-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathietf-mud-transparency.yang
183 lines (168 loc) · 5.37 KB
/
ietf-mud-transparency.yang
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
module ietf-mud-transparency {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-mud-transparency";
prefix mudtx;
import ietf-inet-types {
prefix inet;
reference
"RFC 6991";
}
import ietf-mud {
prefix mud;
reference
"RFC 8520";
}
organization
"IETF OPSAWG (Ops Area) Working Group";
contact
"WG Web: https://datatracker.ietf.org/wg/opsawg/
WG List: [email protected]
Editor: Eliot Lear [email protected]
Editor: Scott Rose [email protected]";
description
"This YANG module augments the ietf-mud model to provide for
reporting of SBOMs and vulnerability information.
Copyright (c) 2023 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to
the license terms contained in, the Revised BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX);
see the RFC itself for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here. ";
revision 2023-01-12 {
description
"Initial proposed standard.";
reference
"RFC XXXX: Discovering and Retrieving Software Transparency
and Vulnerability Information";
}
identity local-type {
description
"Base identity for local-well-known choices";
}
identity http {
base mudtx:local-type;
description
"Use http[RFC7231] (insecure) to retrieve SBOM information.
This method is NOT RECOMMENDED, but may be unavoidable for
certain classes of deployment, where TLS has not or
cannot be implemented";
}
identity https {
base mudtx:local-type;
description
"Use https (secure) to retrieve SBOM information. See
RFC 9110.";
}
identity coap {
base mudtx:local-type;
description
"Use COAP [RFC7252] (insecure) to retrieve SBOM. This method
is NOT RECOMMENDED, although it may be unavoidable
for certain classes of implementations/deployments.";
}
identity coaps {
base mudtx:local-type;
description
"Use COAPS (secure) to retrieve SBOM [RFC7252]";
}
grouping transparency-extension {
description
"This grouping provides a means to describe the location of
software bills of material and vulnerability descriptions.";
container transparency {
description
"Container of methods to get SBOMs and vulnerability
information.";
choice sbom-retrieval-method {
description
"How to find SBOM information";
case cloud {
list sboms {
key "version-info";
description
"A list of SBOMs tied to different software
or hardware versions.";
leaf version-info {
type string;
description
"The version to which this SBOM refers.";
}
leaf sbom-url {
type inet:uri {
pattern '((coaps?)|(https?)):.*';
}
description
"A statically located URL.";
}
}
}
case local-well-known {
leaf sbom-local-well-known {
type identityref {
base mudtx:local-type;
}
description
"Which communication protocol to choose.";
}
}
case sbom-contact-info {
leaf sbom-contact-uri {
type inet:uri {
pattern '((mailto)|(https?)|(tel)):.*';
}
description
"This MUST be either a tel, http, https, or
mailto uri schema that customers can use to
contact someone for SBOM information.";
}
}
}
leaf sbom-archive-list {
type inet:uri;
description
"This URI returns a JSON list of URLs that consist of
SBOMs that were previously published for this
device. Publication dates can be found inside
the SBOMs.";
}
choice vuln-retrieval-method {
description
"How to find vulnerability information";
case cloud {
leaf vuln-url {
type inet:uri;
description
"A statically located URL that references
vulnerability information";
}
}
case vuln-contact-info {
leaf vuln-contact-uri {
type inet:uri {
pattern '((mailto)|(https?)|(tel)):.*';
}
description
"This MUST be either a tel, http, https, or
mailto uri schema that customers can use to
contact someone for vulnerability information.";
}
}
}
}
}
augment "/mud:mud" {
description
"Add extension for software transparency.";
uses transparency-extension;
}
}