Define a data model and API structure for the license inventory

[JamieSlome]

To implement a license inventory, regardless of its ability to act as a standalone or integrated service, a data model and/or API model is required. More more information on the purpose of the license inventory, refer to #594.

Tasks

Preview Give feedback

1. Define a complete data model for the license inventory
2. Make use of SPDX IDs in the model
3. Refer to choosealicense.com for data properties to support

[JamieSlome]

Open Source Implementations

Before defining our own model or schema, we should first verify whether any open source libraries, frameworks or tools exist that can achieve the requirements of this issue.

spdx-exceptions: [25M downloads p/w]
spdx-license-ids: [27M downloads p/w]

Data Model

License

*id[string]: SPDX identifier and unique ID for license
*description[string]: general summary of the license
*url[url]: URL to hosted instance of license
*full_name[string]: Apache License 2.0
*approved_for_contribution[boolean]: true
*approved_for_consumption[boolean]: true
deprecated[boolean]: undefined
deprecated_at_version[string]: undefined
commercial_use[boolean]: true
distribution[boolean]: true 
modification[boolean]: true
patent_use[boolean]: true
private_use[boolean]: true
disclose_source[boolean]: undefined
license_and_copyright_notice[boolean]: true
license_and_copyright_notice_for_source[boolean]: undefined
network_use_is_distribution[boolean]: users who interact with the material via network are given the right to receive a copy of the source code
same_license[boolean]: modifications must be released under the same license when distributing the material.
same_license_file[boolean]: modifications of existing files must be released under the same license when distributing the material
same_license_library[boolean]: modifications must be released under the same license when distributing the licensed material
state_changes[boolean]: changes made to the licensed material must be documented
liability[boolean]: the license includes a limitation to liability
trademark_use[boolean]: the license explicitly states that it does not grant trademark rights
warranty[boolean]: the license explicitly states that it does not provide a warranty
template[string]: cleartext version of the license template

Project

id[uuid]: unique ID
...
licenses[[License]]: list of `License`

Example

*id: Apache-2.0
*description: A permissive license whose main conditions require preservation of copyright and license notices. Contributors provide an express grant of patent rights. Licensed works, modifications, and larger works may be distributed under different terms and without source code.
*url[url]: https://apache.org/licenses/LICENSE-2.0
*full_name[string]: Apache License 2.0
*approved_for_contribution[boolean]: true
*approved_for_consumption[boolean]: true
deprecated[boolean]: ...
deprecated_at_version[string]: ...
commercial_use[boolean]: ...
distribution[boolean]: ...
modification[boolean]: ...
patent_use[boolean]: ...
private_use[boolean]: ...
disclose_source[boolean]: ...
license_and_copyright_notice[boolean]: ...
license_and_copyright_notice_for_source[boolean]: ...
network_use_is_distribution[boolean]: ...
same_license[boolean]: ...
same_license_file[boolean]: ...
same_license_library[boolean]: ...
state_changes[boolean]: ...
liability[boolean]: ...
trademark_use[boolean]: ...
warranty[boolean]: ...
template[string]: ...

[JamieSlome]

@maoo @coopernetes @msagi - any thoughts on the above?