Scribd Logo
Carica

Benvenuto in Scribd!

  • SupplyChain-SPDX OpenChain Hyperledger

    Caricato da

    Abhinav Garg
    38 visualizzazioni40 pagine
    SupplyChain-SPDX OpenChain Hyperledger(1)

    Titolo originale

    SupplyChain-SPDX OpenChain Hyperledger(1)

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    SupplyChain-SPDX OpenChain Hyperledger(1)

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    38 visualizzazioni40 pagine

    SupplyChain-SPDX OpenChain Hyperledger

    Caricato da

    Abhinav Garg
    SupplyChain-SPDX OpenChain Hyperledger(1)

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 40

    Solving the Supply Chain Puzzle

    with SPDX, OpenChain &


    Hyperledger
    Mark Gisi
    Sameer Ahmed
    Open Source Leadership Summit
    February 2017

    © 2015 Wind River. All Rights Reserved.


    across the
    Supply Chain
    Open Source
    in using

    Establish Trust
    The Challenge
    IoT/Embedded Device Requirement
     Most modern day devices are constructed from
    Value Add
    80%+ open source
     Device Runtime is governed > 100 licenses
    >80%
     Every shipping device requires open source Open Source
    compliance artifacts:
    i. Legal Notices document
    ii. Obligatory Source Code
    iii. Licensing data (SPDX)
    iv. Cryptography info
    v. Security Vulnerabilities
    :

    5 © 2015 Wind River. All Rights Reserved.


    Software Supply Chain

    Product
    Distributor

    6 © 2015 Wind River. All Rights Reserved.


    Software Supply Chain

    Product
    Distributor

    7 © 2015 Wind River. All Rights Reserved.


    IoT/Embedded Device Requirement

    8 © 2015 Wind River. All Rights Reserved.


     Linux Foundation’s solution to standardize licensing information
    exchange within the software supply chain

     Format for recording and sharing licensing and copyright


    information of a software package

    10 © 2015 Wind River. All Rights Reserved.


    Software Supply Chain

    Open Source
    Projects
    Device
    Distributor

    11 © 2015 Wind River. All Rights Reserved.


    Wind River Delivers SPDX data for Linux

     2012 - Wind River Linux 5


     2013 - Wind River Linux 6
     2014 - Wind River Linux 7
     2015 - Wind River Linux 8
    SPDX  2016 - Wind River Linux 9

    12 © 2015 Wind River. All Rights Reserved.


    BusyBox

    13 © 2015 Wind River. All Rights Reserved.


    Document Package File Other Licenses Relations Annotations

     SPDX Version
     Document Name
     Document Identifier
     Name Space
     Creator
     Created
    :
    :

    14 © 2015 Wind River. All Rights Reserved.


    Document Package File Other Licenses Relations Annotations

     Package Name
     Download Location
     Concluded License
     All Licenses From Files
     Declared License
    :
    :

    15 © 2015 Wind River. All Rights Reserved.


    Document Package File Other Licenses Relations Annotations

     File Name
     File Identifier
     File Checksum
     Concluded License
     License Info in File
     Copyright Text
    :
    :

    16 © 2015 Wind River. All Rights Reserved.


    Document Package File Other Licenses Relations Annotations

     Identifier
     License Text
     License Name
     License Comment
    :
    :

    17 © 2015 Wind River. All Rights Reserved.


    spdx.WindRiver.com
    SPDX
    COMPLIANCE
    ENVELOPE
    OpenChain is to open source license compliance what ISO 9001
    is to software quality

    Open Source Compliance Management End-to-End


    OpenChain Six Pillars
    Open Source SPDX
    Notices
    Source

    Policy Training Roles & Identify, Preparation of Community


    Responsibilities Review, Compliance Engagement
    Clear, Track Artifacts
     A Linux Foundation open source initiative
     Infrastructural support for blockchain-based distributed ledgers
     Plumbing analogous to Linux but for distributed ledgers
     Early Stage (one year old)
     A narrow focus – support for a supply chain ledgers

    24 © 2015 Wind River. All Rights Reserved.


    What is a Ledger?
    Financial Assest Ledgers
    Stock Asset Ledgers
    Vehicle Asset Ledgers
    Hours Worked Ledgers
    BlockChain Ledger Benefits
     Disintermediation - exchange w/o need of third party
     High quality data - complete, consistent, timely, accurate, & widely available
     Transparency and immutability - publicly viewable, transactions are immutable
     Durability, reliability, and longevity – no central point of failure, long lived
     Highly Secure

    31 © 2015 Wind River. All Rights Reserved.


    HyperLedger

    ...

    33 © 2015 Wind River. All Rights Reserved.


    Compliance Ledger

    Env-Router-5217 Router-5217
    Lx-52
    Drv-23

    Env-Lx-52
    spdx

    Src
    Env-Drv-23
    Env-Lx-52
    Env-Router-5217
    Env-Drv-23
    spdx

    Src

    Src

    34 © 2015 Wind River. All Rights Reserved.


    Envelope Ledger
    Env-Router-5217
    Envelope ID Org Action Artifacts
    create Src
    Env-Drv-23 Intel-ID

    Env-Lx-52

    spdx
    Src
    Env-Lx-52 WR-ID create
    spdx

    Src
    Env-Drv-23

    spdx
    Src
    Env-Router-5217 ITech-ID create
    Env-Drv-23
    Env-Lx-52
    spdx

    Src

    WR-ID

    spdx
    Env-Drv-23 add
    spdx

    Src

    35 © 2015 Wind River. All Rights Reserved.


    Compliance Ledger

    Compliance Ledger
    Dist-ID Org Action Software ID Envelope ID QR Code
    + Intel-ID release X-Driver 2.1 Env-Drv-23

    + WR-ID release WR Lx 9 Env-Lx-52

    + ITech-ID release Router 5217 Env-Router-5217

    36 © 2015 Wind River. All Rights Reserved.


    Env-Router-5217

    IniTech 5217 Router


    Env-Lx-52

    spdx
    Src

    Env-Drv-23

    spdx
    Src

    spdx
    Src

    Product
    Distributor

    37 © 2015 Wind River. All Rights Reserved.


    across the
    Supply Chain
    Open Source
    using

    Establish Trust
    Contact

    Mark.Gisi@WindRiver.com

    40 © 2015 Wind River. All Rights Reserved.

    Potrebbero piacerti anche