diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 8210e3eff6..b1af3939c0 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -45,4 +45,17 @@
 /docs/mobile/        @open-telemetry/specs-semconv-approvers @open-telemetry/semconv-mobile-approvers
 /model/logs/mobile*  @open-telemetry/specs-semconv-approvers @open-telemetry/semconv-mobile-approvers
 
-# TODO - Add semconv area experts
+# K8s semantic conventions approvers
+/docs/resource/k8s.md @open-telemetry/specs-semconv-approvers @open-telemetry/semconv-k8s-approvers
+/docs/attributes-registry/k8s.md @open-telemetry/specs-semconv-approvers @open-telemetry/semconv-k8s-approvers
+/model/resource/k8s.yaml @open-telemetry/specs-semconv-approvers @open-telemetry/semconv-k8s-approvers
+/model/registry/k8s.yaml @open-telemetry/specs-semconv-approvers @open-telemetry/semconv-k8s-approvers
+
+# Container semantic conventions approvers
+/docs/resource/container.md @open-telemetry/specs-semconv-approvers @open-telemetry/semconv-container-approvers
+/docs/attributes-registry/container.md @open-telemetry/specs-semconv-approvers @open-telemetry/semconv-container-approvers
+/docs/attributes-registry/oci.md @open-telemetry/specs-semconv-approvers @open-telemetry/semconv-container-approvers
+/model/resource/container.yaml @open-telemetry/specs-semconv-approvers @open-telemetry/semconv-container-approvers
+/model/registry/container.yaml @open-telemetry/specs-semconv-approvers @open-telemetry/semconv-container-approvers
+/model/registry/oci.yaml @open-telemetry/specs-semconv-approvers @open-telemetry/semconv-container-approvers
+
diff --git a/CHANGELOG.md b/CHANGELOG.md
index bfc2c54313..4ab2237198 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,11 @@ release.
 
 ### Breaking
 
+- Update `jvm.gc.duration` histogram buckets to `[ 0.01, 0.1, 1, 10 ]`
+  ([#317](https://github.com/open-telemetry/semantic-conventions/pull/317))
+- BREAKING: Change type of `host.cpu.model.id` and `host.cpu.model.family` to string.
+  ([#495](https://github.com/open-telemetry/semantic-conventions/issues/495))
+
 ### Features
 
 - Adds `labels` attribute to `k8s.pod` resource
@@ -16,6 +21,10 @@ release.
 
 - Add `code.stacktrace` attribute
   ([#435](https://github.com/open-telemetry/semantic-conventions/pull/435))
+- Add `http.flavor` and `http.user_agent` to list of deprecated attributes
+  ([#503](https://github.com/open-telemetry/semantic-conventions/pull/503))
+- Add Semantic conventions for TLS/SSL encrypted communication.
+  ([#21](https://github.com/open-telemetry/semantic-conventions/pull/21))
 
 ### Fixes
 
diff --git a/docs/attributes-registry/README.md b/docs/attributes-registry/README.md
index f5f56b533f..be97468451 100644
--- a/docs/attributes-registry/README.md
+++ b/docs/attributes-registry/README.md
@@ -32,13 +32,19 @@ Currently, the following namespaces exist:
 * [Code](code.md)
 * [Container](container.md)
 * [Destination](destination.md)
+* [Device](device.md)
+* [Error](error.md)
+* [Host](host.md)
 * [HTTP](http.md)
 * [Network](network.md)
 * [OCI](oci.md)
+* [OS](os.md)
+* [Process](process.md)
 * [RPC](rpc.md)
 * [Server](server.md)
 * [Source](source.md)
 * [Thread](thread.md)
+* [TLS](tls.md)
 * [URL](url.md)
 * [User agent](user-agent.md)
 
diff --git a/docs/attributes-registry/device.md b/docs/attributes-registry/device.md
new file mode 100644
index 0000000000..3c1f06c4ea
--- /dev/null
+++ b/docs/attributes-registry/device.md
@@ -0,0 +1,23 @@
+<!--- Hugo front matter used to generate the website version of this page:
+--->
+
+# Device
+
+## Device Attributes
+
+<!-- semconv registry.device(omit_requirement_level) -->
+| Attribute  | Type | Description  | Examples  |
+|---|---|---|---|
+| `device.id` | string | A unique identifier representing the device [1] | `2ab2916d-a51f-4ac8-80ee-45ac31a28092` |
+| `device.manufacturer` | string | The name of the device manufacturer [2] | `Apple`; `Samsung` |
+| `device.model.identifier` | string | The model identifier for the device [3] | `iPhone3,4`; `SM-G920F` |
+| `device.model.name` | string | The marketing name for the device model [4] | `iPhone 6s Plus`; `Samsung Galaxy S6` |
+
+**[1]:** The device identifier MUST only be defined using the values outlined below. This value is not an advertising identifier and MUST NOT be used as such. On iOS (Swift or Objective-C), this value MUST be equal to the [vendor identifier](https://developer.apple.com/documentation/uikit/uidevice/1620059-identifierforvendor). On Android (Java or Kotlin), this value MUST be equal to the Firebase Installation ID or a globally unique UUID which is persisted across sessions in your application. More information can be found [here](https://developer.android.com/training/articles/user-data-ids) on best practices and exact implementation details. Caution should be taken when storing personal data or anything which can identify a user. GDPR and data protection laws may apply, ensure you do your own due diligence.
+
+**[2]:** The Android OS provides this field via [Build](https://developer.android.com/reference/android/os/Build#MANUFACTURER). iOS apps SHOULD hardcode the value `Apple`.
+
+**[3]:** It's recommended this value represents a machine-readable version of the model identifier rather than the market or consumer-friendly name of the device.
+
+**[4]:** It's recommended this value represents a human-readable version of the device model rather than a machine-readable alternative.
+<!-- endsemconv -->
diff --git a/docs/attributes-registry/error.md b/docs/attributes-registry/error.md
new file mode 100644
index 0000000000..21e0d2c67d
--- /dev/null
+++ b/docs/attributes-registry/error.md
@@ -0,0 +1,34 @@
+<!--- Hugo front matter used to generate the website version of this page:
+--->
+
+# Error
+
+## Error Attributes
+
+<!-- semconv registry.error(omit_requirement_level) -->
+| Attribute  | Type | Description  | Examples  |
+|---|---|---|---|
+| `error.type` | string | ![Stable](https://img.shields.io/badge/-stable-lightgreen)<br>Describes a class of error the operation ended with. [1] | `timeout`; `java.net.UnknownHostException`; `server_certificate_invalid`; `500` |
+
+**[1]:** The `error.type` SHOULD be predictable and SHOULD have low cardinality.
+Instrumentations SHOULD document the list of errors they report.
+
+The cardinality of `error.type` within one instrumentation library SHOULD be low.
+Telemetry consumers that aggregate data from multiple instrumentation libraries and applications
+should be prepared for `error.type` to have high cardinality at query time when no
+additional filters are applied.
+
+If the operation has completed successfully, instrumentations SHOULD NOT set `error.type`.
+
+If a specific domain defines its own set of error identifiers (such as HTTP or gRPC status codes),
+it's RECOMMENDED to:
+
+* Use a domain-specific attribute
+* Set `error.type` to capture all errors, regardless of whether they are defined within the domain-specific set or not.
+
+`error.type` has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
+
+| Value  | Description |
+|---|---|
+| `_OTHER` | A fallback error value to be used when the instrumentation doesn't define a custom value. |
+<!-- endsemconv -->
\ No newline at end of file
diff --git a/docs/attributes-registry/host.md b/docs/attributes-registry/host.md
new file mode 100644
index 0000000000..005700c2cc
--- /dev/null
+++ b/docs/attributes-registry/host.md
@@ -0,0 +1,44 @@
+<!--- Hugo front matter used to generate the website version of this page:
+--->
+# Host
+
+## Host Attributes
+
+<!-- semconv registry.host(omit_requirement_level) -->
+| Attribute  | Type | Description  | Examples  |
+|---|---|---|---|
+| `host.arch` | string | The CPU architecture the host system is running on. | `amd64` |
+| `host.cpu.cache.l2.size` | int | The amount of level 2 memory cache available to the processor (in Bytes). | `12288000` |
+| `host.cpu.family` | string | Family or generation of the CPU. | `6`; `PA-RISC 1.1e` |
+| `host.cpu.model.id` | string | Model identifier. It provides more granular information about the CPU, distinguishing it from other CPUs within the same family. | `6`; `9000/778/B180L` |
+| `host.cpu.model.name` | string | Model designation of the processor. | `11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz` |
+| `host.cpu.stepping` | int | Stepping or core revisions. | `1` |
+| `host.cpu.vendor.id` | string | Processor manufacturer identifier. A maximum 12-character string. [1] | `GenuineIntel` |
+| `host.id` | string | Unique host ID. For Cloud, this must be the instance_id assigned by the cloud provider. For non-containerized systems, this should be the `machine-id`. See the table below for the sources to use to determine the `machine-id` based on operating system. | `fdbf79e8af94cb7f9e8df36789187052` |
+| `host.image.id` | string | VM image ID or host OS image ID. For Cloud, this value is from the provider. | `ami-07b06b442921831e5` |
+| `host.image.name` | string | Name of the VM image or OS install the host was instantiated from. | `infra-ami-eks-worker-node-7d4ec78312`; `CentOS-8-x86_64-1905` |
+| `host.image.version` | string | The version string of the VM image or host OS as defined in [Version Attributes](/docs/resource/README.md#version-attributes). | `0.1` |
+| `host.ip` | string[] | Available IP addresses of the host, excluding loopback interfaces. [2] | `[192.168.1.140, fe80::abc2:4a28:737a:609e]` |
+| `host.mac` | string[] | Available MAC addresses of the host, excluding loopback interfaces. [3] | `[AC-DE-48-23-45-67, AC-DE-48-23-45-67-01-9F]` |
+| `host.name` | string | Name of the host. On Unix systems, it may contain what the hostname command returns, or the fully qualified hostname, or another name specified by the user. | `opentelemetry-test` |
+| `host.type` | string | Type of host. For Cloud, this must be the machine type. | `n1-standard-1` |
+
+**[1]:** [CPUID](https://wiki.osdev.org/CPUID) command returns the vendor ID string in EBX, EDX and ECX registers. Writing these to memory in this order results in a 12-character string.
+
+**[2]:** IPv4 Addresses MUST be specified in dotted-quad notation. IPv6 addresses MUST be specified in the [RFC 5952](https://www.rfc-editor.org/rfc/rfc5952.html) format.
+
+**[3]:** MAC Addresses MUST be represented in [IEEE RA hexadecimal form](https://standards.ieee.org/wp-content/uploads/import/documents/tutorials/eui.pdf): as hyphen-separated octets in uppercase hexadecimal form from most to least significant.
+
+`host.arch` has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
+
+| Value  | Description |
+|---|---|
+| `amd64` | AMD64 |
+| `arm32` | ARM32 |
+| `arm64` | ARM64 |
+| `ia64` | Itanium |
+| `ppc32` | 32-bit PowerPC |
+| `ppc64` | 64-bit PowerPC |
+| `s390x` | IBM z/Architecture |
+| `x86` | 32-bit x86 |
+<!-- endsemconv -->
\ No newline at end of file
diff --git a/docs/attributes-registry/http.md b/docs/attributes-registry/http.md
index ee711c7e4a..2f9481a64c 100644
--- a/docs/attributes-registry/http.md
+++ b/docs/attributes-registry/http.md
@@ -67,6 +67,7 @@ SHOULD include the [application root](/docs/http/http-spans.md#http-server-defin
 <!-- semconv attributes.http.deprecated(omit_requirement_level) -->
 | Attribute  | Type | Description  | Examples  |
 |---|---|---|---|
+| `http.flavor` | string | Deprecated, use `network.protocol.name` instead. | `1.0` |
 | `http.method` | string | Deprecated, use `http.request.method` instead. | `GET`; `POST`; `HEAD` |
 | `http.request_content_length` | int | Deprecated, use `http.request.header.content-length` instead. | `3495` |
 | `http.response_content_length` | int | Deprecated, use `http.response.header.content-length` instead. | `3495` |
@@ -74,4 +75,16 @@ SHOULD include the [application root](/docs/http/http-spans.md#http-server-defin
 | `http.status_code` | int | Deprecated, use `http.response.status_code` instead. | `200` |
 | `http.target` | string | Deprecated, use `url.path` and `url.query` instead. | `/search?q=OpenTelemetry#SemConv` |
 | `http.url` | string | Deprecated, use `url.full` instead. | `https://www.foo.bar/search?q=OpenTelemetry#SemConv` |
+| `http.user_agent` | string | Deprecated, use `user_agent.original` instead. | `CERN-LineMode/2.15 libwww/2.17b3`; `Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1` |
+
+`http.flavor` has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
+
+| Value  | Description |
+|---|---|
+| `1.0` | HTTP/1.0 |
+| `1.1` | HTTP/1.1 |
+| `2.0` | HTTP/2 |
+| `3.0` | HTTP/3 |
+| `SPDY` | SPDY protocol. |
+| `QUIC` | QUIC protocol. |
 <!-- endsemconv -->
diff --git a/docs/attributes-registry/messaging.md b/docs/attributes-registry/messaging.md
index 98dbb97aad..27bbae84c4 100644
--- a/docs/attributes-registry/messaging.md
+++ b/docs/attributes-registry/messaging.md
@@ -36,7 +36,7 @@
 | `messaging.rocketmq.message.tag` | string | The secondary classifier of message besides topic. | `tagA` |
 | `messaging.rocketmq.message.type` | string | Type of message. | `normal` |
 | `messaging.rocketmq.namespace` | string | Namespace of RocketMQ resources, resources in different namespaces are individual. | `myNamespace` |
-| `messaging.system` | string | A string identifying the messaging system. | `kafka`; `rabbitmq`; `rocketmq`; `activemq`; `AmazonSQS` |
+| `messaging.system` | string | A string identifying the messaging system. | `kafka`; `rabbitmq`; `rocketmq`; `activemq` |
 
 **[1]:** Instrumentations SHOULD NOT set `messaging.batch.message_count` on spans that operate with a single message. When a messaging client library supports both batch and single-message API for the same operation, instrumentations SHOULD use `messaging.batch.message_count` for batching APIs and SHOULD NOT use it for single-message APIs.
 
diff --git a/docs/attributes-registry/os.md b/docs/attributes-registry/os.md
new file mode 100644
index 0000000000..a813298f98
--- /dev/null
+++ b/docs/attributes-registry/os.md
@@ -0,0 +1,32 @@
+<!--- Hugo front matter used to generate the website version of this page:
+linkTitle: OS
+--->
+# OS
+
+## Operating System Attributes
+
+<!-- semconv registry.os(omit_requirement_level) -->
+| Attribute  | Type | Description  | Examples  |
+|---|---|---|---|
+| `os.build_id` | string | Unique identifier for a particular build or compilation of the operating system. | `TQ3C.230805.001.B2`; `20E247`; `22621` |
+| `os.description` | string | Human readable (not intended to be parsed) OS version information, like e.g. reported by `ver` or `lsb_release -a` commands. | `Microsoft Windows [Version 10.0.18363.778]`; `Ubuntu 18.04.1 LTS` |
+| `os.name` | string | Human readable operating system name. | `iOS`; `Android`; `Ubuntu` |
+| `os.type` | string | The operating system type. | `windows` |
+| `os.version` | string | The version string of the operating system as defined in [Version Attributes](/docs/resource/README.md#version-attributes). | `14.2.1`; `18.04.1` |
+
+`os.type` has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
+
+| Value  | Description |
+|---|---|
+| `windows` | Microsoft Windows |
+| `linux` | Linux |
+| `darwin` | Apple Darwin |
+| `freebsd` | FreeBSD |
+| `netbsd` | NetBSD |
+| `openbsd` | OpenBSD |
+| `dragonflybsd` | DragonFly BSD |
+| `hpux` | HP-UX (Hewlett Packard Unix) |
+| `aix` | AIX (Advanced Interactive eXecutive) |
+| `solaris` | SunOS, Oracle Solaris |
+| `z_os` | IBM z/OS |
+<!-- endsemconv -->
\ No newline at end of file
diff --git a/docs/attributes-registry/process.md b/docs/attributes-registry/process.md
new file mode 100644
index 0000000000..5f70408a5e
--- /dev/null
+++ b/docs/attributes-registry/process.md
@@ -0,0 +1,19 @@
+<!--- Hugo front matter used to generate the website version of this page:
+--->
+
+# Process
+
+## Process Attributes
+
+<!-- semconv registry.process(omit_requirement_level) -->
+| Attribute  | Type | Description  | Examples  |
+|---|---|---|---|
+| `process.command` | string | The command used to launch the process (i.e. the command name). On Linux based systems, can be set to the zeroth string in `proc/[pid]/cmdline`. On Windows, can be set to the first parameter extracted from `GetCommandLineW`. | `cmd/otelcol` |
+| `process.command_args` | string[] | All the command arguments (including the command/executable itself) as received by the process. On Linux-based systems (and some other Unixoid systems supporting procfs), can be set according to the list of null-delimited strings extracted from `proc/[pid]/cmdline`. For libc-based executables, this would be the full argv vector passed to `main`. | `[cmd/otecol, --config=config.yaml]` |
+| `process.command_line` | string | The full command used to launch the process as a single string representing the full command. On Windows, can be set to the result of `GetCommandLineW`. Do not set this if you have to assemble it just for monitoring; use `process.command_args` instead. | `C:\cmd\otecol --config="my directory\config.yaml"` |
+| `process.executable.name` | string | The name of the process executable. On Linux based systems, can be set to the `Name` in `proc/[pid]/status`. On Windows, can be set to the base name of `GetProcessImageFileNameW`. | `otelcol` |
+| `process.executable.path` | string | The full path to the process executable. On Linux based systems, can be set to the target of `proc/[pid]/exe`. On Windows, can be set to the result of `GetProcessImageFileNameW`. | `/usr/bin/cmd/otelcol` |
+| `process.owner` | string | The username of the user that owns the process. | `root` |
+| `process.parent_pid` | int | Parent Process identifier (PID). | `111` |
+| `process.pid` | int | Process identifier (PID). | `1234` |
+<!-- endsemconv -->
diff --git a/docs/attributes-registry/tls.md b/docs/attributes-registry/tls.md
new file mode 100644
index 0000000000..f774c31a26
--- /dev/null
+++ b/docs/attributes-registry/tls.md
@@ -0,0 +1,49 @@
+<!--- Hugo front matter used to generate the website version of this page:
+--->
+
+# TLS
+
+## TLS Attributes
+
+<!-- semconv registry.tls(omit_requirement_level) -->
+| Attribute  | Type | Description  | Examples  |
+|---|---|---|---|
+| `tls.cipher` | string | String indicating the [cipher](https://datatracker.ietf.org/doc/html/rfc5246#appendix-A.5) used during the current connection. [1] | `TLS_RSA_WITH_3DES_EDE_CBC_SHA`; `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256` |
+| `tls.client.certificate` | string | PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. | `MII...` |
+| `tls.client.certificate_chain` | string[] | Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. | `[MII..., MI...]` |
+| `tls.client.hash.md5` | string | Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. | `0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC` |
+| `tls.client.hash.sha1` | string | Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. | `9E393D93138888D288266C2D915214D1D1CCEB2A` |
+| `tls.client.hash.sha256` | string | Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. | `0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0` |
+| `tls.client.issuer` | string | Distinguished name of [subject](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6) of the issuer of the x.509 certificate presented by the client. | `CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com` |
+| `tls.client.ja3` | string | A hash that identifies clients based on how they perform an SSL/TLS handshake. | `d4e5b18d6b55c71272893221c96ba240` |
+| `tls.client.not_after` | string | Date/Time indicating when client certificate is no longer considered valid. | `2021-01-01T00:00:00.000Z` |
+| `tls.client.not_before` | string | Date/Time indicating when client certificate is first considered valid. | `1970-01-01T00:00:00.000Z` |
+| `tls.client.server_name` | string | Also called an SNI, this tells the server which hostname to which the client is attempting to connect to. | `opentelemetry.io` |
+| `tls.client.subject` | string | Distinguished name of subject of the x.509 certificate presented by the client. | `CN=myclient, OU=Documentation Team, DC=example, DC=com` |
+| `tls.client.supported_ciphers` | string[] | Array of ciphers offered by the client during the client hello. | `["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "..."]` |
+| `tls.curve` | string | String indicating the curve used for the given cipher, when applicable | `secp256r1` |
+| `tls.established` | boolean | Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. | `True` |
+| `tls.next_protocol` | string | String indicating the protocol being tunneled. Per the values in the [IANA registry](https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. | `http/1.1` |
+| `tls.protocol.name` | string | Normalized lowercase protocol name parsed from original string of the negotiated [SSL/TLS protocol version](https://www.openssl.org/docs/man1.1.1/man3/SSL_get_version.html#RETURN-VALUES) | `ssl` |
+| `tls.protocol.version` | string | Numeric part of the version parsed from the original string of the negotiated [SSL/TLS protocol version](https://www.openssl.org/docs/man1.1.1/man3/SSL_get_version.html#RETURN-VALUES) | `1.2`; `3` |
+| `tls.resumed` | boolean | Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. | `True` |
+| `tls.server.certificate` | string | PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. | `MII...` |
+| `tls.server.certificate_chain` | string[] | Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. | `[MII..., MI...]` |
+| `tls.server.hash.md5` | string | Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. | `0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC` |
+| `tls.server.hash.sha1` | string | Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. | `9E393D93138888D288266C2D915214D1D1CCEB2A` |
+| `tls.server.hash.sha256` | string | Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. | `0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0` |
+| `tls.server.issuer` | string | Distinguished name of [subject](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6) of the issuer of the x.509 certificate presented by the client. | `CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com` |
+| `tls.server.ja3s` | string | A hash that identifies servers based on how they perform an SSL/TLS handshake. | `d4e5b18d6b55c71272893221c96ba240` |
+| `tls.server.not_after` | string | Date/Time indicating when server certificate is no longer considered valid. | `2021-01-01T00:00:00.000Z` |
+| `tls.server.not_before` | string | Date/Time indicating when server certificate is first considered valid. | `1970-01-01T00:00:00.000Z` |
+| `tls.server.subject` | string | Distinguished name of subject of the x.509 certificate presented by the server. | `CN=myserver, OU=Documentation Team, DC=example, DC=com` |
+
+**[1]:** The values allowed for `tls.cipher` MUST be one of the `Descriptions` of the [registered TLS Cipher Suits](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#table-tls-parameters-4).
+
+`tls.protocol.name` has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
+
+| Value  | Description |
+|---|---|
+| `ssl` | ssl |
+| `tls` | tls |
+<!-- endsemconv -->
\ No newline at end of file
diff --git a/docs/http/http-metrics.md b/docs/http/http-metrics.md
index 2eee6cc7ee..f9cde0544c 100644
--- a/docs/http/http-metrics.md
+++ b/docs/http/http-metrics.md
@@ -76,7 +76,7 @@ of `[ 0.005, 0.01, 0.025, 0.05, 0.075, 0.1, 0.25, 0.5, 0.75, 1, 2.5, 5, 7.5, 10
 <!-- semconv metric.http.server.request.duration(full) -->
 | Attribute  | Type | Description  | Examples  | Requirement Level |
 |---|---|---|---|---|
-| `error.type` | string | Describes a class of error the operation ended with. [1] | `timeout`; `java.net.UnknownHostException`; `server_certificate_invalid`; `500` | Conditionally Required: If request has ended with an error. |
+| [`error.type`](../attributes-registry/error.md) | string | Describes a class of error the operation ended with. [1] | `timeout`; `java.net.UnknownHostException`; `server_certificate_invalid`; `500` | Conditionally Required: If request has ended with an error. |
 | [`http.request.method`](../attributes-registry/http.md) | string | HTTP request method. [2] | `GET`; `POST`; `HEAD` | Required |
 | [`http.response.status_code`](../attributes-registry/http.md) | int | [HTTP response status code](https://tools.ietf.org/html/rfc7231#section-6). | `200` | Conditionally Required: If and only if one was received/sent. |
 | [`http.route`](../attributes-registry/http.md) | string | The matched route, that is, the path template in the format used by the respective server framework. [3] | `/users/:userID?`; `{controller}/{action}/{id?}` | Conditionally Required: If and only if it's available |
@@ -239,7 +239,7 @@ This metric is optional.
 <!-- semconv metric.http.server.request.body.size(full) -->
 | Attribute  | Type | Description  | Examples  | Requirement Level |
 |---|---|---|---|---|
-| `error.type` | string | Describes a class of error the operation ended with. [1] | `timeout`; `java.net.UnknownHostException`; `server_certificate_invalid`; `500` | Conditionally Required: If request has ended with an error. |
+| [`error.type`](../attributes-registry/error.md) | string | Describes a class of error the operation ended with. [1] | `timeout`; `java.net.UnknownHostException`; `server_certificate_invalid`; `500` | Conditionally Required: If request has ended with an error. |
 | [`http.request.method`](../attributes-registry/http.md) | string | HTTP request method. [2] | `GET`; `POST`; `HEAD` | Required |
 | [`http.response.status_code`](../attributes-registry/http.md) | int | [HTTP response status code](https://tools.ietf.org/html/rfc7231#section-6). | `200` | Conditionally Required: If and only if one was received/sent. |
 | [`http.route`](../attributes-registry/http.md) | string | The matched route, that is, the path template in the format used by the respective server framework. [3] | `/users/:userID?`; `{controller}/{action}/{id?}` | Conditionally Required: If and only if it's available |
@@ -341,7 +341,7 @@ This metric is optional.
 <!-- semconv metric.http.server.response.body.size(full) -->
 | Attribute  | Type | Description  | Examples  | Requirement Level |
 |---|---|---|---|---|
-| `error.type` | string | Describes a class of error the operation ended with. [1] | `timeout`; `java.net.UnknownHostException`; `server_certificate_invalid`; `500` | Conditionally Required: If request has ended with an error. |
+| [`error.type`](../attributes-registry/error.md) | string | Describes a class of error the operation ended with. [1] | `timeout`; `java.net.UnknownHostException`; `server_certificate_invalid`; `500` | Conditionally Required: If request has ended with an error. |
 | [`http.request.method`](../attributes-registry/http.md) | string | HTTP request method. [2] | `GET`; `POST`; `HEAD` | Required |
 | [`http.response.status_code`](../attributes-registry/http.md) | int | [HTTP response status code](https://tools.ietf.org/html/rfc7231#section-6). | `200` | Conditionally Required: If and only if one was received/sent. |
 | [`http.route`](../attributes-registry/http.md) | string | The matched route, that is, the path template in the format used by the respective server framework. [3] | `/users/:userID?`; `{controller}/{action}/{id?}` | Conditionally Required: If and only if it's available |
@@ -449,7 +449,7 @@ of `[ 0.005, 0.01, 0.025, 0.05, 0.075, 0.1, 0.25, 0.5, 0.75, 1, 2.5, 5, 7.5, 10
 <!-- semconv metric.http.client.request.duration(full) -->
 | Attribute  | Type | Description  | Examples  | Requirement Level |
 |---|---|---|---|---|
-| `error.type` | string | Describes a class of error the operation ended with. [1] | `timeout`; `java.net.UnknownHostException`; `server_certificate_invalid`; `500` | Conditionally Required: If request has ended with an error. |
+| [`error.type`](../attributes-registry/error.md) | string | Describes a class of error the operation ended with. [1] | `timeout`; `java.net.UnknownHostException`; `server_certificate_invalid`; `500` | Conditionally Required: If request has ended with an error. |
 | [`http.request.method`](../attributes-registry/http.md) | string | HTTP request method. [2] | `GET`; `POST`; `HEAD` | Required |
 | [`http.response.status_code`](../attributes-registry/http.md) | int | [HTTP response status code](https://tools.ietf.org/html/rfc7231#section-6). | `200` | Conditionally Required: If and only if one was received/sent. |
 | [`network.protocol.name`](../attributes-registry/network.md) | string | [OSI application layer](https://osi-model.com/application-layer/) or non-OSI equivalent. [3] | `http`; `spdy` | Conditionally Required: [4] |
@@ -539,7 +539,7 @@ This metric is optional.
 <!-- semconv metric.http.client.request.body.size(full) -->
 | Attribute  | Type | Description  | Examples  | Requirement Level |
 |---|---|---|---|---|
-| `error.type` | string | Describes a class of error the operation ended with. [1] | `timeout`; `java.net.UnknownHostException`; `server_certificate_invalid`; `500` | Conditionally Required: If request has ended with an error. |
+| [`error.type`](../attributes-registry/error.md) | string | Describes a class of error the operation ended with. [1] | `timeout`; `java.net.UnknownHostException`; `server_certificate_invalid`; `500` | Conditionally Required: If request has ended with an error. |
 | [`http.request.method`](../attributes-registry/http.md) | string | HTTP request method. [2] | `GET`; `POST`; `HEAD` | Required |
 | [`http.response.status_code`](../attributes-registry/http.md) | int | [HTTP response status code](https://tools.ietf.org/html/rfc7231#section-6). | `200` | Conditionally Required: If and only if one was received/sent. |
 | [`network.protocol.name`](../attributes-registry/network.md) | string | [OSI application layer](https://osi-model.com/application-layer/) or non-OSI equivalent. [3] | `http`; `spdy` | Conditionally Required: [4] |
@@ -629,7 +629,7 @@ This metric is optional.
 <!-- semconv metric.http.client.response.body.size(full) -->
 | Attribute  | Type | Description  | Examples  | Requirement Level |
 |---|---|---|---|---|
-| `error.type` | string | Describes a class of error the operation ended with. [1] | `timeout`; `java.net.UnknownHostException`; `server_certificate_invalid`; `500` | Conditionally Required: If request has ended with an error. |
+| [`error.type`](../attributes-registry/error.md) | string | Describes a class of error the operation ended with. [1] | `timeout`; `java.net.UnknownHostException`; `server_certificate_invalid`; `500` | Conditionally Required: If request has ended with an error. |
 | [`http.request.method`](../attributes-registry/http.md) | string | HTTP request method. [2] | `GET`; `POST`; `HEAD` | Required |
 | [`http.response.status_code`](../attributes-registry/http.md) | int | [HTTP response status code](https://tools.ietf.org/html/rfc7231#section-6). | `200` | Conditionally Required: If and only if one was received/sent. |
 | [`network.protocol.name`](../attributes-registry/network.md) | string | [OSI application layer](https://osi-model.com/application-layer/) or non-OSI equivalent. [3] | `http`; `spdy` | Conditionally Required: [4] |
diff --git a/docs/http/http-spans.md b/docs/http/http-spans.md
index cd1553265c..a991bf0984 100644
--- a/docs/http/http-spans.md
+++ b/docs/http/http-spans.md
@@ -118,7 +118,7 @@ sections below.
 <!-- semconv trace.http.common(full) -->
 | Attribute  | Type | Description  | Examples  | Requirement Level |
 |---|---|---|---|---|
-| `error.type` | string | Describes a class of error the operation ended with. [1] | `timeout`; `java.net.UnknownHostException`; `server_certificate_invalid`; `500` | Conditionally Required: If request has ended with an error. |
+| [`error.type`](../attributes-registry/error.md) | string | Describes a class of error the operation ended with. [1] | `timeout`; `java.net.UnknownHostException`; `server_certificate_invalid`; `500` | Conditionally Required: If request has ended with an error. |
 | [`http.request.method`](../attributes-registry/http.md) | string | HTTP request method. [2] | `GET`; `POST`; `HEAD` | Required |
 | [`http.request.method_original`](../attributes-registry/http.md) | string | Original HTTP method sent by the client in the request line. | `GeT`; `ACL`; `foo` | Conditionally Required: [3] |
 | [`http.response.header.<key>`](../attributes-registry/http.md) | string[] | HTTP response headers, `<key>` being the normalized HTTP Header name (lowercase), the value being the header values. [4] | `http.response.header.content-type=["application/json"]`; `http.response.header.my-custom-header=["abc", "def"]` | Opt-In |
diff --git a/docs/messaging/README.md b/docs/messaging/README.md
index 3d0a28ea6e..39b488e05e 100644
--- a/docs/messaging/README.md
+++ b/docs/messaging/README.md
@@ -20,5 +20,6 @@ Technology specific semantic conventions are defined for the following messaging
 * [Kafka](kafka.md): Semantic Conventions for *Apache Kafka*.
 * [RabbitMQ](rabbitmq.md): Semantic Conventions for *RabbitMQ*.
 * [RocketMQ](rocketmq.md): Semantic Conventions for *Apache RocketMQ*.
+* [Google Cloud Pub/Sub](gcp-pubsub.md): Semantic Conventions for *Google Cloud Pub/Sub*.
 
 [DocumentStatus]: https://github.com/open-telemetry/opentelemetry-specification/tree/v1.26.0/specification/document-status.md
diff --git a/docs/messaging/gcp-pubsub.md b/docs/messaging/gcp-pubsub.md
new file mode 100644
index 0000000000..848f144fc3
--- /dev/null
+++ b/docs/messaging/gcp-pubsub.md
@@ -0,0 +1,13 @@
+<!--- Hugo front matter used to generate the website version of this page:
+linkTitle: Google Cloud Pub/Sub
+--->
+
+# Semantic Conventions for Google Cloud Pub/Sub
+
+**Status**: [Experimental][DocumentStatus]
+
+The Semantic Conventions for [Google Cloud Pub/Sub](https://cloud.google.com/pubsub) extend and override the [Messaging Semantic Conventions](README.md) that describe common messaging operations attributes in addition to the Semantic Conventions described on this page.
+
+`messaging.system` MUST be set to `"gcp_pubsub"`.
+
+[DocumentStatus]: https://github.com/open-telemetry/opentelemetry-specification/tree/v1.26.0/specification/document-status.md
diff --git a/docs/messaging/messaging-spans.md b/docs/messaging/messaging-spans.md
index 29097e37b4..fa95e8c3b2 100644
--- a/docs/messaging/messaging-spans.md
+++ b/docs/messaging/messaging-spans.md
@@ -287,7 +287,7 @@ messages were received). For each message it accounts for, the "Deliver" or
 | [`messaging.message.envelope.size`](../attributes-registry/messaging.md) | int | The size of the message body and metadata in bytes. [12] | `2738` | Recommended: [13] |
 | [`messaging.message.id`](../attributes-registry/messaging.md) | string | A value used by the messaging system as an identifier for the message, represented as a string. | `452a7c7c7c7048c2f887f61572b18fc2` | Recommended: [14] |
 | [`messaging.operation`](../attributes-registry/messaging.md) | string | A string identifying the kind of messaging operation. [15] | `publish` | Required |
-| [`messaging.system`](../attributes-registry/messaging.md) | string | A string identifying the messaging system. | `kafka`; `rabbitmq`; `rocketmq`; `activemq`; `AmazonSQS` | Required |
+| [`messaging.system`](../attributes-registry/messaging.md) | string | A string identifying the messaging system. | `kafka`; `rabbitmq`; `rocketmq`; `activemq` | Required |
 | [`network.peer.address`](../attributes-registry/network.md) | string | Peer address of the network connection - IP address or Unix domain socket name. | `10.1.2.80`; `/tmp/my.sock` | Recommended |
 | [`network.peer.port`](../attributes-registry/network.md) | int | Peer port number of the network connection. | `65123` | Recommended: If `network.peer.address` is set. |
 | [`network.protocol.name`](../attributes-registry/network.md) | string | [OSI application layer](https://osi-model.com/application-layer/) or non-OSI equivalent. [16] | `amqp`; `mqtt` | Recommended |
diff --git a/docs/resource/device.md b/docs/resource/device.md
index cfbaf9d82d..57bd6dea97 100644
--- a/docs/resource/device.md
+++ b/docs/resource/device.md
@@ -9,18 +9,18 @@
 <!-- semconv device -->
 | Attribute  | Type | Description  | Examples  | Requirement Level |
 |---|---|---|---|---|
-| `device.id` | string | A unique identifier representing the device [1] | `2ab2916d-a51f-4ac8-80ee-45ac31a28092` | Recommended |
-| `device.manufacturer` | string | The name of the device manufacturer [2] | `Apple`; `Samsung` | Recommended |
-| `device.model.identifier` | string | The model identifier for the device [3] | `iPhone3,4`; `SM-G920F` | Recommended |
-| `device.model.name` | string | The marketing name for the device model [4] | `iPhone 6s Plus`; `Samsung Galaxy S6` | Recommended |
+| [`device.id`](../attributes-registry/device.md) | string | A unique identifier representing the device [1] | `2ab2916d-a51f-4ac8-80ee-45ac31a28092` | Recommended |
+| [`device.manufacturer`](../attributes-registry/device.md) | string | The name of the device manufacturer [2] | `Apple`; `Samsung` | Recommended |
+| [`device.model.identifier`](../attributes-registry/device.md) | string | The model identifier for the device [3] | `iPhone3,4`; `SM-G920F` | Recommended |
+| [`device.model.name`](../attributes-registry/device.md) | string | The marketing name for the device model [4] | `iPhone 6s Plus`; `Samsung Galaxy S6` | Recommended |
 
 **[1]:** The device identifier MUST only be defined using the values outlined below. This value is not an advertising identifier and MUST NOT be used as such. On iOS (Swift or Objective-C), this value MUST be equal to the [vendor identifier](https://developer.apple.com/documentation/uikit/uidevice/1620059-identifierforvendor). On Android (Java or Kotlin), this value MUST be equal to the Firebase Installation ID or a globally unique UUID which is persisted across sessions in your application. More information can be found [here](https://developer.android.com/training/articles/user-data-ids) on best practices and exact implementation details. Caution should be taken when storing personal data or anything which can identify a user. GDPR and data protection laws may apply, ensure you do your own due diligence.
 
 **[2]:** The Android OS provides this field via [Build](https://developer.android.com/reference/android/os/Build#MANUFACTURER). iOS apps SHOULD hardcode the value `Apple`.
 
-**[3]:** It's recommended this value represents a machine readable version of the model identifier rather than the market or consumer-friendly name of the device.
+**[3]:** It's recommended this value represents a machine-readable version of the model identifier rather than the market or consumer-friendly name of the device.
 
-**[4]:** It's recommended this value represents a human readable version of the device model rather than a machine readable alternative.
+**[4]:** It's recommended this value represents a human-readable version of the device model rather than a machine-readable alternative.
 <!-- endsemconv -->
 
 [DocumentStatus]: https://github.com/open-telemetry/opentelemetry-specification/tree/v1.26.0/specification/document-status.md
diff --git a/docs/resource/host.md b/docs/resource/host.md
index f7e2286af5..a11c735b86 100644
--- a/docs/resource/host.md
+++ b/docs/resource/host.md
@@ -9,18 +9,18 @@
 The `host.*` namespace SHOULD be exclusively used to capture resource attributes.
 To report host metrics, the `system.*` namespace SHOULD be used.
 
-<!-- semconv host -->
+<!-- semconv host(full) -->
 | Attribute  | Type | Description  | Examples  | Requirement Level |
 |---|---|---|---|---|
-| `host.arch` | string | The CPU architecture the host system is running on. | `amd64` | Recommended |
-| `host.id` | string | Unique host ID. For Cloud, this must be the instance_id assigned by the cloud provider. For non-containerized systems, this should be the `machine-id`. See the table below for the sources to use to determine the `machine-id` based on operating system. | `fdbf79e8af94cb7f9e8df36789187052` | Recommended |
-| `host.image.id` | string | VM image ID or host OS image ID. For Cloud, this value is from the provider. | `ami-07b06b442921831e5` | Recommended |
-| `host.image.name` | string | Name of the VM image or OS install the host was instantiated from. | `infra-ami-eks-worker-node-7d4ec78312`; `CentOS-8-x86_64-1905` | Recommended |
-| `host.image.version` | string | The version string of the VM image or host OS as defined in [Version Attributes](README.md#version-attributes). | `0.1` | Recommended |
-| `host.ip` | string[] | Available IP addresses of the host, excluding loopback interfaces. [1] | `[192.168.1.140, fe80::abc2:4a28:737a:609e]` | Opt-In |
-| `host.mac` | string[] | Available MAC addresses of the host, excluding loopback interfaces. [2] | `[AC-DE-48-23-45-67, AC-DE-48-23-45-67-01-9F]` | Opt-In |
-| `host.name` | string | Name of the host. On Unix systems, it may contain what the hostname command returns, or the fully qualified hostname, or another name specified by the user. | `opentelemetry-test` | Recommended |
-| `host.type` | string | Type of host. For Cloud, this must be the machine type. | `n1-standard-1` | Recommended |
+| [`host.arch`](../attributes-registry/host.md) | string | The CPU architecture the host system is running on. | `amd64` | Recommended |
+| [`host.id`](../attributes-registry/host.md) | string | Unique host ID. For Cloud, this must be the instance_id assigned by the cloud provider. For non-containerized systems, this should be the `machine-id`. See the table below for the sources to use to determine the `machine-id` based on operating system. | `fdbf79e8af94cb7f9e8df36789187052` | Recommended |
+| [`host.image.id`](../attributes-registry/host.md) | string | VM image ID or host OS image ID. For Cloud, this value is from the provider. | `ami-07b06b442921831e5` | Recommended |
+| [`host.image.name`](../attributes-registry/host.md) | string | Name of the VM image or OS install the host was instantiated from. | `infra-ami-eks-worker-node-7d4ec78312`; `CentOS-8-x86_64-1905` | Recommended |
+| [`host.image.version`](../attributes-registry/host.md) | string | The version string of the VM image or host OS as defined in [Version Attributes](/docs/resource/README.md#version-attributes). | `0.1` | Recommended |
+| [`host.ip`](../attributes-registry/host.md) | string[] | Available IP addresses of the host, excluding loopback interfaces. [1] | `[192.168.1.140, fe80::abc2:4a28:737a:609e]` | Opt-In |
+| [`host.mac`](../attributes-registry/host.md) | string[] | Available MAC addresses of the host, excluding loopback interfaces. [2] | `[AC-DE-48-23-45-67, AC-DE-48-23-45-67-01-9F]` | Opt-In |
+| [`host.name`](../attributes-registry/host.md) | string | Name of the host. On Unix systems, it may contain what the hostname command returns, or the fully qualified hostname, or another name specified by the user. | `opentelemetry-test` | Recommended |
+| [`host.type`](../attributes-registry/host.md) | string | Type of host. For Cloud, this must be the machine type. | `n1-standard-1` | Recommended |
 
 **[1]:** IPv4 Addresses MUST be specified in dotted-quad notation. IPv6 addresses MUST be specified in the [RFC 5952](https://www.rfc-editor.org/rfc/rfc5952.html) format.
 
@@ -45,12 +45,12 @@ To report host metrics, the `system.*` namespace SHOULD be used.
 <!-- semconv host.cpu -->
 | Attribute  | Type | Description  | Examples  | Requirement Level |
 |---|---|---|---|---|
-| `host.cpu.cache.l2.size` | int | The amount of level 2 memory cache available to the processor (in Bytes). | `12288000` | Opt-In |
-| `host.cpu.family` | int | Numeric value specifying the family or generation of the CPU. | `6` | Opt-In |
-| `host.cpu.model.id` | int | Model identifier. It provides more granular information about the CPU, distinguishing it from other CPUs within the same family. | `6` | Opt-In |
-| `host.cpu.model.name` | string | Model designation of the processor. | `11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz` | Opt-In |
-| `host.cpu.stepping` | int | Stepping or core revisions. | `1` | Opt-In |
-| `host.cpu.vendor.id` | string | Processor manufacturer identifier. A maximum 12-character string. [1] | `GenuineIntel` | Opt-In |
+| [`host.cpu.cache.l2.size`](../attributes-registry/host.md) | int | The amount of level 2 memory cache available to the processor (in Bytes). | `12288000` | Opt-In |
+| [`host.cpu.family`](../attributes-registry/host.md) | string | Family or generation of the CPU. | `6`; `PA-RISC 1.1e` | Opt-In |
+| [`host.cpu.model.id`](../attributes-registry/host.md) | string | Model identifier. It provides more granular information about the CPU, distinguishing it from other CPUs within the same family. | `6`; `9000/778/B180L` | Opt-In |
+| [`host.cpu.model.name`](../attributes-registry/host.md) | string | Model designation of the processor. | `11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz` | Opt-In |
+| [`host.cpu.stepping`](../attributes-registry/host.md) | int | Stepping or core revisions. | `1` | Opt-In |
+| [`host.cpu.vendor.id`](../attributes-registry/host.md) | string | Processor manufacturer identifier. A maximum 12-character string. [1] | `GenuineIntel` | Opt-In |
 
 **[1]:** [CPUID](https://wiki.osdev.org/CPUID) command returns the vendor ID string in EBX, EDX and ECX registers. Writing these to memory in this order results in a 12-character string.
 <!-- endsemconv -->
diff --git a/docs/resource/os.md b/docs/resource/os.md
index 542b61ad2a..4b681018d9 100644
--- a/docs/resource/os.md
+++ b/docs/resource/os.md
@@ -8,14 +8,14 @@
 
 In case of virtualized environments, this is the operating system as it is observed by the process, i.e., the virtualized guest rather than the underlying host.
 
-<!-- semconv os -->
+<!-- semconv os(full) -->
 | Attribute  | Type | Description  | Examples  | Requirement Level |
 |---|---|---|---|---|
-| `os.build_id` | string | Unique identifier for a particular build or compilation of the operating system. | `TQ3C.230805.001.B2`; `20E247`; `22621` | Recommended |
-| `os.description` | string | Human readable (not intended to be parsed) OS version information, like e.g. reported by `ver` or `lsb_release -a` commands. | `Microsoft Windows [Version 10.0.18363.778]`; `Ubuntu 18.04.1 LTS` | Recommended |
-| `os.name` | string | Human readable operating system name. | `iOS`; `Android`; `Ubuntu` | Recommended |
-| `os.type` | string | The operating system type. | `windows` | Required |
-| `os.version` | string | The version string of the operating system as defined in [Version Attributes](/docs/resource/README.md#version-attributes). | `14.2.1`; `18.04.1` | Recommended |
+| [`os.build_id`](../attributes-registry/os.md) | string | Unique identifier for a particular build or compilation of the operating system. | `TQ3C.230805.001.B2`; `20E247`; `22621` | Recommended |
+| [`os.description`](../attributes-registry/os.md) | string | Human readable (not intended to be parsed) OS version information, like e.g. reported by `ver` or `lsb_release -a` commands. | `Microsoft Windows [Version 10.0.18363.778]`; `Ubuntu 18.04.1 LTS` | Recommended |
+| [`os.name`](../attributes-registry/os.md) | string | Human readable operating system name. | `iOS`; `Android`; `Ubuntu` | Recommended |
+| [`os.type`](../attributes-registry/os.md) | string | The operating system type. | `windows` | Required |
+| [`os.version`](../attributes-registry/os.md) | string | The version string of the operating system as defined in [Version Attributes](/docs/resource/README.md#version-attributes). | `14.2.1`; `18.04.1` | Recommended |
 
 `os.type` has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
 
diff --git a/docs/resource/process.md b/docs/resource/process.md
index 737c4aca68..e2c77194e9 100644
--- a/docs/resource/process.md
+++ b/docs/resource/process.md
@@ -27,22 +27,22 @@
 <!-- semconv process -->
 | Attribute  | Type | Description  | Examples  | Requirement Level |
 |---|---|---|---|---|
-| `process.command` | string | The command used to launch the process (i.e. the command name). On Linux based systems, can be set to the zeroth string in `proc/[pid]/cmdline`. On Windows, can be set to the first parameter extracted from `GetCommandLineW`. | `cmd/otelcol` | Conditionally Required: See alternative attributes below. |
-| `process.command_args` | string[] | All the command arguments (including the command/executable itself) as received by the process. On Linux-based systems (and some other Unixoid systems supporting procfs), can be set according to the list of null-delimited strings extracted from `proc/[pid]/cmdline`. For libc-based executables, this would be the full argv vector passed to `main`. | `[cmd/otecol, --config=config.yaml]` | Conditionally Required: See alternative attributes below. |
-| `process.command_line` | string | The full command used to launch the process as a single string representing the full command. On Windows, can be set to the result of `GetCommandLineW`. Do not set this if you have to assemble it just for monitoring; use `process.command_args` instead. | `C:\cmd\otecol --config="my directory\config.yaml"` | Conditionally Required: See alternative attributes below. |
-| `process.executable.name` | string | The name of the process executable. On Linux based systems, can be set to the `Name` in `proc/[pid]/status`. On Windows, can be set to the base name of `GetProcessImageFileNameW`. | `otelcol` | Conditionally Required: See alternative attributes below. |
-| `process.executable.path` | string | The full path to the process executable. On Linux based systems, can be set to the target of `proc/[pid]/exe`. On Windows, can be set to the result of `GetProcessImageFileNameW`. | `/usr/bin/cmd/otelcol` | Conditionally Required: See alternative attributes below. |
-| `process.owner` | string | The username of the user that owns the process. | `root` | Recommended |
-| `process.parent_pid` | int | Parent Process identifier (PID). | `111` | Recommended |
-| `process.pid` | int | Process identifier (PID). | `1234` | Recommended |
+| [`process.command`](../attributes-registry/process.md) | string | The command used to launch the process (i.e. the command name). On Linux based systems, can be set to the zeroth string in `proc/[pid]/cmdline`. On Windows, can be set to the first parameter extracted from `GetCommandLineW`. | `cmd/otelcol` | Conditionally Required: See alternative attributes below. |
+| [`process.command_args`](../attributes-registry/process.md) | string[] | All the command arguments (including the command/executable itself) as received by the process. On Linux-based systems (and some other Unixoid systems supporting procfs), can be set according to the list of null-delimited strings extracted from `proc/[pid]/cmdline`. For libc-based executables, this would be the full argv vector passed to `main`. | `[cmd/otecol, --config=config.yaml]` | Conditionally Required: See alternative attributes below. |
+| [`process.command_line`](../attributes-registry/process.md) | string | The full command used to launch the process as a single string representing the full command. On Windows, can be set to the result of `GetCommandLineW`. Do not set this if you have to assemble it just for monitoring; use `process.command_args` instead. | `C:\cmd\otecol --config="my directory\config.yaml"` | Conditionally Required: See alternative attributes below. |
+| [`process.executable.name`](../attributes-registry/process.md) | string | The name of the process executable. On Linux based systems, can be set to the `Name` in `proc/[pid]/status`. On Windows, can be set to the base name of `GetProcessImageFileNameW`. | `otelcol` | Conditionally Required: See alternative attributes below. |
+| [`process.executable.path`](../attributes-registry/process.md) | string | The full path to the process executable. On Linux based systems, can be set to the target of `proc/[pid]/exe`. On Windows, can be set to the result of `GetProcessImageFileNameW`. | `/usr/bin/cmd/otelcol` | Conditionally Required: See alternative attributes below. |
+| [`process.owner`](../attributes-registry/process.md) | string | The username of the user that owns the process. | `root` | Recommended |
+| [`process.parent_pid`](../attributes-registry/process.md) | int | Parent Process identifier (PID). | `111` | Recommended |
+| [`process.pid`](../attributes-registry/process.md) | int | Process identifier (PID). | `1234` | Recommended |
 
 **Additional attribute requirements:** At least one of the following sets of attributes is required:
 
-* `process.executable.name`
-* `process.executable.path`
-* `process.command`
-* `process.command_line`
-* `process.command_args`
+* [`process.executable.name`](../attributes-registry/process.md)
+* [`process.executable.path`](../attributes-registry/process.md)
+* [`process.command`](../attributes-registry/process.md)
+* [`process.command_line`](../attributes-registry/process.md)
+* [`process.command_args`](../attributes-registry/process.md)
 <!-- endsemconv -->
 
 Between `process.command_args` and `process.command_line`, usually `process.command_args` should be preferred.
diff --git a/docs/runtime/jvm-metrics.md b/docs/runtime/jvm-metrics.md
index f36246c653..4e7825c857 100644
--- a/docs/runtime/jvm-metrics.md
+++ b/docs/runtime/jvm-metrics.md
@@ -163,7 +163,7 @@ This metric is obtained by subscribing to
 
 This metric SHOULD be specified with
 [`ExplicitBucketBoundaries`](https://github.com/open-telemetry/opentelemetry-specification/tree/v1.26.0/specification/metrics/api.md#instrument-advisory-parameters)
-of `[]` (single bucket histogram capturing count, sum, min, max).
+of `[ 0.01, 0.1, 1, 10 ]`.
 
 <!-- semconv metric.jvm.gc.duration(metric_table) -->
 | Name     | Instrument Type | Unit (UCUM) | Description    |
diff --git a/model/registry/deprecated/http.yaml b/model/registry/deprecated/http.yaml
index de45180bbd..9150328629 100644
--- a/model/registry/deprecated/http.yaml
+++ b/model/registry/deprecated/http.yaml
@@ -39,3 +39,33 @@ groups:
         brief: 'Deprecated, use `http.response.header.content-length` instead.'
         stability: deprecated
         examples: 3495
+      - id: flavor
+        type:
+          allow_custom_values: true
+          members:
+            - id: http_1_0
+              value: '1.0'
+              brief: 'HTTP/1.0'
+            - id: http_1_1
+              value: '1.1'
+              brief: 'HTTP/1.1'
+            - id: http_2_0
+              value: '2.0'
+              brief: 'HTTP/2'
+            - id: http_3_0
+              value: '3.0'
+              brief: 'HTTP/3'
+            - id: spdy
+              value: 'SPDY'
+              brief: 'SPDY protocol.'
+            - id: quic
+              value: 'QUIC'
+              brief: 'QUIC protocol.'
+        brief: 'Deprecated, use `network.protocol.name` instead.'
+        stability: deprecated
+      - id: user_agent
+        type: string
+        brief: 'Deprecated, use `user_agent.original` instead.'
+        examples: ['CERN-LineMode/2.15 libwww/2.17b3',
+                   'Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1']
+        stability: deprecated
diff --git a/model/registry/device.yaml b/model/registry/device.yaml
new file mode 100644
index 0000000000..c109981f11
--- /dev/null
+++ b/model/registry/device.yaml
@@ -0,0 +1,46 @@
+groups:
+  - id: registry.device
+    prefix: device
+    type: attribute_group
+    brief: >
+        Describes device attributes.
+    attributes:
+      - id: id
+        type: string
+        brief: >
+          A unique identifier representing the device
+        note: >
+          The device identifier MUST only be defined using the values outlined below. This value is not an advertising
+          identifier and MUST NOT be used as such.
+          On iOS (Swift or Objective-C), this value MUST be equal to the [vendor identifier](https://developer.apple.com/documentation/uikit/uidevice/1620059-identifierforvendor).
+          On Android (Java or Kotlin), this value MUST be equal to the Firebase Installation ID or a globally unique
+          UUID which is persisted across sessions in your application. More information can be found [here](https://developer.android.com/training/articles/user-data-ids)
+          on best practices and exact implementation details.
+          Caution should be taken when storing personal data or anything which can identify a user. GDPR and
+          data protection laws may apply, ensure you do your own due diligence.
+        examples: ['2ab2916d-a51f-4ac8-80ee-45ac31a28092']
+      - id: manufacturer
+        type: string
+        brief: >
+          The name of the device manufacturer
+        note: >
+          The Android OS provides this field via [Build](https://developer.android.com/reference/android/os/Build#MANUFACTURER).
+          iOS apps SHOULD hardcode the value `Apple`.
+        examples: ['Apple', 'Samsung']
+      - id: model.identifier
+        type: string
+        brief: >
+          The model identifier for the device
+        note: >
+          It's recommended this value represents a machine-readable version of
+          the model identifier rather than the market or consumer-friendly name
+          of the device.
+        examples: ['iPhone3,4', 'SM-G920F']
+      - id: model.name
+        type: string
+        brief: >
+          The marketing name for the device model
+        note: >
+          It's recommended this value represents a human-readable version of the
+          device model rather than a machine-readable alternative.
+        examples: ['iPhone 6s Plus', 'Samsung Galaxy S6']
diff --git a/model/error.yaml b/model/registry/error.yaml
similarity index 69%
rename from model/error.yaml
rename to model/registry/error.yaml
index 1a40f32b0a..683012e361 100644
--- a/model/error.yaml
+++ b/model/registry/error.yaml
@@ -1,20 +1,21 @@
 groups:
-  - id: error
+  - id: registry.error
     type: attribute_group
     prefix: error
     brief: >
-      This document defines the shared attributes used to
-      report an error.
+      This document defines the shared attributes used to report an error.
     attributes:
       - id: type
         stability: stable
-        brief: 'Describes a class of error the operation ended with.'
+        brief: >
+          Describes a class of error the operation ended with.
         type:
           allow_custom_values: true
           members:
             - id: other
               value: "_OTHER"
-              brief: "A fallback error value to be used when the instrumentation doesn't define a custom value."
+              brief: >
+                A fallback error value to be used when the instrumentation doesn't define a custom value.
         examples: ['timeout', 'java.net.UnknownHostException', 'server_certificate_invalid', '500']
         note: |
           The `error.type` SHOULD be predictable and SHOULD have low cardinality.
@@ -29,5 +30,6 @@ groups:
 
