What is a Software Identification Tag?
A software identification tag is an XML file that’s installed alongside software, and which uniquely identifies the software, providing data for software inventory and asset management.
With the introduction of industry-standard software identification tags, it becomes possible to automate the processes of gathering software inventory data for use in reporting and in other initiatives such as managing software entitlement compliance.
TagVault.org is building a repository of tags for legacy applications published and installed before the introduction of software identification tags, to extend the benefits of software identification tags to these legacy applications. The repository is available to members of TagVault.org.
Who Creates Software Identification Tags?
Software publishers create software identification tags for their software, using tools provided by TagVault.org, or their own proprietary tools that produce tags in the industry-standard format.
Software identification tags are certified and digitally-signed by TagVault.org, providing assurance to software consumers that the software they’ve received comes from the advertised publisher and has not been tampered with.
Software purchasing organizations can also create tags that are then deployed with every application that is processed through the desktop management system. These end-user tags can readily be distinguished from publisher tags to ensure there is no mistaken overlap between tags installed on a computing device.
Where Are Software Identification Tags Stored?
Software identification tags are stored on the computers on which software is installed. The standard allows for operating system vendors to specify where software identification tags are located. If the platform provider doesn’t specify a location, software identification tags are stored in commonly known shared locations such as:
- /Library/Application Support/ on Apple Macintosh OS X Leopard
- Application Directory//contents on Apple Macintosh OS X versions earlier than Leopard
- usr/share/ on UNIX and Linux
- %AllUsersProfile%\Application Data\ on Windows 2000, XP and Server 2003
- %Program Data%\ for Microsoft Vista and later and Microsoft Server 2008 and later
Software identification tag files have .swidtag file extensions for easy recognition.
How Are Software Identification Tags Protected From Tampering?
TagVault.org certifies software identification tags to validate that the publisher is a known entity and has followed the specified set of requirements for providing their software information.
TagVault.org also digitally signs specific elements of the software identification tag in a way that allows third party organizations to independently and authoritatively validate that the signed elements of the certified tag have not been modified. This provides confidence that software has not been tampered with.
I Am a Software Publisher. What Do I Need To Do?
In order to provide software identification tags with your software, you need to:
- Create a regid and have it certified by TagVault.org
- Create software identification tags for your software, and have them certified and digitally signed by TagVault.org
- Modify your distribution and installation processes to ensure that software identification tags are installed in an approved location when software is installed
TagVault.org, and your peer members, can help you with tools and processes if required.
I Am a Tools Provider. How Do I Work With Software Identification Tags?
The format and location of software identification tags is specified by the standard. You should purchase and familiarize yourself with the standard in order to determine how best to have your tools work with software identification tags.
TagVault.org’s members are provide additional resources to help you meet the needs of software consumers including government agencies, and SAM practitioners.
I Purchase, Install and Manage Software. What Do I Need To Do?
If you are responsible for software management in an organization, you need stronger methods of monitoring installations and comparing them against entitlements. Software identification tags are the key to automating these processes. As a software consumer, you can specify in purchasing contracts that you require software identification tags, to encourage uptake of this standard across the software industry.