[ main >> JVNRSS 1.0 ]

JVNRSS - JP Vendor Status Notes RDF Site Summary

Abstract

JVNRSS is based on RDF Site Summary (RSS) 1.0 and use the field <dc:relation> of Dubline Core as index of grouping security information.
JVNRSS with the Relational ID in <dc:relation> is shown.

<item rdf:about="URL of security information">
 <title>Title</title>
 <link>URL of security information</link>
 <dscription>Outline of security information</description>
  <dc:publisher>Product vendor name</dc:publisher>
  <dc:creator>Contact point information</dc:creator> 
  <dc:identifier>Security information ID</dc:identifier> 
  <dc:relation>Relational ID (1) {CVE|CERT-CA|CERT-VU|etc.}</dc:relation>
  <dc:relation>Relational ID (2) {CVE|CERT-CA|CERT-VU|etc.}</dc:relation>
  <dc:relation>          :          :          </dc:relation>
  <dc:date>Date last updated</dc:date>
  <dcterms:issued>Date first published</cterms:issued>
  <dcterms:modified>Date last updated</dcterms:modified>
</item>

JVNRSS contains a list of items, each of which is identified by a link. Each item can have any amount of metadata associated with it. The most basic metadata supported by RSS includes a title for the link and a description of it. And our proposal Relational ID allows the security information on the different sites to relate each other. The URL of major references such as Common Vulnerability Exposure (CVE), CERT Advisory (CERT-CA), CERT Vulnerability Notes (CERT-VU, US-CERT Vulnerability Notes), US-CERT Technical Alert and CIAC Bulletin are used as Relational ID. These are best reference URL for Internet security information.

Authors

The members of JVNRSS Feasibility Study Team:

Masato Terada (IPA, JPCERT/CC)
JVN Working Group (JPCERT/CC, IPA)

Version

Latest Version
http://jvnrss.ise.chuo-u.ac.jp/jtg/jvnrss/
V1.0 2005-09-09
http://jvnrss.ise.chuo-u.ac.jp/jtg/jvnrss/1.0/
V1.0alpha 2003-07-15
http://jvn.doi.ics.keio.ac.jp/rss/index.html (in Japanese)

Status

Comments should be directed to the JVN Working Group.

Rights

Copyright © 2006 by the Authors.

Permission to use, copy, modify and distribute the JVNRSS 1.0 Specification and its accompanying documentation for any purpose and without fee is hereby granted in perpetuity, provided that the above copyright notice and this paragraph appear in all copies. The copyright holders make no representation about the suitability of the specification for any purpose. It is provided "as is" without expressed or implied warranty.

This copyright applies to the JVNRSS 1.0 Specification and accompanying documentation and does not extend to the JVNRSS format itself.

Table of Contents

1. Overview
2. Syntax
3. Examples
4. Resources
5. Acknowledgements

1. Overview

2. Syntax

Notation:
In the following element descriptions, the following notation is used:

2.1 <rdf:RDF>

The opening RDF tag assocaties the rdf: namespace prefix with the RDF syntax schema, establishes the RSS 1.0 schema, Dublin Core and Qualified Dublin Core as the default namespace for the document.

Syntax: <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://purl.org/rss/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dcterms="http://purl.org/dc/terms/" >
Requirement: Required exactly as shown, aside from any additional namespace declarations
Model: (channel, image?, item+, textinput?)

2.2 <channel>

The channel element contains metadata describing the channel of secuiry information itself, including a title, brief description, and URL link to the described resource.

Syntax: <channel rdf:about="{resource (URI of security information channel) }">
Requirement: Required
Required Attribute(s): rdf:about
Model: (title, link, description, image?, items, textinput? dc:publisher, dc:creator, dc:rights?, dc:date, dcterms:issued?, dcterms:modified?)
Example:

<channel rdf:about="http://jvn.jp/rss/jvn.rdf"> [Required]
 <title>JVNRSS Feed - Update Entry</title> [Required]
 <link>http://jvn.jp/</link> [Required]
 <description>JVN What's New</description> [Required]
 <dc:publisher>JVNRSS Feasibility Study Team</dc:publisher> [Required]
 <dc:creator>jvn@jvn.jp</dc:creator> [Required]
 <dc:right>Copyright © 2006 by the Authors.</dc:right> [Optional]
 <dc:date>2006-04-03T10:04+09:00</dc:date> [Required]
 <dcterms:issued /> [Optional]
 <dcterms:modified>2006-04-03T10:04+09:00</dcterms:modified> [Optional]
 <items>
  <rdf:Seq>
   <rdf:li rdf:resource="http://jvn.jp/cert/JVNVU%23834865" /> [Required]
   <rdf:li rdf:resource="http://jvn.jp/cert/JVNTA06-062A" /> [Required]
  </rdf:Seq>
 </items>
</channel>

2.2.1 <title>

A descriptive title for the channel of security information.

Syntax: <title>{channel_title (Title of security information channel) }</title>
Requirement: Required
Model: (#PCDATA)

2.2.2 <link>

The URL to which an HTML rendering of the channel title will link, commonly the parent site's security information page.

Syntax: <link>{channel_link (URL of security information page) }</link>
Requirement: Required
Model: (#PCDATA)

2.2.3 <description>

A brief description of the channel of security information.

Syntax: <description>{channel_description (Outline of security information) }</description>
Requirement: Required
Model: (#PCDATA)

2.2.4 <dc:publisher>

An organization name (typically product vendor name) responsible for making the security information available.

Syntax: <dc:publisher>{channel_dc:publisher (product vendor name) }</dc:publisher>
Requirement: Required
Model: (#PCDATA)

2.2.5 <dc:creator>

A Contact point information (email address is recommended) responsible for making the security information available.

Syntax: <dc:creator>{channel_dc:creator (Contact point information) }</dc:creator>
Requirement: Required
Model: (#PCDATA)

2.2.6 <dc:rights>

Information about rights held in and over the security information.

Syntax: <dc:rights>{channel_dc:rights}</dc:rights>
Requirement: Optional
Model: (#PCDATA)

2.2.7 <dc:date>

This is the date the security information was last updated. This date is also updated when a vendor security information document changes.

Syntax: <dc:date>{channel_dc:date}</dc:date>
Requirement: Required
Model: (#PCDATA) [W3CDTF]
Recommendation: Complete date plus hours and minutes: YYYY-MM-DDThh:mmTZD (eg 1997-07-16T19:20+01:00) (See W3CDTF: Date and Time Formats)

2.2.8 <dcterms:issued>

This is the date when an organization (typically product vendor) first published the security information. This date should be the date public or later.

Syntax: <dcterms:issued>{channel_dcterms:issued}</dcterms:issued>
Requirement: Optional
Model: (#PCDATA) [W3CDTF]
Recommendation: Complete date plus hours and minutes: YYYY-MM-DDThh:mmTZD (eg 1997-07-16T19:20+01:00) (See W3CDTF: Date and Time Formats)

2.2.9 <dcterms:modified>

This is the date the security information was last updated. This date is also updated when a vendor security information document changes.

Syntax: <dcterms:modified>{channel_dcterms:modified}</dcterms:modified>
Requirement: Optional
Model: (#PCDATA) [W3CDTF]
Recommendation: Complete date plus hours and minutes: YYYY-MM-DDThh:mmTZD (eg 1997-07-16T19:20+01:00) (See W3CDTF: Date and Time Formats)

2.2.10 <items>

An RDF table of contents, associating the document's items [2.3] with this particular JVNRSS channel. Each item's rdf:resource {item_uri} must be the same as the associated item element's rdf:about {item_uri}.

Syntax: <items><rdf:Seq><rdf:li resource="{item_uri}" /> ... </rdf:Seq></items>
Requirement: Required

2.3 <item>

A security information headline. {item_uri} must be unique with respect to any other rdf:about attributes in the JVNRSS document and is a URI which identifies the item.

Syntax: <item rdf:about="{item_uri (URL of Product vendor security information) }">
Requirement: >= 1
Required Attribute(s): rdf:about
Model: (title, link, description?, dc:publisher, dc:identifier?, dc:relation, dc:date, dcterms:issued?, dcterms:modified?)
Example:

<item rdf:about="http://jvn.jp/cert/JVNVU%23834865">
 <title>Sendmail contains a race condition</title>
 <link>http://jvn.jp/cert/JVNVU%23834865</link>
 <description>A race condition in Sendmail may allow a remote attacker 
 to execute arbitrary code.</description>
 <dc:publisher>JVNRSS Feasibility Study Team</dc:publisher>
 <dc:creator>jvn@jvn.jp</dc:creator>
 <dc:identifier>JVNVU#834865</dc:identifier>
 <dc:relation>http://www.us-cert.gov/cas/techalerts/TA06-081A.html</dc:relation>
 <dc:relation>http://www.kb.cert.org/vuls/id/834865</dc:relation>
 <dc:relation>http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-0058</dc:relation>
 <dc:date>2006-04-03T10:30+09:00</dc:date>
 <dcterms:issued>2006-03-23T04:00+09:00</dcterms:issued>
 <dcterms:modified>2006-04-03T10:30+09:00</dcterms:modified>
</item>

2.3.1 <title>

The item's title for security information.

Syntax: <title>{item_title (Title of Product vendor security information) }</title>
Requirement: Required
Model: (#PCDATA)

2.3.2 <link>

The item's URL for security information.

Syntax: <link>{item_link}</link>
Requirement: Required
Model: (#PCDATA)

2.3.3 <description>

A brief description/abstract of the item for security information.

Syntax: <description>{item_description (Outline of Product vendor security information) }</description>
Requirement: Optional
Model: (#PCDATA)

2.3.4 <dc:publisher>

A product vendor name, an organization name , or a site name for the item for security information.

Syntax: <dc:publisher>{Product vendor name}</dc:publisher>
Requirement: Required
Model: (#PCDATA)

2.3.5 <dc:creator>

An entity primarily responsible for making the content of the resource. Typically, the name of a Creator should be email address for contact.

Syntax: <dc:creator>{Contact point information}</dc:creator>
Requirement: Optional
Model: (#PCDATA)

2.3.6 <dc:identifier>

A unique identifier assigned by vendor.

Syntax: <dc:identifier>{Security information ID assigned by vendor}</dc:identifier>
Requirement: Optional
Model: (#PCDATA)

2.3.7 <dc:relation>

A best reference URI (CVE, CERT Advisory, CERT Vulnerability Note, US-CERT Technical Alert etc.) to a related security information.

Syntax: <dc:relation>{Relational ID}</dc:relation>
Requirement: Required
Model: (#PCDATA)
Comment:

2.3.8 <dc:date>

Its value is a date, indicating when the item was last updated.

Syntax: <dc:date>{Date last updated}</dc:date>
Requirement: Required
Model: (#PCDATA) [W3CDTF]
Recommendation: Complete date plus hours and minutes: YYYY-MM-DDThh:mmTZD (eg 1997-07-16T19:20+01:00) (See W3CDTF: Date and Time Formats)

2.3.9 <dcterms:issuede>

Its value is a date, indicating when the item was first published.

Syntax: <dcterms:issued>{Date first published}</dcterms:issued>
Requirement: Optional
Model: (#PCDATA) [W3CDTF]
Recommendation: Complete date plus hours and minutes: YYYY-MM-DDThh:mmTZD (eg 1997-07-16T19:20+01:00) (See W3CDTF: Date and Time Formats)

2.3.10 <dcterms:modified>

Its value is a date, indicating when the item was last updated.

Syntax: <dcterms:modified>{Date last updated}</dcterms:modified>
Requirement: Optional
Model: (#PCDATA) [W3CDTF]
Recommendation: Complete date plus hours and minutes: YYYY-MM-DDThh:mmTZD (eg 1997-07-16T19:20+01:00) (See W3CDTF: Date and Time Formats)

3. Examples

A basic JVNRSS 1.0 document, making use of the core RSS 1.0, Dublin Core and Qualified Dublin Core element set.

<?xml version="1.0" encoding="UTF-8" ?>

<rdf:RDF
  xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
  xmlns="http://purl.org/rss/1.0/"
  xmlns:dc="http://purl.org/dc/elements/1.1/"
  xmlns:dcterms="http://purl.org/dc/terms/"
  xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
  xml:lang="en">

 <channel rdf:about="http://jvn.jp/rss/jvn.rdf">
  <title>JVNRSS Feed - Update Entry</title>
  <link>http://jvn.jp/</link>
  <description>JVN What's New</description>
  <dc:publisher>JVNRSS Feasibility Study Team</dc:publisher>
  <dc:creator>jvn@jvn.jp</dc:creator>
  <dc:right>Copyright © 2006 by the Authors.</dc:right>
  <dc:date>2006-04-03T10:04+09:00</dc:date>
  <dcterms:issued />
  <dcterms:modified>2006-04-03T10:04+09:00</dcterms:modified>
  <items>
   <rdf:Seq>
    <rdf:li rdf:resource="http://jvn.jp/cert/JVNVU%23834865" />
    <rdf:li rdf:resource="http://jvn.jp/cert/JVNTA06-062A" />
   </rdf:Seq>
  </items>
 </channel>

 <item rdf:about="http://jvn.jp/cert/JVNVU%23834865">
  <title>Sendmail contains a race condition</title>
  <link>http://jvn.jp/cert/JVNVU%23834865</link>
  <description>A race condition in Sendmail may allow a remote attacker 
  to execute arbitrary code.</description>
  <dc:publisher>JVNRSS Feasibility Study Team</dc:publisher>
  <dc:creator>jvn@jvn.jp</dc:creator>
  <dc:identifier>JVNVU#834865</dc:identifier>
  <dc:relation>http://www.us-cert.gov/cas/techalerts/TA06-081A.html</dc:relation>
  <dc:relation>http://www.kb.cert.org/vuls/id/834865</dc:relation>
  <dc:relation>http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-0058</dc:relation>
  <dc:date>2006-04-03T10:30+09:00</dc:date>
  <dcterms:issued>2006-03-23T04:00+09:00</dcterms:issued>
  <dcterms:modified>2006-04-03T10:30+09:00</dcterms:modified>
 </item>

 <item rdf:about="http://jvn.jp/cert/JVNTA06-062A">
  <title>Apple Mac Products are Affected by Multiple Vulnerabilities</title>
  <link>http://jvn.jp/cert/JVNTA06-062A</link>
  <description>Apple has released Security Update 2006-001 to correct 
  multiple vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web browser, 
  and other products. The most serious of these vulnerabilities may allow a remote 
  attacker to execute arbitrary code. Impacts of other vulnerabilities include 
  bypassing security restrictions and denial of service.</description>
  <dc:publisher>JVNRSS Feasibility Study Team</dc:publisher>
  <dc:creator>jvn@jvn.jp</dc:creator>
  <dc:identifier>JVNTA06-062A</dc:identifier>
  <dc:relation>http://www.us-cert.gov/cas/techalerts/TA06-062A.html</dc:relation>
  <dc:relation>http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-0848</dc:relation>
  <dc:relation>http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-4504</dc:relation>
  <dc:relation>http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-0387</dc:relation>
  <dc:date>2006-03-15T17:30+09:00</dc:date>
  <dcterms:issued>2006-03-06T11:00+09:00</dcterms:issued>
  <dcterms:modified>2006-03-15T17:30+09:00</dcterms:modified>
 </item>

</rdf:RDF>

4. Resources

5. Acknowledgements

JVNRSS Feasibility Study Team thanks the following for working with us for all their continued discussion and input.