Request reserved namespace prefix "ibm"

[mrutkows]

On behalf of IBM, I kindly request to reserve the namespace 'ibm' for use in IBM produced public SBOMs.

Namespace to be reserved

Namespace	Description	URN equivalent
ibm	Namespace for use in IBM SBOM's within property name field values	urn:ibm:names

Planned usage

Currently, we plan to use this as an alias (short form) for our current URN (i.e., urn:ibm:names) to add/associate domain specific information such as:

• IBM product and deliverable IDs to component properties
• additional scan/internal tooling/classification information to component properties
• risk and confidence scoring information to component properties
• legal (usage, coverage) disclaimers to metadata properties for customers

Goal: Simplification

Reduction in length of property name value:

{
"name": "urn:ibm:names:identifier:product",
"value": "5737-I23"
} 

would be simplified to:

{
"name": "ibm:identifier:product",
"value": "5737-I23"
} 

Note It is my hope we support URN syntax as well (and update the ABNF for package names correspondingly). See issue: #9

[stevespringett]

@coderpatros How do you want to handle urns?

IMO, the urn should be optional as to provide backward compatibility, but should be recommended. Thoughts?

[coderpatros]

I think we should reserve the usage of the "urn" namespace for URNs. I can update the ABNF to support both.

[jkowalleck]

@coderpatros no need to update the ABNF, as long as the namespace is reserved, i guess. will open a PR soon.

regarding urn support in ABNF - this would be an own topic, right? see #9