Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add an external ref for an X.509 Cert #961

Open
wants to merge 3 commits into
base: service-profile
Choose a base branch
from
+5 −4
Open

Add an external ref for an X.509 Cert #961

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d470942
Add an external ref for an X.509 Cert
goneall Jan 22, 2025
bd45c24
Fix validation issues
goneall Jan 22, 2025
344093f
better link for rfc1422
goneall Jan 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions model/Core/Vocabularies/ExternalRefType.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,3 +62,4 @@ ExternalRefType specifies the type of an external reference.
- vcs: A reference to a version control system related to a software artifact.
- vulnerabilityDisclosureReport: A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/161/r1/final).
- vulnerabilityExploitabilityAssessment: A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page summary](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf).
- x509Cert: A reference to an X.509 certificate as defined in [RFC 1422](https://datatracker.ietf.org/doc/rfc1422/). The media type should be one of application/x-x509-ca-cert or application/x-x509-user-cert.
2 changes: 1 addition & 1 deletion model/Service/Classes/ServiceProvider.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@ A ServiceProvider is an entity that provide a software service.
## Metadata

- name: ServiceProvider
- SubclassOf: Agent
- SubclassOf: /Core/Agent
- Instantiability: Concrete
4 changes: 2 additions & 2 deletions model/Service/Classes/SoftwareService.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ SoftwareService represents software being licensed, delivered and accessed onlin
## Properties

- provider
- type: Agent
- type: /Core/Agent
- minCount: 1
- serverAuthenticationProtocol
- type: AuthenticationProtocolType
Expand All @@ -22,5 +22,5 @@ SoftwareService represents software being licensed, delivered and accessed onlin
## Metadata

- name: SoftwareService
- SubclassOf: Element
- SubclassOf: /Core/Element
- Instantiability: Concrete
2 changes: 1 addition & 1 deletion model/Service/Properties/provider.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,4 @@ The Agent that provides a SoftwareService to one or more consumers.

- name: provider
- Nature: ObjectProperty
- Range: Agent
- Range: /Core/Agent
Loading