </a></p><p>" A desire has been expressed to be able to have SPDX be capable of expressing</p><p>&nbsp;</p><p>&nbsp;</p><ol><li><a href="http://spdx.org/wiki/sdpx-20-provenance">Provenance</a> (we can know precisely who said what and when about a package)</li><li>Hiearchy and Aggregation ( package A contains packages B, C, etc)</li><li>How software flows through a supply chain (upstream to packager, through several intermediate vendors to consumer) ..."</li></ol><p>&nbsp;</p><p>3. <a title="Merged Model Proposal" href="http://www.spdx.org/wiki/2012-feb-1-merged-model-proposal">Merged Model Proposal</a></p><p>"Below is a class diagram merging Ed Warnicke's proposed SPDX Element model with the 1.0 model.&nbsp; Definately a work in progress.&nbsp; Most of the class definitions can be found in the 1.0 spec in the RDF appendix (model) or in Ed's proposal (<a href="http://spdx.org/wiki/rough-proposal-hierarchy-signing-and-supply-chain-friendliness-spdx-20">http://spdx.org/wiki/rough-proposal-hierarchy-signing-and-supply-chain-friendliness-spdx-20</a>).</p><p>The goals of this proposal are to:</p><p>- Support the use cases for the 1.0 spec</p><p>- Support the supply chain use cases</p><p>- Support the "hierarchical" or embedded package use cases</p><p>- Provide a more abstract model which can simplify the application of SPDX to some of the more complex use cases ... "</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p>
+
<p>&nbsp;</p><p>This page brings together various modelling proposals for 2.0 under a common page. The models currently under discusson are shown below with a brief exceprt from the page:</p><p>&nbsp;</p><p>1. <a title="Rough Conceptual Model" href="http://spdx.org/wiki/yet-another-rough-proposal-conceptual-model-spdx-2%20">Rough Conceptual Model</a></p><p>"This conceptual model is an attempt to incrementally add hierarchy and provenance capabilities to the existing SPDX model. Many of the <a href="http://spdx.org/wiki/spdx-20-use-cases">use cases</a> have been considered but further analysis is necessary to ensure that this model covers all scenarios. ..."</p><p>&nbsp;</p><p>2. <a title="Supply Chain Model" href="http://spdx.org/wiki/rough-proposal-hierarchy-signing-and-supply-chain-friendliness-spdx-20">Provenance and Supply Chain Model </a></p><p>" A desire has been expressed to be able to have SPDX be capable of expressing</p><ol><li><a href="http://spdx.org/wiki/sdpx-20-provenance">Provenance</a> (we can know precisely who said what and when about a package)</li><li>Hiearchy and Aggregation ( package A contains packages B, C, etc)</li><li>How software flows through a supply chain (upstream to packager, through several intermediate vendors to consumer) ..."</li></ol><p>&nbsp;</p><p>3. <a title="Merged Model Proposal" href="http://www.spdx.org/wiki/2012-feb-1-merged-model-proposal">Merged Model Proposal</a></p><p>"Below is a class diagram merging Ed Warnicke's proposed SPDX Element model with the 1.0 model.&nbsp; Definately a work in progress.&nbsp; Most of the class definitions can be found in the 1.0 spec in the RDF appendix (model) or in Ed's proposal (<a href="http://spdx.org/wiki/rough-proposal-hierarchy-signing-and-supply-chain-friendliness-spdx-20">http://spdx.org/wiki/rough-proposal-hierarchy-signing-and-supply-chain-friendliness-spdx-20</a>).</p><p>The goals of this proposal are to:</p><p>- Support the use cases for the 1.0 spec</p><p>- Support the supply chain use cases</p><p>- Support the "hierarchical" or embedded package use cases</p><p>- Provide a more abstract model which can simplify the application of SPDX to some of the more complex use cases ... "</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p>

Revision as of 19:12, 21 August 2012

 

This page brings together various modelling proposals for 2.0 under a common page. The models currently under discusson are shown below with a brief exceprt from the page:

 

1. <a title="Rough Conceptual Model" href="http://spdx.org/wiki/yet-another-rough-proposal-conceptual-model-spdx-2%20">Rough Conceptual Model</a>

"This conceptual model is an attempt to incrementally add hierarchy and provenance capabilities to the existing SPDX model. Many of the <a href="http://spdx.org/wiki/spdx-20-use-cases">use cases</a> have been considered but further analysis is necessary to ensure that this model covers all scenarios. ..."

 

2. <a title="Supply Chain Model" href="http://spdx.org/wiki/rough-proposal-hierarchy-signing-and-supply-chain-friendliness-spdx-20">Provenance and Supply Chain Model </a>

" A desire has been expressed to be able to have SPDX be capable of expressing

  1. <a href="http://spdx.org/wiki/sdpx-20-provenance">Provenance</a> (we can know precisely who said what and when about a package)
  2. Hiearchy and Aggregation ( package A contains packages B, C, etc)
  3. How software flows through a supply chain (upstream to packager, through several intermediate vendors to consumer) ..."

 

3. <a title="Merged Model Proposal" href="http://www.spdx.org/wiki/2012-feb-1-merged-model-proposal">Merged Model Proposal</a>

"Below is a class diagram merging Ed Warnicke's proposed SPDX Element model with the 1.0 model.  Definately a work in progress.  Most of the class definitions can be found in the 1.0 spec in the RDF appendix (model) or in Ed's proposal (<a href="http://spdx.org/wiki/rough-proposal-hierarchy-signing-and-supply-chain-friendliness-spdx-20">http://spdx.org/wiki/rough-proposal-hierarchy-signing-and-supply-chain-friendliness-spdx-20</a>).

The goals of this proposal are to:

- Support the use cases for the 1.0 spec

- Support the supply chain use cases

- Support the "hierarchical" or embedded package use cases

- Provide a more abstract model which can simplify the application of SPDX to some of the more complex use cases ... "