TagVault.org is a non-profit organization designed to help organizations in the software industry work together in order to maximize the value of software identification (SWID) tags. TagVault.org is ensuring consistency in tag data across products, publishers and platforms while lowering the overall cost to include certified tags in any software product.
TagVault.org relies on the program’s members to drive the requirements of certified SWID tags as well as the tools, services, documentation and support provided by the organization. TagVault.org is providing the necessary forum for software publishers and software consumers to work together to resolve software identification, license reconciliation and auditing issues that have grown more complex and contentious over the years. TagVault.org is providing these capabilities through multiple related efforts which include official working groups:
- Developing software to create, certify, store and validate SWID tags. The software as well as the source code is provided to TagVault.org members depending on membership level and is also available for purchase for those organizations who do not have the appropriate level of membership.
- Developing training, documentation and support services to help organizations understand the requirements for creating, certifying and using software identification tags. Services such as providing the ability to certify SWID tags and to digitally sign the data in certified tags ensures the software market receives SWID tags that meet a specified level of compliance.
- Bringing the industry members together to work on specific areas of interest. This is done by the formation of TagVault.org working groups. The structure and operation of working groups is defined in the TagVault.org bylaws. Basically, a working group is formed by a vote from the TagVault.org board of directors to approve a working group charter. The charter indicates what role a working group has within the organization and what work products are expected from the group’s efforts.
This article focuses on the third item on the list – working groups. The article will focus on the existing working groups as of October 30, 2016.
TagVault.org Working Groups
Any TagVault.org member above the adopter level may join working groups provided they meet the participation details as specified in the charter.
As of October 30, 2016, TagVault.org has a number of active working groups and two working groups under formation. These working groups, as well as the details specified in the charter for the working group, are provided below:
Tag Signing Working Group
This group is Chartered to have primary responsibility for developing interoperability guidance and supporting documentation for SWID tag implementers and users that details how tags should be digitally signed and validated. Participation is open to all members of TagVault.org and also to non-members of TagVault.org who are both working on behalf of a member of TagVault.org and providing unique technical expertise to the working groups design and decision-making activities. The main work expected to be completed is the following, although subject to revision by the WG:
- Specification of technical procedures for digitally signing and certifying SWID tags
- Specification of technical procedures for validating SWID tag digital signatures
- Preparation of interoperability guidance and supporting documentation for SWID tag implementers and users that details how tags should be digitally signed and validated
Certified SWID Tag Requirements
This group voted on and unanimously approved the certification requirements for two levels of certified tags – base and asset management levels. See the press release on the publication of these requirements.
The charter specifies that this group shall have primary responsibility for the creation and publication of certification documents required to support the needs of the ITAM programs in place today within the General Services Administration (GSA) and the Office of the Secretary of Defense (OSD).
Data Value Registration
The SWID tag certification requirements provide a workflow diagram indicating how new data values are incorporated into the TagVault.org normalized values. Due to the ever-changing environment of the software market, the normalized values used by TagVault.org for certification purposes cannot be static. The process defined in the certification documentation and that will be applied as part of the TagVault.org repository includes updates that will be approved by the Data Value Registration group.
The charter for this working group specifies that the group shall have primary responsibility for defining and managing requests for new normalized data values.
End-users SWID Tags
End-users can utilize SWID tags today in order to realize an immediate return on investment. Agnitio Advisors has already published a white paper presenting the process and some of the returns that have been seen by organizations that utilize SWID tags. This working group is focused on defining specific details on how end-user organizations can implement SWID tags prior to publishers providing certified tags in their products.
The charter for this working group specifies that the group shall have primary responsibility for creating a PowerPoint presentation and supporting white paper that demonstrate a Return on Investment (ROI) for the implementation of end-user and certified SWID tags.
TagVault.org is establishing communications forums for use by all levels of membership as well as non-members. Before establishing the forums, the TagVault.org program is defining the structure of the forums as well as the process that will be used to define and manage the forums.
The charter for this working group specifies that the group shall have primary responsibility for defining the forum structure and management process for TagVault.org membership forums.
Publisher SWID Tags
Like the end-user community, software publishers need more than just tools and services to create and manage certified SWID tags. This working group has the responsibility to define the information publisher’s need to create SWID tags for use within their products, how to manage the installation and uninstallation of SWID tags, how to ensure all data elements are normalized and how to request updates to data values as required, etc. The expectation is that many of the software publishers involved in TagVault.org will provide details on what their teams require and how TagVault.org can develop training materials to best serve the requirements of the development community.
The charter for this working group specifies that the group shall have primary responsibility for the development of documentation for publishers detailing how publishers can comply with certification requirements.
Repository API and Architecture
With the release of the TagVault.org utilities as well both publisher and end-user interest in SWID tags, there is a clear need for a consistent and accessible repository. This repository will be accessible via a web browser as well having a web API that allows for redistribution of the repository data, registration and certification of tags, management of non-certified (end-user) tags etc.
The charter for this working group specifies that the group shall have primary responsibility for defining the Architecture and API’s for the TagVault.org Registry Services.
TagVault.org is a member driven organization, and it encourages members to participate in any and all working groups they are interested in helping. The bylaws indicate how the working group is run. Effectively the Board of Directors needs to approve any new working group and the working group needs to have a two thirds vote of approval for any materials that are published by TagVault.org.