Clio — Software Components and IP Management System
The system is named "CLIO".
Clio is the muse of history, and, as the Proclaimer, she is keeping detailed records.
CLIO is also a backronym for the system of maintaining Components, Licenses, Ip and Other information.
CLIO: the system described in these notes
Component: a piece of software, usually a complete package. It can be Simple or Complex.
Simple Component: a software component which does not include other components. For example, small libraries are usually Simple Components.
Complex Component: a software component which includes (or has other Relationship) other components. Typical software is usually a Complex Component since it includes many Simple Components (e.g., libraries). Note that it is perfectly possible for a Complex Component to include other Complex Components.
Component Details: the set of data pertaining to a Component. At minimum, these include name of the component and License (OBL). Other info usually present includes version, origin URL, etc.
Catalog: the set of Simple Components (with their Component Details) that are used in the various Complex Components.
Software License: the set of rights and obligations one must follow when using a software. In most of the cases, the license in CLIO will be denoted by a SPDX license expression.
Outbound License (OBL): the set of licenses a Component is licensed under
Inbound License (IBL): the license that a Component is licensed under when used in a Complex Component
Relationship: a connection between two Software Components. The most basic relationship is INCLUDES, when a Component includes the code of another Component (possibly modified). There are many relationships defined in the SPDX Specification, although many of them apply to files and not Components and as such are not relevant.
A system of access control (and management) is required.
The Catalog can only be modified by accounts which have the corresponding permission.
A separate permission will allow the creation of Complex Components.
Viewing of the information can be unrestricted.
Integration with LDAP (for accounts and permissions) is highly desirable.
Software Components can further be broken down to files.
It is not expected that CLIO would provide a complete manual interface for manipulating this information.
However, it would desirable to be able to load (and update) this information by the means of SPDX files.
As an illustrative example, here are some data that demonstrate the information handled by the system.
The Catalog contains two Simple Components:
name: zlib license: Zlib version: 1.2.11 origin: http://zlib.net URL: http://www.zlib.net/zlib-1.2.11.tar.gz
name: xxHash license: BSD-2-Clause origin: http://www.xxhash.com/ version: 0.6.2 URL: https://github.com/Cyan4973/xxHash/archive/v0.6.2.tar.gz
There is also a Complex Component (example entry):
name: my_software license: BSD-3-Clause version: 0.1
which also has the following relationships:
my_software INCLUDES zlib my_software STATICALLY_LINKS xxHash my_software DYNAMICALLY_LINKS libc
The system should be able to store, present, and manage this information and provide a user-friendly way of entering and editing it.
Note that data about users and permissions are not shown in this example.