1、BSI Standards Publication BS ISO/IEC 19770-3:2016 Information technology IT asset management Part 3: Entitlement schemaBS ISO/IEC 19770-3:2016 BRITISH STANDARD National foreword This British Standard is the UK implementation of ISO/IEC 19770-3:2016. The UK participation in its preparation was entrus
2、ted to Technical Committee IST/15, Software and systems engineering. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct appli
3、cation. The British Standards Institution 2016. Published by BSI Standards Limited 2016 ISBN 978 0 580 71804 5 ICS 35.080 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the authority of the Standards Policy and Strategy Com
4、mittee on 30 April 2016. Amendments/corrigenda issued since publication Date T e x t a f f e c t e dBS ISO/IEC 19770-3:2016 Information technology IT asset management Part 3: Entitlement schema Technologies de linformation Gestion de bins de logiciel Partie 3: Schma de droit de logiciel INTERNATIONA
5、L STANDARD ISO/IEC 19770-3 Reference number ISO/IEC 19770-3:2016(E) First edition 2016-04-01 ISO/IEC 2016 BS ISO/IEC 19770-3:2016ii ISO/IEC 2016 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2016, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this pu
6、blication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the co
7、untry of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.org ISO/IEC 19770-3:2016(E)BS ISO/IEC 19770-3:2016ISO/IEC 19770-3:2016(E)Foreword v Introduction vi 1 Scope . 1 2 Normative
8、 references 1 3 T erms, definitions and abbr e viat ed t erms 2 3.1 Key concept terms and definitions 2 3.2 Abbreviated terms and acronyms 7 4 Conformance . 7 4.1 Overview 7 4.2 Product conformance 8 4.2.1 Product scope . 8 4.2.2 Product conformance. 8 4.2.3 Software vendor Ent conformance . 8 4.2.4
9、 Ent tool conformance . 8 4.3 Organizational conformance . 8 4.3.1 Organizational scope 8 4.3.2 Software licensor conformance 8 4.3.3 Ent tool provider conformance . 8 4.3.4 Software consumer conformance . 8 5 Int er oper ability . 9 5.1 Overview and key design decisions 9 5.2 Ent identifiers - 9 5.
10、3 Use case overview .10 5.3.1 General.10 5.3.2 Issuance of an initial entitlement .10 5.3.3 Adding information 10 5.3.4 Allocations 10 5.3.5 Transfers 11 5.3.6 Consolidations 12 5.3.7 Revocations .13 5.3.8 Archiving 13 5.4 Ent types 13 5.5 Supplemental Ent types .14 5.6 Uniqueness of identifiers 16
11、5.6.1 General.16 5.6.2 Entity registration identification regid 16 5.6.3 Other globally unique identifiers 17 5.6.4 Identifiers unique within the context of an organization 17 5.6.5 Identifiers offering potential for global standardization .18 6 Implementation of Ent processes 18 6.1 General 18 6.2
12、Ent creators .18 6.3 Trustworthiness of Ents .18 6.4 Authenticity of Ents .19 6.5 Ent file names 19 6.6 Ent storage .19 6.7 Ent recovery .20 7 Tool considerations 20 7.1 Flexibility to use with simple tools .20 7.2 Use with specialist tools . 20 8 Entitlement file data specification 20 ISO/IEC 2016
13、All rights reserved iii Contents PageBS ISO/IEC 19770-3:2016ISO/IEC 19770-3:2016(E)8.1 General 20 8.2 Minimum Ent data required .21 8.3 XML naming conventions 21 8.4 Language functionality22 8.5 Element structure 22 8.6 Data definitions .22 8.6.1 Requirement Levels 22 8.6.2 Contract 23 8.6.3 Ent .24
14、 8.6.4 EntMeta .26 8.6.5 Entity .29 8.6.6 InvoiceData 30 8.6.7 Limit .31 8.6.8 LimitTime 31 8.6.9 Link .32 8.6.10 LinkContent .33 8.6.11 Meta .33 8.6.12 Metric 34 8.6.13 OrderInfo .34 8.6.14 Quantification 36 8.6.15 Right .37 8.6.16 TestMethod 38 8.6.17 ValidVersion 38 8.7 Attribute value definition
15、s .39 8.7.1 General.39 8.7.2 ChannelType .39 8.7.3 DurationUnit .39 8.7.4 EntType .40 8.7.5 EntitlementType .40 8.7.6 FossCopyleft 41 8.7.7 RightName 41 8.7.8 LimitType 41 8.7.9 MetricType .42 8.7.10 Rel 42 8.7.11 Role .43 8.7.12 SupplementalEntType 43 8.7.13 TrustLevel .45 8.7.14 VersionScheme .45
16、8.8 NMTOKEN and NMTOKENS 46 Annex A (normative) XML schema definition (X SD) .47 Annex B (informative) UML and XML Documentation 50 Annex C (informative) Sample Ents 55 Bibliogr aph y .62 iv ISO/IEC 2016 All rights reservedBS ISO/IEC 19770-3:2016ISO/IEC 19770-3:2016(E) Foreword ISO (the Internationa
17、l Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by
