DISCOVERY: Clarify the UUID TEI TYPE - align with standards

CycloneDX / transparency-exchange-api

A standard API specification for exchanging supply chain artifacts and intelligence

https://tc54.org/

Apache License 2.0

59 stars 9 forks source link

DISCOVERY: Clarify the UUID TEI TYPE - align with standards #90

Closed oej closed 1 day ago

oej commented 1 day ago

https://datatracker.ietf.org/doc/html/rfc9562 defines many versions of UUID.

We need to either specify ONE version we use in the TEI UUID type or allow for multiple types.

Multiple types could look like:

tei:uuid:carloselectriccycles.com:uuidv3:234234-234-234-234-3

Not sure if there would be any benefit from supporting multiple UUID types from the API/TEI point of view. Are we aware of any usage out there that we need to support?

ppkarwasz commented 1 day ago

I think that each producer can decide its own UUID type and even change UUID type in time. The only requirement I see is that the identifier must be unique, which means that tei:carloselectriccyccles.com:turbo_bike is a very poor choice of an identifier.

Note that UUIDs already contain the version number in their digits, so just using uuid:<something> identifiers should be fine. On the other hand the uuid: namespace should always be included in the identifier.

oej commented 1 day ago

I did not read that the UUID version number is included. THat's great then. We're fine and can close this. Thank you @ppkarwasz !!