           If a specific domain defines its own set of error identifiers (such as HTTP or gRPC status codes),
           it's RECOMMENDED to:
-            * Use a domain-specific attribute
-            * Set `error.type` to capture all errors, regardless of whether they are defined within the domain-specific set or not.
+
+          * Use a domain-specific attribute
+          * Set `error.type` to capture all errors, regardless of whether they are defined within the domain-specific set or not.
diff --git a/model/registry/host.yaml b/model/registry/host.yaml
new file mode 100644
index 0000000000..fed665548e
--- /dev/null
+++ b/model/registry/host.yaml
@@ -0,0 +1,122 @@
+groups:
+  - id: registry.host
+    prefix: host
+    type: attribute_group
+    brief: >
+      A host is defined as a computing instance. For example, physical servers, virtual machines, switches or disk array.
+    attributes:
+      - id: id
+        type: string
+        brief: >
+          Unique host ID. For Cloud, this must be the instance_id assigned by the cloud provider.
+          For non-containerized systems, this should be the `machine-id`. See the table below for
+          the sources to use to determine the `machine-id` based on operating system.
+        examples: ['fdbf79e8af94cb7f9e8df36789187052']
+      - id: name
+        type: string
+        brief: >
+          Name of the host. On Unix systems, it may contain what the hostname
+          command returns, or the fully qualified hostname, or another name
+          specified by the user.
+        examples: ['opentelemetry-test']
+      - id: type
+        type: string
+        brief: >
+          Type of host. For Cloud, this must be the machine type.
+        examples: ['n1-standard-1']
+      - id: arch
+        type:
+          allow_custom_values: true
+          members:
+            - id: amd64
+              value: 'amd64'
+              brief: "AMD64"
+            - id: arm32
+              value: 'arm32'
+              brief: "ARM32"
+            - id: arm64
+              value: 'arm64'
+              brief: "ARM64"
+            - id: ia64
+              value: 'ia64'
+              brief: "Itanium"
+            - id: ppc32
+              value: 'ppc32'
+              brief: "32-bit PowerPC"
+            - id: ppc64
+              value: 'ppc64'
+              brief: "64-bit PowerPC"
+            - id: s390x
+              value: 's390x'
+              brief: "IBM z/Architecture"
+            - id: x86
+              value: 'x86'
+              brief: "32-bit x86"
+        brief: >
+            The CPU architecture the host system is running on.
+      - id: image.name
+        type: string
+        brief: >
+          Name of the VM image or OS install the host was instantiated from.
+        examples: ['infra-ami-eks-worker-node-7d4ec78312', 'CentOS-8-x86_64-1905']
+      - id: image.id
+        type: string
+        brief: >
+          VM image ID or host OS image ID. For Cloud, this value is from the provider.
+        examples: ['ami-07b06b442921831e5']
+      - id: image.version
+        type: string
+        brief: >
+          The version string of the VM image or host OS as defined in
+          [Version Attributes](/docs/resource/README.md#version-attributes).
+        examples: ['0.1']
+      - id: ip
+        type: string[]
+        brief: >
+          Available IP addresses of the host, excluding loopback interfaces.
+        note: >
+          IPv4 Addresses MUST be specified in dotted-quad notation. IPv6 addresses
+          MUST be specified in the [RFC 5952](https://www.rfc-editor.org/rfc/rfc5952.html) format.
+        examples: ["192.168.1.140", "fe80::abc2:4a28:737a:609e"]
+      - id: mac
+        type: string[]
+        brief: >
+          Available MAC addresses of the host, excluding loopback interfaces.
+        note: >
+          MAC Addresses MUST be represented in [IEEE RA hexadecimal form](https://standards.ieee.org/wp-content/uploads/import/documents/tutorials/eui.pdf):
+          as hyphen-separated octets in uppercase hexadecimal form from most to least significant.
+        examples: ['AC-DE-48-23-45-67', 'AC-DE-48-23-45-67-01-9F']
+      - id: cpu.vendor.id
+        type: string
+        brief: >
+          Processor manufacturer identifier. A maximum 12-character string.
+        note: >
+          [CPUID](https://wiki.osdev.org/CPUID) command returns the vendor ID string in EBX, EDX and ECX registers.
+          Writing these to memory in this order results in a 12-character string.
+        examples: [ 'GenuineIntel' ]
+      - id: cpu.family
+        type: string
+        brief: >
+          Family or generation of the CPU.
+        examples: [ '6', 'PA-RISC 1.1e' ]
+      - id: cpu.model.id
+        type: string
+        brief: >
+          Model identifier. It provides more granular information about the CPU, distinguishing it from
+          other CPUs within the same family.
+        examples: [ '6', '9000/778/B180L' ]
+      - id: cpu.model.name
+        type: string
+        brief: >
+          Model designation of the processor.
+        examples: [ '11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz' ]
+      - id: cpu.stepping
+        type: int
+        brief: >
+          Stepping or core revisions.
+        examples: [ 1 ]
+      - id: cpu.cache.l2.size
+        type: int
+        brief: >
+          The amount of level 2 memory cache available to the processor (in Bytes).
+        examples: [ 12288000 ]
diff --git a/model/registry/messaging.yaml b/model/registry/messaging.yaml
index 4487cd14ca..f7dd6257ab 100644
--- a/model/registry/messaging.yaml
+++ b/model/registry/messaging.yaml
@@ -205,4 +205,4 @@ groups:
       - id: system
         type: string
         brief: 'A string identifying the messaging system.'
-        examples: ['kafka', 'rabbitmq', 'rocketmq', 'activemq', 'AmazonSQS']
+        examples: ['kafka', 'rabbitmq', 'rocketmq', 'activemq']
diff --git a/model/registry/os.yaml b/model/registry/os.yaml
new file mode 100644
index 0000000000..af8dbfcd2a
--- /dev/null
+++ b/model/registry/os.yaml
@@ -0,0 +1,69 @@
+groups:
+  - id: registry.os
+    prefix: os
+    type: attribute_group
+    brief: >
+        The operating system (OS) on which the process represented by this resource is running.
+    note: >
+        In case of virtualized environments, this is the operating system as it is observed by
+        the process, i.e., the virtualized guest rather than the underlying host.
+    attributes:
+      - id: type
+        type:
+          allow_custom_values: true
+          members:
+            - id: windows
+              value: 'windows'
+              brief: "Microsoft Windows"
+            - id: linux
+              value: 'linux'
+              brief: "Linux"
+            - id: darwin
+              value: 'darwin'
+              brief: "Apple Darwin"
+            - id: freebsd
+              value: 'freebsd'
+              brief: "FreeBSD"
+            - id: netbsd
+              value: 'netbsd'
+              brief: "NetBSD"
+            - id: openbsd
+              value: 'openbsd'
+              brief: "OpenBSD"
+            - id: dragonflybsd
+              value: 'dragonflybsd'
+              brief: "DragonFly BSD"
+            - id: hpux
+              value: 'hpux'
+              brief: "HP-UX (Hewlett Packard Unix)"
+            - id: aix
+              value: 'aix'
+              brief: "AIX (Advanced Interactive eXecutive)"
+            - id: solaris
+              value: 'solaris'
+              brief: "SunOS, Oracle Solaris"
+            - id: z_os
+              value: 'z_os'
+              brief: "IBM z/OS"
+        brief: >
+          The operating system type.
+      - id: description
+        type: string
+        brief: >
+          Human readable (not intended to be parsed) OS version information,
+          like e.g. reported by `ver` or `lsb_release -a` commands.
+        examples: ['Microsoft Windows [Version 10.0.18363.778]', 'Ubuntu 18.04.1 LTS']
+      - id: name
+        type: string
+        brief: 'Human readable operating system name.'
+        examples: ['iOS', 'Android', 'Ubuntu']
+      - id: version
+        type: string
+        brief: >
+          The version string of the operating system as defined in
+          [Version Attributes](/docs/resource/README.md#version-attributes).
+        examples: ['14.2.1', '18.04.1']
+      - id: build_id
+        type: string
+        brief: 'Unique identifier for a particular build or compilation of the operating system.'
+        examples: ['TQ3C.230805.001.B2', '20E247', '22621']
diff --git a/model/registry/process.yaml b/model/registry/process.yaml
new file mode 100644
index 0000000000..894d09899e
--- /dev/null
+++ b/model/registry/process.yaml
@@ -0,0 +1,60 @@
+groups:
+  - id: registry.process
+    prefix: process
+    type: attribute_group
+    brief: >
+        An operating system process.
+    attributes:
+      - id: pid
+        type: int
+        brief: >
+          Process identifier (PID).
+        examples: [1234]
+      - id: parent_pid
+        type: int
+        brief: >
+          Parent Process identifier (PID).
+        examples: [111]
+      - id: executable.name
+        type: string
+        brief: >
+          The name of the process executable. On Linux based systems, can be set
+          to the `Name` in `proc/[pid]/status`. On Windows, can be set to the
+          base name of `GetProcessImageFileNameW`.
+        examples: ['otelcol']
+      - id: executable.path
+        type: string
+        brief: >
+          The full path to the process executable. On Linux based systems, can
+          be set to the target of `proc/[pid]/exe`. On Windows, can be set to the
+          result of `GetProcessImageFileNameW`.
+        examples: ['/usr/bin/cmd/otelcol']
+      - id: command
+        type: string
+        brief: >
+          The command used to launch the process (i.e. the command name). On Linux
+          based systems, can be set to the zeroth string in `proc/[pid]/cmdline`.
+          On Windows, can be set to the first parameter extracted from `GetCommandLineW`.
+        examples: ['cmd/otelcol']
+      - id: command_line
+        type: string
+        brief: >
+          The full command used to launch the process as a single string representing
+          the full command. On Windows, can be set to the result of `GetCommandLineW`.
+          Do not set this if you have to assemble it just for monitoring; use
+          `process.command_args` instead.
+        examples: ['C:\cmd\otecol --config="my directory\config.yaml"']
+      - id: command_args
+        type: string[]
+        brief: >
+          All the command arguments (including the command/executable itself) as
+          received by the process. On Linux-based systems (and some other Unixoid
+          systems supporting procfs), can be set according to the list of
+          null-delimited strings extracted from `proc/[pid]/cmdline`. For libc-based
+          executables, this would be the full argv vector passed to `main`.
+        examples: ['cmd/otecol', '--config=config.yaml']
+      - id: owner
+        type: string
+        brief: >
+          The username of the user that owns the process.
+        examples: 'root'
diff --git a/model/registry/tls.yaml b/model/registry/tls.yaml
new file mode 100644
index 0000000000..421479d18a
--- /dev/null
+++ b/model/registry/tls.yaml
@@ -0,0 +1,165 @@
+groups:
+  - id: registry.tls
+    prefix: tls
+    type: attribute_group
+    brief: "This document defines semantic convention attributes in the TLS namespace."
+    attributes:
+      - id: cipher
+        brief: >
+          String indicating the [cipher](https://datatracker.ietf.org/doc/html/rfc5246#appendix-A.5) used during the current connection.
+        type: string
+        note: >
+          The values allowed for `tls.cipher` MUST be one of the `Descriptions` of the
+          [registered TLS Cipher Suits](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#table-tls-parameters-4).
+        examples:
+          [
+            "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
+            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+          ]
+      - id: client.certificate
+        type: string
+        brief: >
+          PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list.
+        examples: ["MII..."]
+      - id: client.certificate_chain
+        type: string[]
+        brief: >
+          Array of PEM-encoded certificates that make up the certificate chain offered by the client.
+          This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain.
+        examples: ["MII...", "MI..."]
+      - id: client.hash.md5
+        type: string
+        brief: >
+          Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client.
+          For consistency with other hash values, this value should be formatted as an uppercase hash.
+        examples: ["0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC"]
+      - id: client.hash.sha1
+        type: string
+        brief: >
+          Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client.
+          For consistency with other hash values, this value should be formatted as an uppercase hash.
+        examples: ["9E393D93138888D288266C2D915214D1D1CCEB2A"]
+      - id: client.hash.sha256
+        type: string
+        brief: >
+          Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client.
+          For consistency with other hash values, this value should be formatted as an uppercase hash.
+        examples:
+          ["0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0"]
+      - id: client.issuer
+        type: string
+        brief: "Distinguished name of [subject](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6) of the issuer of the x.509 certificate presented by the client."
+        examples:
+          ["CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com"]
+      - id: client.ja3
+        type: string
+        brief: "A hash that identifies clients based on how they perform an SSL/TLS handshake."
+        examples: ["d4e5b18d6b55c71272893221c96ba240"]
+      - id: client.not_after
+        type: string
+        brief: "Date/Time indicating when client certificate is no longer considered valid."
+        examples: ["2021-01-01T00:00:00.000Z"]
+      - id: client.not_before
+        type: string
+        brief: "Date/Time indicating when client certificate is first considered valid."
+        examples: ["1970-01-01T00:00:00.000Z"]
+      - id: client.server_name
+        type: string
+        brief: "Also called an SNI, this tells the server which hostname to which the client is attempting to connect to."
+        examples: ["opentelemetry.io"]
+      - id: client.subject
+        type: string
+        brief: "Distinguished name of subject of the x.509 certificate presented by the client."
+        examples: ["CN=myclient, OU=Documentation Team, DC=example, DC=com"]
+      - id: client.supported_ciphers
+        type: string[]
+        brief: Array of ciphers offered by the client during the client hello.
+        examples:
+          [
+            '"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "..."',
+          ]
+      - id: curve
+        brief: "String indicating the curve used for the given cipher, when applicable"
+        type: string
+        examples: ["secp256r1"]
+      - id: established
+        brief: "Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel."
+        type: boolean
+        examples: [true]
+      - id: next_protocol
+        brief: >
+          String indicating the protocol being tunneled.
+          Per the values in the [IANA registry](https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids),
+          this string should be lower case.
+        type: string
+        examples: ["http/1.1"]
+      - id: protocol.name
+        brief: >
+          Normalized lowercase protocol name parsed from original string of the negotiated [SSL/TLS protocol version](https://www.openssl.org/docs/man1.1.1/man3/SSL_get_version.html#RETURN-VALUES)
+        type:
+          allow_custom_values: true
+          members:
+            - id: ssl
+              value: ssl
+            - id: tls
+              value: tls
+      - id: protocol.version
+        brief: >
+          Numeric part of the version parsed from the original string of the negotiated [SSL/TLS protocol version](https://www.openssl.org/docs/man1.1.1/man3/SSL_get_version.html#RETURN-VALUES)
+        type: string
+        examples: ["1.2", "3"]
+      - id: resumed
+        brief: "Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation."
+        type: boolean
+        examples: [true]
+      - id: server.certificate
+        type: string
+        brief: >
+          PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list.
+        examples: ["MII..."]
+      - id: server.certificate_chain
+        type: string[]
+        brief: >
+          Array of PEM-encoded certificates that make up the certificate chain offered by the server.
+          This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain.
+        examples: ["MII...", "MI..."]
+      - id: server.hash.md5
+        type: string
+        brief: >
+          Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server.
+          For consistency with other hash values, this value should be formatted as an uppercase hash.
+        examples: ["0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC"]
+      - id: server.hash.sha1
+        type: string
+        brief: >
+          Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server.
+          For consistency with other hash values, this value should be formatted as an uppercase hash.
+        examples: ["9E393D93138888D288266C2D915214D1D1CCEB2A"]
+      - id: server.hash.sha256
+        type: string
+        brief: >
+          Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server.
+          For consistency with other hash values, this value should be formatted as an uppercase hash.
+        examples:
+          ["0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0"]
+      - id: server.issuer
+        type: string
+        brief: "Distinguished name of [subject](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6) of the issuer of the x.509 certificate presented by the client."
+        examples:
+          ["CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com"]
+      - id: server.ja3s
+        type: string
+        brief: "A hash that identifies servers based on how they perform an SSL/TLS handshake."
+        examples: ["d4e5b18d6b55c71272893221c96ba240"]
+      - id: server.not_after
+        type: string
+        brief: "Date/Time indicating when server certificate is no longer considered valid."
+        examples: ["2021-01-01T00:00:00.000Z"]
+      - id: server.not_before
+        type: string
+        brief: "Date/Time indicating when server certificate is first considered valid."
+        examples: ["1970-01-01T00:00:00.000Z"]
+      - id: server.subject
+        type: string
+        brief: "Distinguished name of subject of the x.509 certificate presented by the server."
+        examples: ["CN=myserver, OU=Documentation Team, DC=example, DC=com"]
diff --git a/model/resource/device.yaml b/model/resource/device.yaml
index 3df0a4d6a8..8fab02a8e4 100644
--- a/model/resource/device.yaml
+++ b/model/resource/device.yaml
@@ -5,37 +5,7 @@ groups:
     brief: >
         The device on which the process represented by this resource is running.
     attributes:
-      - id: id
-        type: string
-        brief: 'A unique identifier representing the device'
-        note: >
-          The device identifier MUST only be defined using the values outlined below. This value is not an advertising
-          identifier and MUST NOT be used as such.
-          On iOS (Swift or Objective-C), this value MUST be equal to the [vendor identifier](https://developer.apple.com/documentation/uikit/uidevice/1620059-identifierforvendor).
-          On Android (Java or Kotlin), this value MUST be equal to the Firebase Installation ID or a globally unique
-          UUID which is persisted across sessions in your application. More information can be found [here](https://developer.android.com/training/articles/user-data-ids)
-          on best practices and exact implementation details.
-          Caution should be taken when storing personal data or anything which can identify a user. GDPR and
-          data protection laws may apply, ensure you do your own due diligence.
-        examples: ['2ab2916d-a51f-4ac8-80ee-45ac31a28092']
-      - id: model.identifier
-        type: string
-        brief: 'The model identifier for the device'
-        note: >
-          It's recommended this value represents a machine readable version of
-          the model identifier rather than the market or consumer-friendly name
-          of the device.
-        examples: ['iPhone3,4', 'SM-G920F']
-      - id: model.name
-        type: string
-        brief: 'The marketing name for the device model'
-        note: >
-          It's recommended this value represents a human readable version of the
-          device model rather than a machine readable alternative.
-        examples: ['iPhone 6s Plus', 'Samsung Galaxy S6']
-      - id: manufacturer
-        type: string
-        brief: 'The name of the device manufacturer'
-        note: >
-          The Android OS provides this field via [Build](https://developer.android.com/reference/android/os/Build#MANUFACTURER). iOS apps SHOULD hardcode the value `Apple`.
-        examples: ['Apple', 'Samsung']
+      - ref: device.id
+      - ref: device.manufacturer
+      - ref: device.model.identifier
+      - ref: device.model.name
diff --git a/model/resource/host.yaml b/model/resource/host.yaml
index 9b63976db5..b90b90dcf7 100644
--- a/model/resource/host.yaml
+++ b/model/resource/host.yaml
@@ -5,89 +5,17 @@ groups:
     brief: >
         A host is defined as a computing instance. For example, physical servers, virtual machines, switches or disk array.
     attributes:
-      - id: id
-        type: string
-        brief: >
-          Unique host ID. For Cloud, this must be the instance_id assigned by the cloud provider.
-          For non-containerized systems, this should be the `machine-id`. See the table below for
-          the sources to use to determine the `machine-id` based on operating system.
-        examples: ['fdbf79e8af94cb7f9e8df36789187052']
-      - id: name
-        type: string
-        brief: >
-          Name of the host. On Unix systems, it may contain what the hostname
-          command returns, or the fully qualified hostname, or another name
-          specified by the user.
-        examples: ['opentelemetry-test']
-      - id: type
-        type: string
-        brief: >
-          Type of host. For Cloud, this must be the machine type.
-        examples: ['n1-standard-1']
-      - id: arch
-        type:
-          allow_custom_values: true
-          members:
-            - id: amd64
-              value: 'amd64'
-              brief: "AMD64"
-            - id: arm32
-              value: 'arm32'
-              brief: "ARM32"
-            - id: arm64
-              value: 'arm64'
-              brief: "ARM64"
-            - id: ia64
-              value: 'ia64'
-              brief: "Itanium"
-            - id: ppc32
-              value: 'ppc32'
-              brief: "32-bit PowerPC"
-            - id: ppc64
-              value: 'ppc64'
-              brief: "64-bit PowerPC"
-            - id: s390x
-              value: 's390x'
-              brief: "IBM z/Architecture"
-            - id: x86
-              value: 'x86'
-              brief: "32-bit x86"
-        brief: >
-            The CPU architecture the host system is running on.
-      - id: image.name
-        type: string
-        brief: >
-          Name of the VM image or OS install the host was instantiated from.
-        examples: ['infra-ami-eks-worker-node-7d4ec78312', 'CentOS-8-x86_64-1905']
-      - id: image.id
-        type: string
-        brief: >
-          VM image ID or host OS image ID. For Cloud, this value is from the provider.
-        examples: ['ami-07b06b442921831e5']
-      - id: image.version
-        type: string
-        brief: >
-          The version string of the VM image or host OS as defined in
-          [Version Attributes](README.md#version-attributes).
-        examples: ['0.1']
-      - id: ip
-        type: string[]
+      - ref: host.id
+      - ref: host.name
+      - ref: host.type
+      - ref: host.arch
+      - ref: host.image.name
+      - ref: host.image.id
+      - ref: host.image.version
+      - ref: host.ip
         requirement_level: opt_in
-        brief: >
-          Available IP addresses of the host, excluding loopback interfaces.
-        note: >
-          IPv4 Addresses MUST be specified in dotted-quad notation. IPv6 addresses
-          MUST be specified in the [RFC 5952](https://www.rfc-editor.org/rfc/rfc5952.html) format.
-        examples: ["192.168.1.140", "fe80::abc2:4a28:737a:609e"]
-      - id: mac
-        type: string[]
+      - ref: host.mac
         requirement_level: opt_in
-        brief: >
-          Available MAC addresses of the host, excluding loopback interfaces.
-        note: >
-          MAC Addresses MUST be represented in [IEEE RA hexadecimal form](https://standards.ieee.org/wp-content/uploads/import/documents/tutorials/eui.pdf):
-          as hyphen-separated octets in uppercase hexadecimal form from most to least significant.
-        examples: ['AC-DE-48-23-45-67', 'AC-DE-48-23-45-67-01-9F']
 
   - id: host.cpu
     prefix: host.cpu
@@ -95,43 +23,15 @@ groups:
     brief: >
       A host's CPU information
     attributes:
-      - id: vendor.id
+      - ref: host.cpu.vendor.id
         requirement_level: opt_in
-        type: string
-        brief: >
-          Processor manufacturer identifier. A maximum 12-character string.
-        note: >
-          [CPUID](https://wiki.osdev.org/CPUID) command returns the vendor ID string in EBX, EDX and ECX registers.
-          Writing these to memory in this order results in a 12-character string.
-        examples: [ 'GenuineIntel' ]
-      - id: family
+      - ref: host.cpu.family
         requirement_level: opt_in
-        type: int
-        brief: >
-          Numeric value specifying the family or generation of the CPU.
-        examples: [ 6 ]
-      - id: model.id
+      - ref: host.cpu.model.id
         requirement_level: opt_in
-        type: int
-        brief: >
-          Model identifier. It provides more granular information about the CPU, distinguishing it from
-          other CPUs within the same family.
-        examples: [ 6 ]
-      - id: model.name
+      - ref: host.cpu.model.name
         requirement_level: opt_in
-        type: string
-        brief: >
-          Model designation of the processor.
-        examples: [ '11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz' ]
-      - id: stepping
+      - ref: host.cpu.stepping
         requirement_level: opt_in
-        type: int
-        brief: >
-          Stepping or core revisions.
-        examples: [ 1 ]
-      - id: cache.l2.size
+      - ref: host.cpu.cache.l2.size
         requirement_level: opt_in
-        type: int
-        brief: >
-          The amount of level 2 memory cache available to the processor (in Bytes).
-        examples: [ 12288000 ]
diff --git a/model/resource/os.yaml b/model/resource/os.yaml
index 78636f8461..772fdde3a0 100644
--- a/model/resource/os.yaml
+++ b/model/resource/os.yaml
@@ -8,62 +8,9 @@ groups:
         In case of virtualized environments, this is the operating system as it is observed by
         the process, i.e., the virtualized guest rather than the underlying host.
     attributes:
-      - id: type
-        type:
-          allow_custom_values: true
-          members:
-            - id: windows
-              value: 'windows'
-              brief: "Microsoft Windows"
-            - id: linux
-              value: 'linux'
-              brief: "Linux"
-            - id: darwin
-              value: 'darwin'
-              brief: "Apple Darwin"
-            - id: freebsd
-              value: 'freebsd'
-              brief: "FreeBSD"
-            - id: netbsd
-              value: 'netbsd'
-              brief: "NetBSD"
-            - id: openbsd
-              value: 'openbsd'
-              brief: "OpenBSD"
-            - id: dragonflybsd
-              value: 'dragonflybsd'
-              brief: "DragonFly BSD"
-            - id: hpux
-              value: 'hpux'
-              brief: "HP-UX (Hewlett Packard Unix)"
-            - id: aix
-              value: 'aix'
-              brief: "AIX (Advanced Interactive eXecutive)"
-            - id: solaris
-              value: 'solaris'
-              brief: "SunOS, Oracle Solaris"
-            - id: z_os
-              value: 'z_os'
-              brief: "IBM z/OS"
+      - ref: os.type
         requirement_level: required
-        brief: 'The operating system type.'
-      - id: description
-        type: string
-        brief: >
-          Human readable (not intended to be parsed) OS version information,
-          like e.g. reported by `ver` or `lsb_release -a` commands.
-        examples: ['Microsoft Windows [Version 10.0.18363.778]', 'Ubuntu 18.04.1 LTS']
-      - id: name
-        type: string
-        brief: 'Human readable operating system name.'
-        examples: ['iOS', 'Android', 'Ubuntu']
-      - id: version
-        type: string
-        brief: >
-          The version string of the operating system as defined in
-          [Version Attributes](/docs/resource/README.md#version-attributes).
-        examples: ['14.2.1', '18.04.1']
-      - id: build_id
-        type: string
-        brief: 'Unique identifier for a particular build or compilation of the operating system.'
-        examples: ['TQ3C.230805.001.B2', '20E247', '22621']
+      - ref: os.description
+      - ref: os.name
+      - ref: os.version
+      - ref: os.build_id
diff --git a/model/resource/process.yaml b/model/resource/process.yaml
index d7d3b25b56..54b141cc6d 100644
--- a/model/resource/process.yaml
+++ b/model/resource/process.yaml
@@ -5,69 +5,24 @@ groups:
     brief: >
         An operating system process.
     attributes:
-      - id: pid
-        type: int
-        brief: >
-          Process identifier (PID).
-        examples: [1234]
-      - id: parent_pid
-        type: int
-        brief: >
-          Parent Process identifier (PID).
-        examples: [111]
-      - id: executable.name
-        type: string
+      - ref: process.pid
+      - ref: process.parent_pid
+      - ref: process.executable.name
         requirement_level:
           conditionally_required: See alternative attributes below.
-        brief: >
-          The name of the process executable. On Linux based systems, can be set
-          to the `Name` in `proc/[pid]/status`. On Windows, can be set to the
-          base name of `GetProcessImageFileNameW`.
-        examples: ['otelcol']
-      - id: executable.path
-        type: string
+      - ref: process.executable.path
         requirement_level:
           conditionally_required: See alternative attributes below.
-        brief: >
-          The full path to the process executable. On Linux based systems, can
-          be set to the target of `proc/[pid]/exe`. On Windows, can be set to the
-          result of `GetProcessImageFileNameW`.
-        examples: ['/usr/bin/cmd/otelcol']
-      - id: command
-        type: string
+      - ref: process.command
         requirement_level:
           conditionally_required: See alternative attributes below.
-        brief: >
-          The command used to launch the process (i.e. the command name). On Linux
-          based systems, can be set to the zeroth string in `proc/[pid]/cmdline`.
-          On Windows, can be set to the first parameter extracted from `GetCommandLineW`.
-        examples: ['cmd/otelcol']
-      - id: command_line
-        type: string
+      - ref: process.command_line
         requirement_level:
           conditionally_required: See alternative attributes below.
-        brief: >
-          The full command used to launch the process as a single string representing
-          the full command. On Windows, can be set to the result of `GetCommandLineW`.
-          Do not set this if you have to assemble it just for monitoring; use
-          `process.command_args` instead.
-        examples: ['C:\cmd\otecol --config="my directory\config.yaml"']
-      - id: command_args
-        type: string[]
+      - ref: process.command_args
         requirement_level:
           conditionally_required: See alternative attributes below.
-        brief: >
-          All the command arguments (including the command/executable itself) as
-          received by the process. On Linux-based systems (and some other Unixoid
-          systems supporting procfs), can be set according to the list of
-          null-delimited strings extracted from `proc/[pid]/cmdline`. For libc-based
-          executables, this would be the full argv vector passed to `main`.
-        examples: ['cmd/otecol', '--config=config.yaml']
-      - id: owner
-        type: string
-        brief: >
-          The username of the user that owns the process.
-        examples: 'root'
+      - ref: process.owner
     constraints:
       - any_of:
           - process.executable.name