search

protocol-registries / link-relations

Registry for Link Relation Types
https://www.iana.org/assignments/link-relations/
27 stars 14 forks source link

Registration Request: signature #51

Open paul-knight opened 1 year ago

paul-knight commented 1 year ago

Relation Name

signature

Description

Refers to a resource that contains the context's cryptographic signature.

Reference

https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#7115-requirement-15-rolie-feed

Additional Information

The OASIS Common Security Advisories Framework (CSAF) Technical Committee (TC) has been chartered to standardize the implementation and exchange of security advisories. The automatic and fast discovery of relevant as well as actionable security advisories is an important step in the process of effectively mitigating and ultimately removing vulnerabilities as they become apparent. We are requesting the registration of a "signature" link type that would contain parameters and configuration requirements to allow this level of automated discovery. Resource-Oriented Lightweight Information Exchange (ROLIE) is a standard to ease discovery of security content. ROLIE is built on top of the Atom Publishing Format and Protocol, with specific requirements that support publishing security content. Each ROLIE feed document MUST be a JSON file that conforms with [RFC8322]. Any existing signature file (requirement 19) MUST be listed in the corresponding entry of the ROLIE feed as an item of the array link having the rel value of signature.

For further reference, the CSAF version 2.0 OASIS Standard is always available at: https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html

mnot commented 1 year ago

The second comment in #50 apply here too -- if you want to register a generic term like signature, it should be specified more fully (ideally in a standalone document, but at least in its own section that makes it clear it's not specific to this application). Alternatively, a name like csaf-signature would work.

paul-knight commented 1 year ago

Mark, The specification editors have agreed that the members of the OASIS CSAF Technical Committee need to discuss and agree on how best to handle this internally. Will it be okay to put this on hold for a while, and return to the ticket once a decision is made?

mnot commented 1 year ago

Of course.