18、the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of
19、information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the d
20、ifferent types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and I
21、EC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this doc
22、ument is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Tra
23、de (TBT) see the following URL: Foreword - Supplementary information The committee responsible for this document is ISO/IEC JTC 1, Information technology, SC 7, Software and systems engineering. ISO/IEC 19770 consists of the following parts, under the general title Information technology Software as
24、set management: Part 1: Processes and tiered assessment of conformance Part 2: Software identification tag Part 3: Entitlement schema Part 5: Overview and vocabulary The following part is under preparation: Part 4: Resource Utilization Measurement (RUM) The following part is planned: Part 22: Guidan
25、ce for the use of ISO/IEC 19770-2 Software IdentificationTag information in Cyber Security ISO/IEC 2016 All rights reserved vBS ISO/IEC 19770-3:2016ISO/IEC 19770-3:2016(E) Introduction This part of ISO/IEC 19770 provides a technical definition of a schema that can encapsulate the details of software
26、 entitlements, including usage rights, limitations and metrics. The primary intentions of this part of ISO/IEC 19770 are a) to provide a basis for common terminology to be used when describing entitlement rights, limitations and metrics, and b) to provide a schema which allows effective description
27、of rights, limitations and metrics attaching to a software license. The specific information provided by an entitlement schema (Ent) may be used to help ensure compliance with license rights and limits, to optimize license usage and to control costs. Though Ent creators are encouraged to provide the
28、 data that allow for the automatic processing, it is not mandated that data be automatically measurable. The data structure is intended to be capable of containing any kind of terms and conditions included in a software license agreement. This part of ISO/IEC 19770 supports software asset management
29、 (SAM) processes as defined in ISO/IEC 19770-1. It is also designed to work together with software identification tags as defined in ISO/IEC 19770-2. Standardization in the field of software entitlements provides uniform, measurable data for both the license compliance, and license optimization, pro
30、cesses of SAM practice. This part of ISO/IEC 19770 does not provide requirements or recommendations for processes related to software asset management or Ents. The software asset management processes are within the scope of ISO/IEC 19770-1. This part of ISO/IEC 19770 has been developed with the foll
31、owing practical principles in mind. M a x i m u m p o s s ible u s abi l i t y w i t h le g ac y e nt i t le me nt i n f or m at ion. The Ent or software entitlement schema, is intended to provide the maximum possible usability with existing entitlement information, including all historical licensin
32、g transactions. While the specifications provide many opportunities for improvement in entitlement processes and practices, they should also able to handle existing licensing transactions without imposing requirements which would prevent such transactions being codified into Ent records. M a x i m u
33、 m p o s s i b l e a l i g n m e n t w i t h ISO/IEC 19770-2. This part of ISO/IEC 19770 (entitlement schema) is intended to align closely with part ISO/IEC 19770-2 (software identification tags). This should facilitate both understanding and their joint use. It is intended that this standardized sc
34、hema will be of benefit to all stakeholders involved in the creation, licensing, distribution, release, installation and ongoing management of software and software entitlements. Benefits to software licensors who provide Ents include, but are not limited to: immediate software consumer recognition
35、of details of the usage rights derived from their software entitlement; ability to specify details to customers that allow software assets to be measured and reported for license compliance purposes; increased awareness of software license compliance issues on the part of end-customers;vi ISO/IEC 20
