This describes the XML representation of the UCF's Vendor List XML Schema Definition (XSD). Each of the elements, types, and attributes that make up the format are described in detail.

The URL for the Vendor XML_List structure is as follows:

http://unifiedcompliance.com/NFI/XSDs/UCF_Vendors_v2_1.xsd

The UCF_Vendor_List represents the list of vendors who produce the assets that the UCF tracks. The vendor information that the UCF™ team gathers and manages can be used to track not only technology vendors (as does the CPE list), but also all vendors assigned to assets within the organization. Therefore, the UCF's needs for vendor identification form a superset of those within the realm of the CPE naming scheme maintained by MITRE and others.

UCF_Vendor_Item (UCF_Vendor_Item_Type)

The UCF_Vendor_List is comprised of the UCF_Vendor_Item containers. The UCF Vendor Item defines each individual "record" within the list. Each container is split into three key elements that must be present at all times:

• UCF_Meta_Data

• UCF_Basic_Info

UCF_Meta_Data (UCF_Meta_Data_Type)

For detailed documentation of Meta Data fields, please refer to the Meta Data documentation. Below is a list of the meta data fields that are included in the Vendor list.

• UCF_Vendor_ID

• UCF_Vendor_ID_CheckDigit

• UCF_Vendor_ID_Genealogy

• UCF_Vendor_ID_Sort_ID

• UCF_Vendor_Live_Status

• UCF_Vendor_Deprecated_By

• UCF_Vendor_Deprecation_Notes

• UCF_Vendor_Date_Added

• UCF_Vendor_Date_Modified

• UCF_Vendor_Release_Version

UCF_Basic_Info (UCF_Basic_Info_Type)

The UCF_Basic_Info element has exactly what you'd expect - the most critical information that pertains to all types of Vendors.

UCF_Vendor_Name (xs:string)

The vendor's name might be a source of ambiguity because there are many ways to express the names of companies and other organizations. Therefore, our determination is that the name used for the vendor should derive from the highest organization-specific label of the issuing organization's fully qualified domain name (FQDN) and URL directory where the document is made available. Even if the domain name is different than the organization's name, your organization must use the domain name for the Vendor Name. The table below shows some representative examples.

Vendor Full Name FQDN Name Vendor Name

Cisco Systems, Inc. www.cisco.com cisco
The Mozilla Foundation www.mozilla.org mozilla
University of Oxford www.oxford.ac.uk oxford
Network Frontiers LLC www.netfrontiers.com netfrontiers
SonicWall Inc. www.sonicwall.com/us/ sonicwall

UCF_Vendor_Name_Encoded (xs:string)

The vendor name must follow strict adherence to database field naming conventions. Such conventions do not allow the use of certain characters. The list of restricted, non-usable characters in the product's common name are as follows: , + - * / ^ & = ≠ ( ) [ ] \ ; : $ AND OR NOT XOR TRUE FALSE

In order to match (as closely as possible) the CPE naming methodology already in use (the Uniform Resource Identifier Generic Syntax, RFC 3986), the UCF™ team have adopted the same percent encoding rules as do they. A percent encoded character is encoded as a "character triplet" (meaning that the original character has been replaced by a code-set of three characters) consisting of the percent character "%" followed by the two hexadecimal digits representing that character's numeric value. If the "%" character is to be used outside of this encoding, then it would itself have to be encoded. The following is a list of characters that are converted to percent encoding when they are used within a vendor's name:

Original Character	Encoding	Reason
asterisk (*)	%2A	URI reserved character, sub-delims
plus sign (+)	%2B	URI reserved character, sub-delims
comma (,)	%2C	URI reserved character, sub-delims
slash (/)	%2F	URI reserved character, gen-delims
colon (:)	%3A	used to separate the components in a name
semi-colon (;)	%3B	URI reserved character, sub-delims
angle bracket (<)	%3C	used in XML
equal sign (=)	%3D	URI reserved character, sub-delims
angle bracket (>)	%3E	used in XML
question mark (?)	%3F	URI reserved character, gen-delims
open bracket ([)	%5B	URI reserved character, gen-delims
close bracket (])	%5D	URI reserved character, gen-delims
Space ( )	%20	Unsafe character
exclamation point (!)	%21	URI reserved character, sub-delims
double quote (")	%22	used in XML
pound sign (#)	%23	URI reserved character, gen-delims
dollar sign ($)	%24	URI reserved character, sub-delims
percent-sign (%)	%25	used for character encoding in URIs.
ampersand (&)	%26	URI reserved character, sub-delims
apostrophe (')	%27	URI reserved character, sub-delims
open parenthesis (()	%28	URI reserved character, sub-delims
close parenthesis ())	%29	URI reserved character, sub-delims
at sign (@)	%40	URI reserved character, gen-delims

Characters that are allowed in a URI but do not have a reserved purpose are called unreserved. These include uppercase and lowercase letters, decimal digits, hyphen, period, underscore, and tilde (unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"). As a note, spaces may alternately be replaced with the unreserved character of an underscore ("_").

Because the UCF's naming convention must match as close as possible to the CPE naming convention, but must also not fall into the problems that have been associated with the CPE naming convention, the UCF™ team have developed several taxonomic rules for encoding its names (above and beyond the encoding calculations listed here). The vendor name encoding rules are listed in the Common Asset Enumerator Taxonomy description.

UCF_CPE_Vendor_Name (xs:string)

This is the name as listed in the MITRE and NIST Common Platform Enumeration namespace.

UCF_Vendor_Domain (xs:anyURI)

We also need your fully qualified domain name (FQDN) as well as the top level directory if that's applicable. The reason for this is that we need to find you. We will be using this information to check its correlation to the URI you provide for finding your documentation during Network Frontiers' validation process.