Add modelCard to Service definition

CycloneDX / specification

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

https://cyclonedx.org/

Apache License 2.0

363 stars 59 forks source link

Add modelCard to Service definition #268

Open mrutkows opened 1 year ago

mrutkows commented 1 year ago

More and more "AI" services are being offered as endpoints (generation, summarization, analysis, etc.); it would a valid consideration to be able to declare which AI models were being used behind such services. That is, these are not necessarily packaged or offered as top-level "components" per-se.

mrutkows commented 1 year ago

Again, we should re-visit what makes a component definition and service definition unique (e.g., software services are accessed over a network) as both will have similar information (shared) from a BOM-perspective (i.e., read common base type).

stevespringett commented 1 year ago

Agreed. You should be able to accomplish this two different ways today.

1) An external reference on the service that specifies the SBOM that makes up that service 2) An external reference on the service that specifies the model card, which can appear in the same BOM or in an external BOM.