diff --git a/model/Software/Classes/ContentIdentifier.md b/model/Software/Classes/ContentIdentifier.md new file mode 100644 index 000000000..41dd819d8 --- /dev/null +++ b/model/Software/Classes/ContentIdentifier.md @@ -0,0 +1,30 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# ContentIdentifier + +## Summary + +A canonical, unique, immutable identifier + +## Description + +A ContentIdentifier is a canonical, unique, immutable identifier of the content of a software artifact, such as a package, a file, or a snippet. +It can be used for verifying its identity and integrity. + +## Metadata + +- name: ContentIdentifier +- SubclassOf: /Core/IntegrityMethod +- Instantiability: Concrete + +## Properties + +- contentIdentifierType + - type: ContentIdentifierType + - minCount: 1 + - maxCount: 1 +- contentIdentifierValue + - type: xsd:anyURI + - minCount: 1 + - maxCount: 1 + diff --git a/model/Software/Classes/SoftwareArtifact.md b/model/Software/Classes/SoftwareArtifact.md index 353bd69fd..9b871c71a 100644 --- a/model/Software/Classes/SoftwareArtifact.md +++ b/model/Software/Classes/SoftwareArtifact.md @@ -19,10 +19,6 @@ such as a package, a file, or a snippet. ## Properties -- gitoid - - type: xsd:anyURI - - minCount: 0 - - maxCount: 2 - primaryPurpose - type: SoftwarePurpose - minCount: 0 @@ -37,4 +33,7 @@ such as a package, a file, or a snippet. - attributionText - type: xsd:string - minCount: 0 +- contentIdentifier + - type: ContentIdentifier + - minCount: 0 diff --git a/model/Software/Properties/contentIdentifier.md b/model/Software/Properties/contentIdentifier.md new file mode 100644 index 000000000..1a8d177e8 --- /dev/null +++ b/model/Software/Properties/contentIdentifier.md @@ -0,0 +1,19 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# contentIdentifier + +## Summary + +A canonical, unique, immutable identifier of the artifact content, that may be used for verifying its identity and/or integrity. + +## Description + +A contentIdentifier is a canonical, unique, immutable identifier of the content of a software artifact, such as a package, a file, or a snippet. +It may be used for verifying its identity and/or integrity. + +## Metadata + +- name: contentIdentifier +- Nature: DataProperty +- Range: ContentIdentifier + diff --git a/model/Software/Properties/contentIdentifierType.md b/model/Software/Properties/contentIdentifierType.md new file mode 100644 index 000000000..d03f89974 --- /dev/null +++ b/model/Software/Properties/contentIdentifierType.md @@ -0,0 +1,18 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# contentIdentifierType + +## Summary + +Specifies the type of the content identifier. + +## Description + +A contentIdentifierType specifies the type of the content identifier. + +## Metadata + +- name: contentIdentifierType +- Nature: ObjectProperty +- Range: ContentIdentifierType + diff --git a/model/Software/Properties/contentIdentifierValue.md b/model/Software/Properties/contentIdentifierValue.md new file mode 100644 index 000000000..f707c7f99 --- /dev/null +++ b/model/Software/Properties/contentIdentifierValue.md @@ -0,0 +1,18 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# contentIdentifierValue + +## Summary + +Specifies the value of the content identifier. + +## Description + +A contentIdentifierValue specifies the value of a content identifier. + +## Metadata + +- name: contentIdentifierValue +- Nature: DataProperty +- Range: xsd:anyURI + diff --git a/model/Software/Properties/gitoid.md b/model/Software/Properties/gitoid.md deleted file mode 100644 index bf2cdcf15..000000000 --- a/model/Software/Properties/gitoid.md +++ /dev/null @@ -1,23 +0,0 @@ -SPDX-License-Identifier: Community-Spec-1.0 - -# gitoid - -## Summary - -Used to record the artifact’s gitoid: a canonical, unique, immutable identifier that can be used for software integrity verification. - -## Description - -The gitoid is a canonical, unique, immutable artifact identifier for each software artifact. -The gitoid for any software artifact can be calculated and recorded in SPDX 3.0 Snippet, File, or Package Elements. - -The gitoid is defined as the Git Object Identifier of type `blob` of the software artifact, expressed in the [gitoid URI scheme](https://www.iana.org/assignments/uri-schemes/prov/gitoid). - -The OmniBOR ID for the OmniBOR Document associated with a software artifact should not be recorded in this field. Rather, OmniBOR IDs should be recorded in the SPDX Element's ExternalIdentifier property. - -## Metadata - -- name: gitoid -- Nature: DataProperty -- Range: xsd:anyURI - diff --git a/model/Software/Vocabularies/ContentIdentifierType.md b/model/Software/Vocabularies/ContentIdentifierType.md new file mode 100644 index 000000000..09bd08135 --- /dev/null +++ b/model/Software/Vocabularies/ContentIdentifierType.md @@ -0,0 +1,21 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# ContentIdentifierType + +## Summary + +Specifies the type of a content identifier. + +## Description + +ContentIdentifierType specifies the type of a content identifier. + +## Metadata + +- name: ContentIdentifierType + +## Entries + +- gitoid: Gitoid stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects) and a gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent the software [Artifact ID](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#artifact-id) or the [OmniBOR Identifier](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#omnibor-identifier) for the software artifact's associated [OmniBOR Document](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#omnibor-document). +- swhid: SoftWare Hash IDentifier, persistent intrinsic identifiers for digital artifacts. The syntax of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) and in the case of filess they typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`. +