CycloneDX
diff --git a/‎schema/bom-1.5.proto‎
Lines changed: 12 additions & 2 deletions b/‎schema/bom-1.5.proto‎
Lines changed: 12 additions & 2 deletions
diff --git a/‎schema/bom-1.5.schema.json‎
Lines changed: 47 additions & 6 deletions b/‎schema/bom-1.5.schema.json‎
Lines changed: 47 additions & 6 deletions
diff --git a/‎schema/bom-1.5.xsd‎
Lines changed: 54 additions & 3 deletions b/‎schema/bom-1.5.xsd‎
Lines changed: 54 additions & 3 deletions
@@ -122,11 +122,19 @@ message Component {
 }
 
 // Specifies the data classification.
-message DataClassification {
+message DataClassification { // This is actually the data flow, but unable to change the name due to backward compatability
   // Specifies the flow direction of the data.
   DataFlow flow = 1;
-  // SimpleContent value of element
+  // Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed.
   string value = 2;
+  // Name for the defined data
+  optional string name = 3;
+  // Short description of the data content and usage
+  optional string description = 4;
+  // The URI, URL, or BOM-Link of the components or services the data came in from
+  repeated string source = 5;
+  // The URI, URL, or BOM-Link of the components or services the data is sent to
+  repeated string destination = 6;
 }
 
 // Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known.
@@ -461,6 +469,8 @@ message Service {
   repeated Property properties = 14;
   // Specifies optional release notes.
   optional ReleaseNotes releaseNotes = 15;
+  // The name of the trust zone the service resides in.
+  optional string trustZone = 16;
 }
 
 message Swid {
 
@@ -1145,12 +1145,17 @@
           "title": "Crosses Trust Boundary",
           "description": "A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed."
         },
+        "trustZone": {
+          "type": "string",
+          "title": "Trust Zone",
+          "description": "The name of the trust zone the service resides in."
+        },
         "data": {
           "type": "array",
           "additionalItems": false,
-          "items": {"$ref": "#/definitions/dataClassification"},
-          "title": "Data Classification",
-          "description": "Specifies the data classification."
+          "items": {"$ref": "#/definitions/dataFlow"},
+          "title": "Data",
+          "description": "Specifies the data flow, classification, and other relevant information."
         },
         "licenses": {
           "type": "array",
@@ -1192,7 +1197,7 @@
         }
       }
     },
-    "dataClassification": {
+    "dataFlow": {
       "type": "object",
       "title": "Hash Objects",
       "required": [
@@ -1202,18 +1207,54 @@
       "additionalProperties": false,
       "properties": {
         "flow": {
-          "$ref": "#/definitions/dataFlow",
+          "$ref": "#/definitions/dataFlowDirection",
           "title": "Directional Flow",
           "description": "Specifies the flow direction of the data. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known."
         },
         "classification": {
           "type": "string",
           "title": "Classification",
           "description": "Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed."
+        },
+        "name": {
+          "type": "string",
+          "title": "Name",
+          "description": "Name for the defined data",
+          "examples": [
+            "Credit card reporting"
+          ]
+        },
+        "description": {
+          "type": "string",
+          "title": "Description",
+          "description": "Short description of the data content and usage",
+          "examples": [
+            "Credit card information being exchanged in between the web app and the database"
+          ]
+        },
+        "source": {
+          "type": "array",
+          "additionalItems": false,
+          "items": {
+            "type": "string",
+            "format": "iri-reference"
+          },
+          "title": "Source",
+          "description": "The URI, URL, or BOM-Link of the components or services the data came in from"
+        },
+        "destination": {
+          "type": "array",
+          "additionalItems": false,
+          "items": {
+            "type": "string",
+            "format": "iri-reference"
+          },
+          "title": "Destination",
+          "description": "The URI, URL, or BOM-Link of the components or services the data is sent to"
         }
       }
     },
-    "dataFlow": {
+    "dataFlowDirection": {
       "type": "string",
       "enum": [
         "inbound",
 
@@ -1544,15 +1544,66 @@ limitations under the License.
                         A value of false indicates that by using the service, a trust boundary is not crossed.</xs:documentation>
                 </xs:annotation>
             </xs:element>
+            <xs:element name="trustZone" type="xs:string" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>The name of the trust zone the service resides in.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
             <xs:element name="data" minOccurs="0" maxOccurs="1">
                 <xs:complexType>
-                    <xs:sequence minOccurs="0" maxOccurs="unbounded">
-                        <xs:element name="classification" type="bom:dataClassificationType">
+                    <xs:choice>
+                        <xs:sequence minOccurs="0" maxOccurs="unbounded">
+                            <xs:element name="classification" type="bom:dataClassificationType">
+                                <xs:annotation>
+                                    <xs:documentation>DEPRECATED: Specifies the data classification. THIS FIELD IS DEPRECATED AS OF v1.5. Use dataflow\classification instead</xs:documentation>
+                                </xs:annotation>
+                            </xs:element>
+                        </xs:sequence>
+                        <xs:element name="dataflow" minOccurs="0" maxOccurs="unbounded">
                             <xs:annotation>
                                 <xs:documentation>Specifies the data classification.</xs:documentation>
                             </xs:annotation>
+                            <xs:complexType>
+                                <xs:sequence minOccurs="0" maxOccurs="1">
+                                    <xs:element name="classification" type="bom:dataClassificationType" minOccurs="0" maxOccurs="1">
+                                        <xs:annotation>
+                                            <xs:documentation>Specifies the data classification.</xs:documentation>
+                                        </xs:annotation>
+                                    </xs:element>
+                                    <xs:element name="name" type="xs:string" minOccurs="0" maxOccurs="1">
+                                        <xs:annotation>
+                                            <xs:documentation>Name for the defined data.</xs:documentation>
+                                        </xs:annotation>
+                                    </xs:element>
+                                    <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1">
+                                        <xs:annotation>
+                                            <xs:documentation>Short description of the data content and usage.</xs:documentation>
+                                        </xs:annotation>
+                                    </xs:element>
+                                    <xs:element name="source" minOccurs="0" maxOccurs="1">
+                                        <xs:annotation>
+                                            <xs:documentation>The URI, URL, or BOM-Link of the components or services the data came in from.</xs:documentation>
+                                        </xs:annotation>
+                                        <xs:complexType>
+                                            <xs:sequence minOccurs="0" maxOccurs="unbounded">
+                                                <xs:element name="url" type="xs:anyURI"/>
+                                            </xs:sequence>
+                                        </xs:complexType>
+                                    </xs:element>
+                                    <xs:element name="destination" minOccurs="0" maxOccurs="1">
+                                        <xs:annotation>
+                                            <xs:documentation>The URI, URL, or BOM-Link of the components or services the data is sent to.</xs:documentation>
+                                        </xs:annotation>
+                                        <xs:complexType>
+                                            <xs:sequence minOccurs="0" maxOccurs="unbounded">
+                                                <xs:element name="url" type="xs:anyURI"/>
+                                            </xs:sequence>
+                                        </xs:complexType>
+                                    </xs:element>
+                                </xs:sequence>
+                            </xs:complexType>
                         </xs:element>
-                    </xs:sequence>
+                    </xs:choice>
                 </xs:complexType>
             </xs:element>
             <xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/>