This document will itemize the types of repository content we intend to address in Phases I as well as the specfic metadata requirements for each content type.
So... if there's a type of repository content or piece of metadata that you want this project to address, and it's not on this page... please tell us via the mailing list!
"Content Types" are the principal subjects about which we can retrieve metadata, i.e. things found in Phase I example repositories and formats.
Content Types that our proposal must support in Phase I:
- Repository: a source of OVAL/SCAP content
- Package: an OVAL definitions file, SCAP 1.0 Bundle or SCAP 1.2 Datastream
For each Content Type in the list above, itemize and describe useful metadata fields:
- Repository
- Title: the name of the repository
- Description: a description of the repository
- Maintainers: name and contact information for repository maintainers
- Package
- Title: the name of the package
- Description: a description of the package
- Use Case: vulnerabilty, compliance, patch, inventory, or miscellaneous
- Applicable Platform: the platform that the package content applies to
- Coverage Scope: a brief description of the intended scope of the content coverage (e.g. OS, Application, Bulletin, CVE, STIG, etc.)
- Source: the name of the source(s) of the content
- License Name: the name of the license the content is published under
- License URL: a URL to the license the content is published under
- Package URL: the download URL for the content package
- Package ID: an identifier assigned by the repository for this package that remains constant while package is versioned
- References: references included in package (CVE, CCEs, etc.)
- Format: OVAL definitions file, SCAP 1.2 Datastream, etc.
- Last Updated Date
- Checksum (for file integrity)
List and describe any useful repository-global or other non-content-type metadata fields:
- TBD
This document is a work in progress!