36、16 All rights reservedBS ISO/IEC 19770-3:2016ISO/IEC 19770-3:2016(E) improved software consumer relationships through quicker and more effective license compliance audits. Benefits to SAM tool providers, deployment tool providers, resellers, resellers, software packagers and release managers include
37、, but are not limited to: receipt of consistent and uniform data from software licensors and Ent creators; more consistent and structured entitlement information, supporting the use of automated techniques to determine the need for remediation of software licensing; improved reporting from additiona
38、l categorization made possible by the use of Ents; improved SAM tool entitlement reconciliation capabilities resulting from standardization in location and format of software entitlement data; ability to deliver value added functionality for compliance management through the consumption of entitleme
39、nt data. The benefits for software consumers, SAM practitioners, IT support professionals and end-users include, but are not limited to: receipt of consistent and uniform data from software licensors, resellers and SAM tools providers; more consistent and structured entitlement information supportin
40、g the use of automated techniques to determine the need for remediation of software licensing; improved reporting from additional categorization made possible by the use of Ents; improved SAM and software license compliance capabilities stemming from standardized, software licensor-supplied, ISO/IEC
41、 19770-2 software identification tags to reconcile with these Ents; improved ability to avoid software license under-procurement or over-procurement with subsequent cost optimization; standardized usage across multiple platforms, rendering heterogeneous computing environments more manageable. ISO/IE
42、C 2016 All rights reserved viiBS ISO/IEC 19770-3:2016BS ISO/IEC 19770-3:2016Information technology IT asset management Part 3: Entitlement schema 1 Scope This part of ISO/IEC 19770 establishes a set of terms and definitions which may be used when discussing software entitlements (an important part o
43、f software licenses). It also provides specifications for a transport format which enables the digital encapsulation of software entitlements, including associated metrics and their management. This common set of terms and associated transport format is intended to facilitate the management of softw
44、are entitlements. The intended benefits of the better management of entitlements include easier demonstration of proof of ownership, cost optimization of the use of entitlements and easier license compliance management. Furthermore, one of the benefits of having a standard for entitlement structure
45、is that it may encourage the normalization by industry of names for and the details of, different types of entitlements. A common lexicon is critical to standardization and shared understanding. The terms in this part of ISO/IEC 19770 should form a part of that lexicon over time. It should be noted
46、that within this text, attributes of an XML entity will be denoted with angle brackets, . XML elements are noted with quotes, “Element”. This part of ISO/IEC 19770 deals only with software entitlements, which are defined as the subset of software licenses that are concerned with usage rights. It is
47、expected that the original documentation of licensing terms and conditions will be definitive for legal purposes, and will always take precedence over the Ent encapsulation. This part of ISO/IEC 19770 does not detail ITAM processes required for discovery and management of software (which is provided
48、 for in ISO/IEC 19770-1) or software identification tags (as defined by ISO/IEC 19770-2). This part of ISO/IEC 19770 does not consider identifying mechanisms for product activation. This part of ISO/IEC 19770 is not intended to conflict with any organizations policies, procedures and standards, or w
49、ith any national laws and regulations. Any such conflict should be resolved before using this part of ISO/IEC 19770. In case the conflict cannot be resolved, the specification shall not be implemented. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition
