Support for Hardware IDs

[prabhu]

Currently, there are no PURL equivalents for Hardware. The closest I could find were:

• Hardware IDs (Windows) - Some articles
• Bus/ID generated by hw-probe (Linux) - Example
• Model Identifier, Part Numbers, Board ID and DeviceID (Mac)

The proposal is to add hwid as an array attribute under component and let the user populate the same with array of strings.

[stevespringett]

See https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md

[prabhu]

@stevespringett are you proposing to use properties instead of a top-level id? It might be alright

[stevespringett]

There are many types of identifiers used in hardware devices. CycloneDX properties capture many of the common ones, but there are many industry-specific formats. For example UDI is required for medical devices in the U.S, but there are some challenges in terms of variants of the spec.

https://www.greenlight.guru/blog/udi-unique-device-identifiers-fda
https://www.greenlight.guru/blog/udi-101

I think in order to support hardware identifiers natively, we would need to a simple way to add initial support identifiers used in the most common industries along with the existing support for general identifiers in the property taxonomy, but also allow future identifers to easily be added, My initial thought on this is to use enumerations.

"components": [
  {
    "type": "device",
    "name": "my device",
    "hardwareProperties": {
      "identities": [
        { "type": "serialNumber", "value": "123456", "encoding": "TBD" },
        { "type": "gtin-14", "value": "12345678901234", "encoding": "TBD" }
      ]
    }
  }
]

Note, some hardware identifier schemes have optional or required encoding methods that should likely also be captured.