#501 Add ISO 19770-2 software tags support

2.0 Series
open
nobody
General (119)
5
2010-11-16
2010-11-16
Mike Cooper
No

Please consider adding support for ISO 19770-2. This standard defines a standard format XML file describing the installation of a software product. It is used by Software Asset Management (SAM) software to discovery software and the details of the software.

Many government and large enterprise customers are beginning to require software be compliant to this standard.

More info on www.tagvault.org and www.iso.org.
mike

Discussion

  • Anders
    Anders
    2010-11-17

    Just to be clear, you want the official NSIS package to install this xml file, not for some kind of scripting support for generating this file in NSIS scripts?

     
  • Mike Cooper
    Mike Cooper
    2010-11-17

    I'm asking that NSIS scripts generate the .swidtag (xml) file when the NSIS script is installing a product. This obviously requires that the script creator add the variables required and optional SWTAG data to the NSIS script. What's needed is a means of allowing the script creator to specify the SWTAG data (name of product, version, vendor name, regid of the packer/software creator, license type, etc) in the NSIS script and then for the script to generate a properly formated .swidtag (XML) file.

     
  • Anders
    Anders
    2010-11-17

    There is nothing stopping you from creating a header file that helps people do this and either post it on the wiki or submit it as a patch. There is nothing in the compiler itself that needs to be changed to do this.

     
  • Stevek
    Stevek
    2010-11-18

    This is Steve Klos - I'm the person who managed the team that developed 19770-2 and I'm helping to create a community through TagVault.org that is focused on the development of normalized, registered and certified SWID tags by Software Publishers as well as community supported SWID tags that don't require certification. This work is being done to aide the software asset management, configuration management, patch management, and overall IT management of software installed on network devices throughout an organization.

    There are two things that I'd like to see installers do in this space.

    1) Provide a structured process for entering key data elements for SWID tags. Allow the installation processing to create the .swidtag file for the user. An example of the TagVault.org utility for tag creation can be found here: http://www.tagvault.org/tag_creation.

    2) Place the .swidtag file in the correct location for the platform. On a Windows 7 device, for example, the file is placed in c:\ProgramData\[regid for the organization]\filename.swidtag.

    Details on the locations, details of the regid and the filename can be found in the ISO/IEC standard 19770-2, they are also available in various forms on the TagVault.org website

    There will be a whitepaper on the end-user creation of SWID tags published on the TagVault.org website soon that will also provide some details on this subject. I wish I could post the standard itself, but ISO gets much of it's operational revenue through the sale of their standards, so it's not possible to distribute for free.

    If you are interested in more information, TagVault.org has a newsletter for SWID tags that's distributed once a month or so and is focused primarily on education. You can sign up by adding your name to the list on the top right side of the TagVault.org website.