XML Namespace Document for CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2

13 September 2017

Introduction

This document describes the XML namespace name declared in the specification CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2, CS01:

• http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/common
• http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf
• http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod
• http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln

Namespace URI Versioning Policy

It is the intent of the OASIS Common Security Advisory Framework (CSAF) TC that XML namespace names identified by URI references will not change arbitrarily with each subsequent revision of the corresponding WSDL or XML Schema documents but rather change only when a subsequent revision, published in conjunction with a Committee Specification Draft, results in non-backwardly compatible changes from a previously published Committee Specification Draft.

Under this policy, the following are examples of backwards compatible changes that would not result in assignment of a new namespace URI:

• addition of new global element, attribute, complexType and simpleType definitions
• addition of new operations within a WSDL portType or binding (along with the corresponding schema, message and part definitions)
• addition of new elements or attributes in locations covered by a previously specified wildcard
• modifications to the pattern facet of a type definition for which the value-space of the previous definition remains valid or for which the value-space of the preponderance of instance would remain valid
• modifications to the cardinality of elements for which the value-space of possible instance documents conformant to the previous revision of the schema would still be valid with regards to the revised cardinality rule

Related Resources for the CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2

Normative Reference:

XML Schemas: