ISO/IEC 19770-4:2017

INTERNATIONAL ISO/IEC
STANDARD 19770-4
First edition
2017-09
Information technology — IT asset
management —
Part 4:
Resource utilization measurement
Technologies de l'information — Gestion de biens de logiciel —
Partie 4: Mesure d'utilisation des ressources
Reference number
©
ISO/IEC 2017
© ISO/IEC 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2017 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
1.1 Purpose . 1
1.2 Field of application . 1
1.3 Limitations . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Conformance . 4
4.1 RUM conformance . 4
4.2 Application conformance . 4
5 Key concepts . 4
5.1 General . 4
5.2 Software asset and IT asset identification. 5
5.3 Measurements . 5
5.4 Relationship to other ISO/IEC 19770 family information structures . 5
6 Implementation requirements and guidance . 5
6.1 Usage scenario . 5
6.2 Unique registration ID (regid) . 6
6.2.1 Overview . 6
6.2.2 Structure of regid . 6
6.2.3 Examples of regid . 6
6.3 XML and XSD . 6
6.4 Time formats. 7
6.5 Frequency of generation . 7
6.6 Filename . 7
6.7 File extension . 7
6.8 File location. 8
6.9 Managing file sizes and file numbers . 8
6.10 Uninstallation and upgrade. 8
6.11 Digital signatures . 8
6.12 Nesting XML documents . 8
7 Tool considerations . 8
8 Schema elements . 8
8.1 Overview . 8
8.2 Minimum RUM data required. 9
8.3 XML element and attribute names .10
8.4 Data values .11
8.4.1 Resource Utilization .11
8.4.2 AssetIdentification .12
8.4.3 Measurement .13
8.4.4 Value .13
8.4.5 Link .14
8.4.6 Meta .15
8.4.7 Asset .15
8.4.8 Instance . .15
8.5 Type definitions .15
8.5.1 Ownership .15
8.5.2 rel .16
8.5.3 NMTOKEN .16
Annex A (normative) XML Schema Definition .17
© ISO/IEC 2017 – All rights reserved iii

Annex B (informative) Examples of multiple file RUM and nesting XML documents .30
Annex C (informative) Examples of linking related software asset from the RUM .33
Bibliography .38
iv © ISO/IEC 2017 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www.iso.org/iso/foreword.html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
A list of all parts in the ISO/IEC 19770 series can be found on the ISO website.
Guidelines for mapping of industry Software Asset Management (SAM) practices with the ISO/IEC 19770
series of standards and guidelines for the application of ISO/IEC 19770-1 for small organizations will
form the subjects of future ISO/IEC 19770-8 and ISO/IEC 19770-11, respectively.
© ISO/IEC 2017 – All rights reserved v

Introduction
0.1 Overview
International Standards in the ISO/IEC 19770 series of standards for IT asset management (ITAM)
address both the processes and technology for managing IT assets. Because IT is an essential enabler for
almost all activity in today's world, these standards should integrate tightly into all of IT. For example,
from a process perspective, ITAM standards should be able to be used with all management system
standards, because hardware and software, and management of hardware and software management
are essential components of any modern management system. From a technology perspective, ITAM
standards for information structures provide not only for the interoperability of IT management data,
but also provide the basis for many additional benefits such as more effective security in the use of
software. ITAM standards for information structures also facilitate significant automation of IT
functionality, such as improved authentication of software and easier and more consistent collection of
data relating to the use of that software.
0.2 Purpose of this document
This document provides an International Standard for Resource Utilization Measurement (RUM). A
RUM is a standardized structure containing usage information about the resources that are related to
the use of an IT asset. A RUM will often be provided in an XML data file, but the same information may
be accessible through other means depending on the platform and the IT asset/product.
This document contains information structures that are designed to align with the identification
information defined in ISO/IEC 19770-2, and with the entitlement information defined in ISO/IEC 19770-
3. When used together, these three types of information have the capability to significantly enhance
and automate the processes of IT asset management.
This document supports the IT asset management processes defined in ISO/IEC 19770-1. This document
also supports the other parts of the ISO/IEC 19770 series of standards that define information
structures.
The RUM is specifically designed to be general-purpose and usable in a wide variety of situations.
Like other information structures defined in the ISO/IEC 19770 series of standards, the consumer of
a RUM may be an organization and/or a tool or other consumers. In contrast to the other information
structures in the ISO/IEC 19770 series, the entity creating a RUM data on a periodic basis will likely be
an IT asset or an automation tool monitoring an IT asset.
The definition of a RUM will benefit all stakeholders involved in the creation, licensing, distribution,
releasing, installation, and on-going management of IT assets. Key benefits associated with a RUM for
three specific groups of stakeholders include:
— IT asset users
— RUM data will typically be generated and processed by IT assets and automation tools, within
the consumers enterprise boundary, for purpose of IT asset compliance and optimization;
— RUM data is human readable and can provide improved visibility into resource utilization
within IT assets independent of vendor or third-party supplied tools;
— the ability to combine identification, entitlement, and resource utilization information together
to perform quantitative and authoritative IT asset management, for example, to meet compliance
requirements;
vi © ISO/IEC 2017 – All rights reserved

— a much-improved ability to perform IT asset management in support of green data center
strategies such as optimization of the use of power and air conditioning;
— IT asset manufacturers
— the ability to consistently and authoritatively generate resource utilization information for
consumption by a central facility that is maintained by the creator, or one or more third-party
tools, or by the IT asset users;
— the ability to support multiple instances and types of third-party tools with a single set of
functionality within the IT asset;
— the ability to offer a service to track real-time IT asset usage in the field and, when combined
with identification and entitlement information, the ability to give advance warning as resource
limits are approached;
— the ability to offer an alternative approach to asset utilization measurement to traditional
techniques that employ key-based, or platform-restricted licenses;
— Tool vendors
— the ability to support multiple IT assets, and types of IT asset, without having to create and
maintain unique instrumentation that is associated with each asset;
— the ability to more easily aggregate usage information across multiple instances of an asset;
— a much-improved ability to track resource utilization and IT assets in near real-time.
This document is divided into the following clauses and annexes:
— Clause 1 is the scope;
— Clause 2 describes the normative references;
— Clause 3 describes the terms, definitions, symbols, and abbreviations used in this document;
— Clause 4 defines conformance;
— Clause 5 describes key concepts;
— Clause 6 defines implementation requirements and gives guidance;
— Clause 7 defines tool requirements;
— Clause 8 defines the elements of the RUM;
— Annex A contains the XML schema document (XSD) for the RUM;
— Annex B gives examples of RUMs; and
— Annex C gives methods of linking a RUM to a specific software asset.
This document is not intended to conflict either with any organization's policies, procedures, or
standards. Any such conflict should be resolved before using this document.
© ISO/IEC 2017 – All rights reserved vii

INTERNATIONAL STANDARD ISO/IEC 19770-4:2017(E)
Information technology — IT asset management —
Part 4:
Resource utilization measurement
1 Scope
1.1 Purpose
This document establishes specifications for an information structure to contain Resource Utilization
Measurement information to facilitate IT asset management (ITAM).
This document is applicable to all types of organization (for example, commercial enterprises,
government agencies, and non-profit organizations).
1.2 Field of application
This document applies to the following.
a) IT asset manufacturers: These are the entities that create IT assets for distribution or installation.
b) Tool providers: These are the entities that may provide any number of tools that use the information
contained in a Resource Utilization Measurement (RUM). These tools will include aggregation
facilities capable of producing consolidated reports of the utilization of resources throughout an
organization, and threshold reporting facilities capable of generating an alarm when utilization
reaches a predetermined level.
c) IT asset users: These are the entities that purchase, use IT assets, and who are intended as one of
the major beneficiaries of the visibility made possible by the information that is contained within
the RUM.
1.3 Limitations
This document does not detail ITAM processes required for the reconciliation of resource utilization
information with other types of information such as identification and entitlement information.
This document only defines an information structure, and does not define how that information is
communicated between systems, or how resource measurement information from different systems is
reconciled or consolidated.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 19770-5, Information Technology — Software asset management — Overview and vocabulary
ISO 8601, Data elements and interchange formats — Information interchange — Representation of dates
and times
RFC 3986, Uniform Resource Identifier (URI): Generic Syntax, January 2005, http://tools.ietf.org/html/
rfc3986
© ISO/IEC 2017 – All rights reserved 1

3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 19770-5 and the
following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
NOTE In these definitions, the generic term {info struct} that is used in ISO/IEC 19770-5 to reference an
ISO/IEC 19770 information structure, is replaced by the term RUM. Unlike ISO/IEC 19770-2, the term “tag” is not
used because the information structure defined in this document may not always be realized as an XML file, and
thus the term “tag” is not always appropriate.
3.1
asset
item, thing, or entity that has potential or actual value to an organization
Note 1 to entry: Value can be tangible or intangible, financial, or non-financial, and includes consideration of
risks and liabilities. It can be positive or negative at different stages of the asset's life.
Note 2 to entry: For most organizations, physical assets usually refer to equipment, inventory, and properties
owned by the organization. Physical assets are the opposite of intangible assets, which are non-physical assets
such as leases, brands, digital assets, use rights, licenses, intellectual property rights, reputation or agreements.
Note 3 to entry: A grouping of assets referred to as an asset system could also be considered as an asset.
Note 4 to entry: ISO/IEC 19770-5 incorporated a slightly different definition of asset, taken from a development
version of ISO 55000. This definition is sourced from the latest published version ISO/IEC 19770-5, which is in
turn aligned with ISO 55000.
[SOURCE: ISO/IEC 19770-5:2015, 3.2]
3.2
element
component of an info struct that provides information related to the entity represented by the info struct
[SOURCE: ISO/IEC 19770-5:2015, 3.12]
3.3
extensible markup language
XML
license-free and platform-independent markup language that carries rules for generating text formats
that contain structured data
[SOURCE: W3C Recommendation Extensible Markup Language (XML) 1.1 (Second Edition), 1.2]
3.4
globally unique identifier
GUID
16-byte string of characters that is generated in a manner that gives a high probability that the string is
unique in any context
Note 1 to entry: Other globally unique identifier algorithms can be used in some situations. In general, alternative
algorithms use uniform resource identifier (URI) based structures, so the id owner's registration identifier (regid)
is included in the identifier.
Note 2 to entry: In this document, GUID as an all capitalized term refers specifically to the 16-byte version. If the
term is in lowercase (guid), it refers to a general algorithm that can use either a URI, or a 16-byte-based identifier.
[SOURCE: ISO/IEC 19770-5:2015, 3.16]
2 © ISO/IEC 2017 – All rights reserved

3.6
registration identifier
regid
unique identifier for an entity
Note 1 to entry: ISO/IEC 19770-5 incorporated a different definition of regid that defined a specific format.
[SOURCE: ISO/IEC 19770-5:2015, 3.27]
3.7
software identification tag
SWID tag
information structure (3.13) containing identification information about a software configuration item,
which may be authoritative if provided by a software creator
[SOURCE: ISO/IEC 19770-5:2015, 3.40]
3.8
Resource Utilization Measurement
RUM
structure that provides information about resources associated with an IT asset (3.1) in order to
facilitate its management
Note 1 to entry: In the case of a RUM, the structure specifically contains information about the consumption of
resources in relation to an IT asset.
[SOURCE: ISO/IEC 19770-5:2015, 3.18, modified – Note 1 to entry has been added.]
3.9
RUM creator
entity that initially creates a RUM
Note 1 to entry: This entity can be part of the organization that created the IT asset, in which case the RUM
creator and IT asset manufacturer will be the same. The RUM creator can also be a third-party organization
unrelated to the IT asset manufacturer (such as in the case where tags are created for legacy software by third-
party organizations). The RUM creator can also be a separate software tool that is used to measure usage of an
IT asset.
[SOURCE: ISO/IEC 19770-5:2015, 3.19, modified – Note 1 to entry has been added.]
3.10
uniform resource identifier
URI
compact sequence of characters that identifies an abstract or physical resource available on the Internet
Note 1 to entry: The syntax that is used for URIs is defined in IETF RFC 3986.
[SOURCE: IETF RFC 3986, 1]
3.11
valid
status of a RUM that follows the specified XML Schema document and is valid from an XML perspective
[SOURCE: ISO/IEC 19770-5:2015, 3.52]
3.12
version
unique string of number and letter values indicating a unique revision of an item
Note 1 to entry: Versions are often referred to in software to identify revisions of software that provide unique
functionality or fixes. A version typically has multiple parts with at least a major version indicating large changes
in functionality or user interface changes and a minor version indicating smaller changes in functionality or user
interface changes.
© ISO/IEC 2017 – All rights reserved 3

[SOURCE: ISO/IEC 19770-5:2015, 3.54]
3.13
information structure
structure that provides information about an IT asset (3.1) in order to facilitate its management
4 Conformance
4.1 RUM conformance
A Resource Utilization Measurement (RUM) is in conformance as specified in this document when the
RUM obeys all normative requirements that are specified in this document.
4.2 Application conformance
Application conformance incorporates both syntax and semantics and are defined for producers of
RUM and entities that are designed to process RUMs, as follows.
A conforming application (i.e. an IT asset, automation tool, etc.) that is designed to produce RUMs
— shall be able to produce RUMs conforming to this document.
An entity that is designed to process RUMs:
a) shall not reject any RUM conforming to this document which is in XML format and which conforms
to the schema provided in Annex A;
b) shall treat the information in the RUM in a manner consistent with the semantic definitions given
in this document. Such an application may choose not to process all of the information in the RUM,
but any information that it does process shall be processed in a manner that is consistent with the
semantic definitions given in this document;
c) shall, when necessary, be able to identify the version of the XML schema document (XSD) that is to
be used for the RUM, and thus be able to process information in a manner that is consistent with
that XSD. This is important because in the future, RUMs that conform to several different versions
of this document may exist in the field concurrently, and it will thus be important that each version
is processed with the correct XSD.
5 Key concepts
5.1 General
A Resource Utilization Measurement (RUM) is an information structure containing authoritative
information about the consumption of resources in relation to an IT asset. The structure contains
information to identify a particular instance of an IT asset (see 5.2), and one or more sets of resource
utilization information that are contained within an element that is called a measurement (see 5.3).
This subclause also contains a description of the relationship between the RUM and other information
structure definitions within the ISO/IEC 19770 series of standards.
Consumers of RUMs shall be aware that some IT assets will append new measurement information to
an existing file for a period in preference to creating a new file for each time. This is how software
generally interacts with logs, and RUMs are sufficiently similar to logs that the same mechanism may
also be used in this case.
4 © ISO/IEC 2017 – All rights reserved

5.2 Software asset and IT asset identification
Where a RUM contains resource utilization elements that are related to an IT asset that is referenced by
a SWID tag, the RUM shall contain a Link element that references that SWID, and the unique identifier
that is used in that SWID shall be employed in the creation of constructs within the RUM.
Where a RUM contains resource utilization elements that are related to an IT asset for which there is
no SWID tag, the RUM shall incorporate an Asset element containing a unique identifier for that asset.
Where both a Link element and an Asset element containing a unique identifier are included in a RUM,
the Link element shall take precedence.
5.3 Measurements
A single RUM shall contain one or more elements that define a measurement. This is to support a
situation where multiple measurement types may be available with a single IT asset. Specifically, the
knowledge of which of those measurement types may be of interest in a particular instantiation may not
be available within the IT asset itself, and therefore some assets will always report the measurement
data of all of the resources of which they are aware.
Each measurement element shall contain:
a) the time at which the information was captured,
b) the start time of the period over which the utilization was measured,
c) the end time of the period over which the utilization was measured (which shall be equal to the
start time for a point in time value),
d) the measurement type, which is defined by a text string, and
e) one or more values, each with an identified type.
Optional information and meta-information may also be associated with each measurement, or
each value.
Note that the measurement in a RUM is only defined by a textual description of a metric, a type and a
value. No mathematical description for a measurement is included, and no standard set of types are
defined. It is expected that IT asset manufacturers will report already existing measurements in a RUM,
and thus the textual description of the type will be defined by pre-existing practice.
5.4 Relationship to other ISO/IEC 19770 family information structures
This document is intended to complement the information structures that are defined by the other
parts of ISO/IEC 19770 series of standards, but also to be usable independently. For instance, while it
is preferred that a software asset to which a RUM relates be identified by a link to a SWID as defined
by ISO/IEC 19770-2, the RUM also incorporates an optional structure which can contain a string that
uniquely identifies an IT asset.
If the measurements that are defined in a RUM have a relationship to the entitlements defined in
the ISO/IEC 19770-3, they shall have the same value of metricName (see 8.4.3). The details of that
relationship between the measurements and the entitlement are outside of the scope of this document.
6 Implementation requirements and guidance
6.1 Usage scenario
The RUM is specifically designed to be general-purpose and usable in a wide variety of situations.
The entity creating a RUM will be an IT asset or an automation tool monitoring an IT asset, and the
information structure will generally be encapsulated within the entity, or within the file system of the
© ISO/IEC 2017 – All rights reserved 5

system upon which the entity is executing. In addition, while the RUM information may be deposited
in a platform-specific repository, or communicated to a remote system or central facility, the details of
both of these mechanisms are outside of the scope of this document.
6.2 Unique registration ID (regid)
6.2.1 Overview
RUMs may be created by IT assets produced by different organizations and do not strictly require a
centralized registration authority. To accommodate these requirements, this document uses a regid.
The regid provides a unique naming authority identifier.
6.2.2 Structure of regid
A regid shall use a URI reference in accordance with RFC 3986. Once an organization specifies a regid for
their organization’s IT asset, that regid shall be used consistently for all IT asset from the organization.
To ensure interoperability, allow for open source project support and third-party tag consistency, the
following recommendations should be applied when creating a regid.
— Unless otherwise required, the URI should utilize the http scheme.
— If the http scheme is used, the “http://” may be left off the regid string (a string without a URI
scheme specified is defined to use the “http://” scheme).
— Unless otherwise required, the URI should use an absolute-URI that includes an authority part, such
as a domain name.
— To ensure consistency, the absolute-URI should use the minimum string required (for example,
example.com should be used instead of www.example.com).
6.2.3 Examples of regid
A regid for a company that creates and sells software is expected to be the HTTP reference to that
company. So a regid for the Fabrikam Company is:
“fabrikam.com”
A regid for an open source project called SampleProject that is hosted on sourceMyProject.net may be
one of the following:
— sampleproject.sourcemyproject.net;
— sourcemyproject.net/sampleproject;
— sourcemyproject.net/?projectname=sampleproject.
The appropriate regid to choose for the project is dependent on the default reference used by the hosting
site for the particular project.
6.3 XML and XSD
The RUM shall be defined as an XML data structure. The XML schema definition (XSD) to be used shall
be that defined in Annex A, and that schema may be downloaded from:
http://standards.iso.org/iso-iec/19770/-4/ed-1
6 © ISO/IEC 2017 – All rights reserved

6.4 Time formats
All time information in this document shall be encoded in a date and time of day representation for
a point in time as specified in ISO 8601. The use of UTC-based times is recommended. Use of the
limited formats in the W3C note entitled "date and time formats" is also recommended. The ISO 8601
representations for a time interval, or a recurring time interval, shall not be used.
6.5 Frequency of generation
The frequency at which RUMs are generated is a function of both the IT asset and the specific
measurement being reported and is not specified in this document. Some measurements may require a
RUM to be generated at intervals as short as minutes, while others may require only to be reported at
daily or weekly intervals.
Both measurements that relate to an instantaneous point in time, and a period of time, shall be
supported. The period shall be defined by different start and end times, while for a point in time
measurement the start and end times shall be identical.
Some measurements will also require information to be generated when a particular set of conditions
are met (for example, a threshold is reached), while other measurements will require that information
be generated at fixed or varying intervals. In this latter case, the intervals shall be contiguous and non-
overlapping, that is the end time reported in one set of information will be identical to the start time
of the next set of information. The start time of the first interval reported after an IT asset is installed
shall be the installation or activation time, and where an asset is gracefully terminated or uninstalled
the end time of the final interval shall be the termination time.
Automation tools shall be able to read the content of a RUM at any time, even during the process of
generating or updating it. Tools shall ignore incomplete XML elements.
6.6 Filename
One of the form RUM can be represented is the file on the file system. When a RUM is contained within
a file, the following rules and recommendations for the filename shall be used.
Where there is an SWID tag linked to the RUM, the filename shall be:
..integer
Where there is no SWID tag linked to the RUM, the filename shall be structured to be globally unique
for the RUM creator and product.
RUM creators may use different approaches to defining the base portion of the filename of the file
containing the RUM; however, if the filename aligns with the following structure, the filename will be
globally unique for the product and recognizable by a system administrator:
+ ...integer
Filenames should be restricted to use only the characters listed in the Portable Filename Character
Set defined in IEEE std 1003.1, section 3.278 to maximize interoperability between platforms. If this
limitation is too restrictive, the RUM creator shall ensure that the characters used in the filename are
valid characters for all platforms where their RUMs may be stored in files(s) in a file system.
6.7 File extension
The extension of a file containing RUM data shall be .rum.
Where there is an SWID tag linked to the RUM, the filename shall be:
..integer.rum
© ISO/IEC 2017 – All rights reserved 7

6.8 File location
The location of a RUM is a function of the RUM creator and/or a data storage location defined and
managed by the platform provider for the IT asset and is not specified in this document. It is allowed for
a single directory to contain multiple RUMs, generated for example by different IT assets, or by some
form of automation tool monitoring external IT assets.
6.9 Managing file sizes and file numbers
RUMs are similar in many ways to existing application log files, and are expected to be generated in
a similar manner. Many IT assets set a maximum size for a log file, and define how many separate log
files are to be retained for a period, and those assets may take the same approach with files containing
RUMs. Thus, if a file containing RUMs exceeds the maximum size set, its content shall be saved in a file
with a numbered suffix appended to its filename, and a new file shall be created to hold further RUM
information. See B.1 for an example of the handling of multiple files.
The maximum file size value and the maximum number of files is a function of the implementation of
the IT asset, and is not specified in this document. However, it is recommended that values be chosen
that allow at least one month of usage history to be maintained on a device.
6.10 Uninstallation and upgrade
RUMs shall not be deleted when an IT asset is uninstalled or upgraded. This behaviour is consistent
with the handling of log files in many applications. Where the linkage of the RUM and an IT asset
identified by a SWID tag needs to be preserved across software upgrades, the linkage to the SWID tag
shall not be specified by the SWID tagId attribute, but by another SWID tag attribute that will provide
better traceability. One example of such linkage is by using the SWID software name attribute, but
other mechanisms might also work for such a use case.
6.11 Digital signatures
The use of digital signatures with RUMs is optional. Where signatures are used, careful consideration
should be given to situations where RUMs are generated frequently, or on a fixed schedule. It may
be appropriate to only sign RUMs when they are communicated from the system on which they are
generated to a remote system such as a central repository.
6.12 Nesting XML documents
IT asset instances may use an XML nesting mechanism to simplify the process of generating a RUM.
This mechanism employs a root XML document containing header information and a measurement
document that stores only measurement elements. Subsequent measurements can then easily be
appended to the end of the measurement file. See B.3 for an example of nesting XML documents.
7 Tool considerations
It shall be possible to manually extract information from RUMs and to store and manipulate the
extracted information in a simple spreadsheet. Users wishing to perform such a manual extraction
should employ the same techniques that have traditionally been used to extract information from log
files that are in active use (see 6.10).
8 Schema elements
8.1 Overview
An overview of the elements of the schema of a RUM is shown in Figure 1.
8 © ISO/IEC 2017 – All rights reserved

Figure 1 — RUM Schema
8.2 Minimum RUM data required
Due to the multiple use cases identified for RUM creation, the minimum data requirements for a RUM
are relatively sparse. The only values that are required for a RUM to be considered valid to meet the
requirements of the XML schema shall be:
— ResourceUtilization (see 8.4.1)
— AssetIdentification (see 8.4.2) at least one of:
— Link – in case the SWID tag exists for the software asset
— Asset – in case SWID tag does not exist, to identify the IT asset
— Measurement (see 8.4.3)
— logTime
— metricName
— startTime
— endTime
— Value (8.4.4)
See examples in Annex C.
© ISO/IEC 2017 – All rights reserved 9

8.3 XML element and attribute names
RUM content shall be identified in accordance with the XML element and attribute names specified
below. This naming requirement ensures consistent interoperability with SWID tag content, regardless
of the creator or consumer of the tag data.
NOTE  Data values in the RUM can be structured as XML elements (which contain XML attributes) or XML attributes
(which contain the actual data values). These types can be differentiated using the following structures:
—  elements are Pascal cased (ThisIsAnExample);
—  attributes are Camel cased (anotherExampleIsLikeThis).
10 © ISO/IEC 2017 – All rights reserved

8.4 Data values
8.4.1 Resource
...