Regid Validation

The First Step To Authoritative Software Identification

Organizations joining TagVault.org start the process by creating a registration identifier (regid).  The regid is a unique and consistent identifier for an organization at a specific point in time. (Time is important because regids include domain names, which can be transferred between organizations.) An organization’s regid is used in many places, such as in software identification tags (SWID tags). The regid ensures that every reference to an organization will always be exactly the same – making security, software asset management (SAM) and logistics reporting and management processes much easier. After an organization creates its regid, it sends it to TagVault.org for inclusion in the validation database.

Regids have multiple uses in the software identification  market.  The use of regids enables SAM tool and service providers to:

 

  • regidDetermine the genealogical history of a software title through acquisitions, mergers and divestitures
  • Highlight that a tag creator is a different entity from the software licensor (this can be appropriate, where third parties are legitimately creating SWID tags)
  • Identify all software titles that come from one software publisher, even where those software titles may come from different development organizations within the software publisher
  • Ensure the identifier for a software title is unique across the entire software market
  • Ensure that authoritative (digitally signed) SWID tags can be attributed without qulification to their source.

TagVault.org-validated Regids Are Stronger

TagVault.org strengthens the definition of regid provided by the ISO/IEC 19770-2 standard.  The standard defined regids without the expectation that a registration authority would be available, which offered easier industry adoption but did not provide the level of structure required to ensure consistency. With TagVault.org acting as a registration authority, the regid definition can be strengthened to mandate consistency, without adversely affecting industry adoption of the standard.
Let’s look at an example regid using Symantec as our example organization.

A regid consists of:

  • The tag regid
  • A period (.) separator .
  • The date at which the entity creating the regid first owned the domain that is also used in the regid in year-month format: 1992-12
  • A period (.) separator .
  • The domain of the entity, in reverse order: com.symantec
Symantec’s base regid is therefore regid.1992-12.com.symantec.

The standard allows for, but does not require, additional sub-entities that are added as a suffix to the above regid. These may look as follows:

regid.1992-12.com.symantec,Altiris
regid.1992-12.com.symantec,Norton

Using this approach, companies can allow for many different namespaces to be used within the organization providing any level flexibility required while still ensuring consistency and allowing tag consumers to roll-up all the various sub-entities into one main regid for the reporting purposes.

Join TagVault.org now to support the benefits of standardized software identification.