fixed schema and docs

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

schema/bom-1.7.proto

@@ -515,7 +515,7 @@ message Metadata {
   // The organization that created the BOM. Manufacturer is common in BOMs created through automated processes. BOMs created through manual means may have '.authors' instead.
   optional OrganizationalEntity manufacturer = 10;
   // The Traffic Light Protocol (TLP) classification that controls the sharing and distribution of the component that the BOM describes.
-  optional Tlp distribution = 11;
+  optional TlpClassification distribution = 11;
 }
 
 message Lifecycles {
@@ -677,17 +677,19 @@ message Swid {
   optional string url = 7;
 }
 
-// The Traffic Light Protocol (TLP) classification for the component that the BOM describes. TLP is a classification system for identifying the potential risk associated with artefact, including whether it is subject to certain types of legal, financial, or technical threats. Refer to https://www.first.org/tlp/ for further information. The default classification is `TLP_CLEAR`
-enum Tlp {
-  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `TLP_CLEAR` is our fallback, the default.
+// Traffic Light Protocol (TLP) is a classification system for identifying the potential risk associated with artefact, including whether it is subject to certain types of legal, financial, or technical threats. Refer to https://www.first.org/tlp/ for further information.
+//The default classification is "CLEAR"
+enum TlpClassification {
+  // The information is not subject to any restrictions as regards the sharing.
+  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- "CLEAR" is our fallback, the default.
   TLP_CLEAR = 0;
-  // Limited distribution but can be shared within a community.
+  // The information is subject to limited disclosure, and recipients can share it within their community but not via publicly accessible channels.
   TLP_GREEN = 1;
-  // Limited distribution but can be shared within an organization and with clients
+  // The information is subject to limited disclosure, and recipients can only share it on a need-to-know basis within their organization and with clients.
   TLP_AMBER = 2;
-  // Limited distribution but can be shared within an organization.
+  // The information is subject to limited disclosure, and recipients can only share it on a need-to-know basis within their organization.
   TLP_AMBER_AND_STRICT = 3;
-  // Restricted distribution to individual recipients and must not be shared.
+  // The information is subject to restricted distribution to individual recipients only and must not be shared.
   TLP_RED = 4;
 }
 

schema/bom-1.7.schema.json

@@ -721,23 +721,23 @@
       }
     },
     "tlpClassification": {
+      "title": "Traffic Light Protocol (TLP) Classification",
+      "description": "Traffic Light Protocol (TLP) is a classification system for identifying the potential risk associated with artefact, including whether it is subject to certain types of legal, financial, or technical threats. Refer to [https://www.first.org/tlp/](https://www.first.org/tlp/) for further information.\nThe default classification is \"CLEAR\"",
       "type" : "string",
       "default": "CLEAR",
-      "title": "Traffic Light Protocol (TLP) Classification",
-      "description": "The Traffic Light Protocol (TLP) classification for the component that the BOM describes. TLP is a classification system for identifying the potential risk associated with artefact, including whether it is subject to certain types of legal, financial, or technical threats. Refer to [https://www.first.org/tlp/](https://www.first.org/tlp/) for further information. The default classification is CLEAR",
       "enum": [
+        "CLEAR",
+        "GREEN",
         "AMBER",
         "AMBER_AND_STRICT",
-        "GREEN",
-        "RED",
-        "CLEAR"
+        "RED"
       ],
       "meta:enum": {
-        "AMBER": "The BOM is subject to limited disclosure, and recipients can only share the BOM on a need-to-know basis within their organization and with clients.",
-        "AMBER_AND_STRICT": "The BOM is subject to limited disclosure, and recipients can only share the BOM on a need-to-know basis within their organization.",
-        "GREEN": "The BOM is subject to limited disclosure, and recipients can share the BOM within their community but not via publicly accessible channels.",
-        "RED": "The BOM is subject to restricted distribution to individual recipients only and must not be shared.",
-        "CLEAR": "The BOM is not subject to any restrictions as regards the sharing of the information within the BOM."
+        "CLEAR": "The information is not subject to any restrictions as regards the sharing.",
+        "GREEN": "The information is subject to limited disclosure, and recipients can share it within their community but not via publicly accessible channels.",
+        "AMBER": "The information is subject to limited disclosure, and recipients can only share it on a need-to-know basis within their organization and with clients.",
+        "AMBER_AND_STRICT": "The information is subject to limited disclosure, and recipients can only share it on a need-to-know basis within their organization.",
+        "RED": "The information is subject to restricted distribution to individual recipients only and must not be shared."
       }
     },
     "tool": {

schema/bom-1.7.xsd

@@ -256,7 +256,7 @@ limitations under the License.
                         Formal registration is optional.</xs:documentation>
                 </xs:annotation>
             </xs:element>
-            <xs:element name="distribution" type="bom:tlpType" minOccurs="0" maxOccurs="1">
+            <xs:element name="distribution" type="bom:tlpClassificationType" default="CLEAR" minOccurs="0" maxOccurs="1">
                 <xs:annotation>
                     <xs:documentation>The Traffic Light Protocol (TLP) classification that controls the sharing and distribution
                         of the component that the BOM describes.</xs:documentation>
@@ -396,51 +396,46 @@ limitations under the License.
         </xs:anyAttribute>
     </xs:complexType>
 
-    <xs:simpleType name="tlpType" default="CLEAR">
+    <xs:simpleType name="tlpClassificationType">
         <xs:annotation>
             <xs:documentation xml:lang="en">
-                The Traffic Light Protocol (TLP) classification for the component that the BOM describes. TLP is a classification
-                system for identifying the potential risk associated with artefact, including whether it is subject to certain
-                types of legal, financial, or technical threats. Refer to https://www.first.org/tlp/ for further information.
-                The default classification is CLEAR.
+                Traffic Light Protocol (TLP) is a classification system for identifying the potential risk associated with artefact, including whether it is subject to certain types of legal, financial, or technical threats. Refer to https://www.first.org/tlp/ for further information.
+                The default classification is "CLEAR"
             </xs:documentation>
         </xs:annotation>
         <xs:restriction base="xs:string">
             <xs:enumeration value="CLEAR">
                 <xs:annotation>
                     <xs:documentation>
-                        The BOM is not subject to any restrictions as regards the sharing of the information within the BOM.
+                        The information is not subject to any restrictions as regards the sharing.
                     </xs:documentation>
                 </xs:annotation>
             </xs:enumeration>
             <xs:enumeration value="GREEN">
                 <xs:annotation>
                     <xs:documentation>
-                        The BOM is subject to limited disclosure, and recipients can share the BOM within their community
-                        but not via publicly accessible channels.
+                        The information is subject to limited disclosure, and recipients can share it within their community but not via publicly accessible channels.
                     </xs:documentation>
                 </xs:annotation>
             </xs:enumeration>
             <xs:enumeration value="AMBER">
                 <xs:annotation>
                     <xs:documentation>
-                        The BOM is subject to limited disclosure, and recipients can only share the BOM on a need-to-know
-                        basis within their organization and with clients.
+                        The information is subject to limited disclosure, and recipients can only share it on a need-to-know basis within their organization and with clients.
                     </xs:documentation>
                 </xs:annotation>
             </xs:enumeration>
             <xs:enumeration value="AMBER_AND_STRICT">
                 <xs:annotation>
                     <xs:documentation>
-                        The BOM is subject to limited disclosure, and recipients can only share the BOM on a need-to-know
-                        basis within their organization.
+                        The information is subject to limited disclosure, and recipients can only share it on a need-to-know basis within their organization.
                     </xs:documentation>
                 </xs:annotation>
             </xs:enumeration>
             <xs:enumeration value="RED">
                 <xs:annotation>
                     <xs:documentation>
-                        The BOM is subject to restricted distribution to individual recipients only and must not be shared.
+                        The information is subject to restricted distribution to individual recipients only and must not be shared.
                     </xs:documentation>
                 </xs:annotation>
             </xs:enumeration>