You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+17-14Lines changed: 17 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,13 +14,10 @@ formed - TC54 TG1. The working group has a slack channel in the CycloneDX slack
14
14
15
15
16
16
17
-
## Status of the standard: Beta 1
17
+
## Status of the standard: Beta 2
18
18
19
-
TEA is now in beta 1. This beta focuses on the consumer side of the API. Work on the
20
-
publisher API will start after the beta. The idea is to get implementation feedback
21
-
early on the current specification in order to move forward towards a first official
22
-
version of the standard. Feedback will be gathered in the Hackathon at OWASP AppSec
23
-
Global in Barcelona May 28 as well as in the meetings and slack channel.
19
+
TEA is now in beta 2. This beta focuses on ready-to-implement consumer side of the API. Work on the
20
+
publisher API will start after the 1.0 release.
24
21
25
22
We encourage developers to start with both client and server implementations of TEA and
26
23
participate in interoperability tests. These will be organised both as hackathons and
@@ -29,19 +26,25 @@ informally using the Slack channel.
29
26
There will likely be multiple beta releases. We will announce these by adding new
30
27
tags in the repository as well as in the slack channel.
31
28
29
+
Priority issues for Beta 3:
30
+
- Refinement of distribution types and distributionType fields, see https://github.com/CycloneDX/transparency-exchange-api/issues/198
31
+
- CLE Spec needs to be integrated in TEA
32
+
- E2e poc of authn/z workflow with TEA consumer spec, including consumer spec adjustment to better support authn/z
33
+
- Compliance document workflow, see https://github.com/CycloneDX/transparency-exchange-api/issues/205
34
+
32
35
## Introduction
33
36
34
37
This specification defines a standard, format agnostic, API for the exchange of
35
-
product related artifacts, like BOMs, between systems. The work includes:
38
+
product related artefacts, like BOMs, between systems. The work includes:
36
39
37
40
-[Discovery of servers](/discovery/readme.md): Describes discovery using the Transparency Exchange Identifier (TEI)
38
-
- Retrieval of artifacts
39
-
- Publication of artifacts
41
+
- Retrieval of artefacts
42
+
- Publication of artefacts
40
43
- Authentication and authorization
41
44
- Querying
42
45
43
46
System and tooling implementors are encouraged to adopt this API standard for
44
-
sending/receiving transparency artifacts between systems.
47
+
sending/receiving transparency artefacts between systems.
45
48
This will enable more widespread
46
49
"out of the box" integration support in the BOM ecosystem.
47
50
@@ -56,13 +59,13 @@ The working group has produced a list of use cases and requirements for the prot
56
59
-[TEA Product Release](tea-product/tea-product-release.md): The primary entry point. The [Transparency Exchange Identifier, TEI](/discovery/readme.md) resolves to a specific Product Release. A Product Release may optionally belong to a [TEA Product](tea-product/tea-product.md).
57
60
-[TEA Product](tea-product/tea-product.md): An optional higher-level object that groups a set of Product Releases for a product line or family. Products can be discovered and browsed; releases are accessed via `/product/{uuid}/releases`.
58
61
-[TEA Component](tea-component/tea-component.md): Represents a component lineage. A Component is a collection of Component Releases (accessible via `/component/{uuid}/releases`).
59
-
-[TEA Release](/tea-component/tea-release.md: A Component Release object. Each Component Release may have its own TEA Collection.
62
+
-[TEA Release](/tea-component/tea-release.md): A Component Release object. Each Component Release may have its own TEA Collection.
60
63
-[TEA Collection](tea-collection/tea-collection.md): A versioned list of artefacts for a specific Release (Component Release) or Product Release. Collections are versioned to indicate changes, e.g., an updated VEX or corrected SBOM.
61
-
-[TEA Artefacts](tea-artifact/tea-artifact.md): Files associated with a Collection. A single Artefact can appear in multiple Collections.
64
+
-[TEA Artifacts](tea-artifact/tea-artifact.md): Files associated with a Collection. A single TEA Artifact can appear in multiple Collections. Note that a TEA Artifact is a named term introduced by the TEA standard.
62
65
63
-
## artifacts available of the API
66
+
## Artefacts available of the API
64
67
65
-
The Transparency Exchange API (TEA) supports publication and retrieval of a set of transparency exchange artifacts. The API itself should not be restricting the types of the artifacts. A few examples:
68
+
The Transparency Exchange API (TEA) supports publication and retrieval of a set of transparency exchange artefacts. The API itself should not be restricting the types of the artefacts. A few examples:
0 commit comments