Currently we have identifiers on the following levels:
- TEA Product
- TEA Product Release
- TEA Component
- TEA Component Release
- TEA Distribution
- CLE Event
It would make sense to also add identifiers on the TEA Artifact level with addition of BOM specific identifier types, such as serialNumber for CycloneDX or documentNamespace / spdxId for SPDX.
To implement this, we would need to:
- Extend TEA Artifact type with list of identifiers
- Provide API to perform direct search for TEA Artifacts based on identifier
Note: while BOM standards may assume that document identifiers are globally unique, we may not have such assumptions from the perspective of TEA (see #217 ) - therefore, we always assume that everything is essentially namespaced by a particular TEA Server, where uniqueness can actually be guaranteed.
Currently we have identifiers on the following levels:
It would make sense to also add identifiers on the TEA Artifact level with addition of BOM specific identifier types, such as
serialNumberfor CycloneDX ordocumentNamespace/spdxIdfor SPDX.To implement this, we would need to:
Note: while BOM standards may assume that document identifiers are globally unique, we may not have such assumptions from the perspective of TEA (see #217 ) - therefore, we always assume that everything is essentially namespaced by a particular TEA Server, where uniqueness can actually be guaranteed.