Rolie examples #315
Rolie examples #315
Conversation
tschmidtb51
commented
Jul 23, 2021
tschmidtb51
commented
- resolves Add ROLIE examples #313
- add examples for ROLIE service document
- add example for ROLIE category document
- update example for ROLIE feed document:
- update schema (as done with Namespace upgrade #312)
- update category to hold more than one (see RFC8322)
- addresses part of oasis-tcs#313 - add example for ROLIE service document
- addresses part of oasis-tcs#313 - update example for ROLIE feed from "security advisory" to "csaf" to avoid conflicts with profiles
- addresses part of oasis-tcs#313 - fix mistake in ROLIE service document example
- addresses part of oasis-tcs#313 - add extended example for ROLIE service document
- addresses part of oasis-tcs#312 and oasis-tcs#313 - update namespace in ROLIE feed example
- addresses part of oasis-tcs#313 - add example for ROLIE category document
- addresses part of oasis-tcs#313 - according to https://datatracker.ietf.org/doc/html/rfc8322#section-6.1.1 as feed can have more than one category
tschmidtb51
added
documentation
csaf 2.0
|
@mprpic Please review this PR with ROLIE examples. |
|
@santosomar, @sthagen We did not receive additional feedback to this. Therefore, I suggest to merge it (to provide a full CSD for review) and point it out in the TC meeting. |
| "term": "Example Company Product B" | ||
| } | ||
| ] | ||
| } |
There was a problem hiding this comment.
I think this also need to specify a scheme to which these categories relate. Though, I'm not sure what the value of that field should be, so:
{
"categories": {
"category": [
{
"term": "Example Company Product A"
},
{
"term": "Example Company Product B"
}
],
"scheme": "<reference to itself?>"
}
}Perhaps it can just be an arbitrary URN that gets then used in the individual documents. I think only terms specific to the urn:ietf:params:rolie:category:information-type category don't need to be explicitly noted in the category document.
For now, I'd recommend using a self-reference to the category document itself as the scheme.
There was a problem hiding this comment.
I think this also need to specify a scheme to which these categories relate.
I agree that there SHOULD be a category scheme. However, while reading RFC 5023 Section 7 I did not see that it is mandatory
appInlineCategories =
element app:categories {
attribute fixed { "yes" | "no" }?,
attribute scheme { atomURI }?,
(atomCategory*,
undefinedContent)
}
Therefore, I skipped it. But I might have overlooked something. Can you please double-check that?
If it is necessary, I second your approach to app the reference to itself in the document.
There was a problem hiding this comment.
Nevertheless, you are right about mentioning of category.
There was a problem hiding this comment.
I fixed that in 10eae59.
There was a problem hiding this comment.
You're right, it is optional. Let's leave it out. Thanks for the category fix!
There was a problem hiding this comment.
No worries. I also fixed that in the service document examples and fixed a filename error.
- addresses review comment of oasis-tcs#315 - add missing "category" keyword - fix typo
- addresses review comment of oasis-tcs#315 - add missing "category" keyword - fix typo
tschmidtb51
force-pushed
the
rolie-examples
branch
from
f44b6cb
to
10eae59
Compare
- addresses review comment of oasis-tcs#315 - fix missing "category" keyword in service document examples as [Section 8.3.6](https://datatracker.ietf.org/doc/html/rfc5023#section-8.3.6) links to category description
- addresses review comment of oasis-tcs#313 - fix filename mistake (be compliant to Section 5.1)
- addresses parts of oasis-tcs#313 - fix filename also in other places
