Interoperable Europe logo

What can be reused from the ISO/IEC 19770 standard on Software Asset Management

Anonymous (not verified)
Published on: 25/05/2012 Discussion Archived

Roger Meier raised the following comment during the public review:

"I really like the combination of existing industry standards such as DOAP, TROVE and SPDX. It is a great vision to integrate them into a common standard!

I have two questions at the moment:

  • Lot of F/OSS does depend on commercial software. Why do you completely ignore commercial software?
  • What about the ISO/IEC 19770 series did you had a look on this?"

https://joinup.ec.europa.eu/asset/adms_foss/topic/public-comments-admsf/oss-v03#comment-12044

Component

Miscellaneous

Category

Related Work
Report abusive content Invite Share

Comments

stijngoedertier (not verified) Fri, 25/05/2012 - 09:31

Thanks for pointing this out. I had a brief look at this standard. The use cases of Software Asset Management (e.g. software tagging) are related but different from our main use case of facilitating the exploration and search for software on the Web:

  • Software Identification Tags (SWID tags): From my understanding, the ISO/IEC 19770-2:2009 standard is a data model that allows software publishers to ensure that the software assets they produce can be uniquely identified and uniformely described through certified or uncertified software identification tags. The identification tags can be certified by organisations such as tagvault.org and can be maintained in a centralised repository that can be consulted by Software Asset Management tools. The ISO/IEC 19770-2:2009  data model is expressed as an XML schema as has some metadata properties and relationships that are similar to what is described in ADMS.F/OSS
  • Software Entitlement Tags: 19770-3 specification (under development) will be a data model to describe software entitlement tags, i.e. the proof of acquiring the right to use the software. This is rather outside the scope of ADMS.F/OSS.

The idea of software tagging is also envisioned by the Software Package Data Exchange (SPDX) community. The SPDX is a specification to tag   for open-source software packages to help companies streamline their open source license compliance processes.

There are synergies that could  be exploited. I see the following:

  • Synergy 1: The swid:software_id element is not URI-based but could be used to mint URIs that unique identify software distributions (i.e. software packages). This can be added to the specification as a recommendation or guideline. In my opinion, this should not be mandatory: it must remain possible to identify software distributions using a non-SWID enabled URI.
  • Synergy 2: The ADMS.F/OSS specification could provide a hook to embed Software Identification Tags, and  SPDX tags within the software description metadata. I think this can be done in two ways:
    1. Option 1 - Link to the tag: ​add a link to the tag. SPDX is URI-based, and I expect that the swid:software_id element  can be used to mint (prefereble de-referenceable HTTP-based) URIs. 
    2. Option 2 - Embed the tag: embed the entire SWID tag as an XMLLiteral inside the RDF code. This option does not require to mint URIs, but requires tool support to parse the XMLLiteral. 
  1. http://www.iso.org/iso/catalogue_detail.htm?csnumber=53670
  2. http://standards.iso.org/iso/19770/-2/2009/schema.xsd
  3. http://tagvault.org
  4. http://tagvault.org/standards/software-identification-tag/swid-tag-overview
  5. http://www.spdx.org/
Login or create an account to comment.