OASIS Static Analysis Results Interchange Format (SARIF) TC

 View Only

First draft of sarif URI scheme registration

  • 1.  First draft of sarif URI scheme registration

    Posted 09-18-2020 00:47
      |   view attached
    Hi Chet,   Here is the first draft of the registration for the sarif URI scheme.   It cites the SARIF specification. However, the SARIF spec doesn’t really meet the requirements of RFC7595 for a “permanent” scheme registration. A permanent registration requires a “scheme specification”, a document that describes (among other things):      Scheme syntax:      See Section 3.2 for guidelines.      Scheme semantics:      See Section 3.3 and Section 3.4 for guidelines.      Encoding considerations:      See Section 3.3 and Section 3.6 for guidelines.      Interoperability considerations:      See Section 3.9 for guidelines.      Security considerations:      See Section 3.7 for guidelines   It also needs to include a description of the utility of the scheme, the context of use, and a description of the “operations” that can be performed on URIs that use that scheme (for example, GET).   Some of this is implicit in the SARIF spec, a little of it is spelled out, and a lot is missing. In general, the RFC seems to imply that a “scheme specification” is a whole separate document that itself goes through a standards process.   One workaround would be to request a “provisional” registration, which doesn’t require a scheme specification document.   What do you recommend? Michael and David also explicitly on the To: line for their input.   Thanks, Larry   Scheme name: sarif Status: Permanent Applications/protocols that use this scheme name: The sarif scheme can be used by any application that processes file that conform to the SARIF 2.1.0 specification, including but not limited to: - Static analysis tools - Static analysis results visualization tools (viewers) - Bug filing tools - Defect databases - Compliance systems Contact: Michael C. Fanning (mikefan&microsoft.com) and Laurence J. Golding (v-lgold&microsoft.com) Change controller: OASIS Open ( https://www.oasis-open.org/ ) References: Static Analysis Results Interchange Format (SARIF) Version 2.1.0. Edited by Michael C. Fanning and Laurence J. Golding. 27 March 2020. OASIS Standard. https://docs.oasisopen.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html . Latest stage: https://docs.oasisopen.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html .

    Attachment(s)

    txt
    sarif-uri-scheme.txt   931 B 1 version