stevespringett
commented
2 months ago Open prabhu opened 2 months ago
stevespringett
commented
2 months ago 
prabhu
commented
2 months ago @stevespringett are you proposing to use properties instead of a top-level id? It might be alright
stevespringett
commented
2 months ago There are many types of identifiers used in hardware devices. CycloneDX properties capture many of the common ones, but there are many industry-specific formats. For example UDI is required for medical devices in the U.S, but there are some challenges in terms of variants of the spec.
https://www.greenlight.guru/blog/udi-unique-device-identifiers-fda https://www.greenlight.guru/blog/udi-101
I think in order to support hardware identifiers natively, we would need to a simple way to add initial support identifiers used in the most common industries along with the existing support for general identifiers in the property taxonomy, but also allow future identifers to easily be added, My initial thought on this is to use enumerations.
"components": [
{
"type": "device",
"name": "my device",
"hardwareProperties": {
"identities": [
{ "type": "serialNumber", "value": "123456", "encoding": "TBD" },
{ "type": "gtin-14", "value": "12345678901234", "encoding": "TBD" }
]
}
}
]Note, some hardware identifier schemes have optional or required encoding methods that should likely also be captured.
Currently, there are no PURL equivalents for Hardware. The closest I could find were:
The proposal is to add
hwidas an array attribute under component and let the user populate the same with array of strings.