OCI PURL type should allow namespace declaration

[RingoDev]

Hey there I would like to challenge some of the definition of the OCI purl type.

The spec defines for the oci type:

OCI purls do not contain a namespace, although, repository_url may contain a namespace as part of the physical location of the package.

The do not contain seems a bit like "weak" language to me for a spec. I suggest to change this to RFC2119 compliant wording with either MUST NOT contain or SHOULD NOT contain. Currently I would interpret it as MUST NOT but I am not sure everybody would do as such.

If this is to be interpreted as MUST NOT, this brings me to my next concern: Why? Looking at different OCI compliant registries, most of them support the use of namespaces as first class citicens. It is understandable that they are not the same for every registry, but nevertheless most OCI registries such as DockerHub, ECR or Harbor support "namespaces" (e.g. user, group, organization) for OCI artifacts. This is also reflected in the docker PURL type, which specfically spells out the optional namespace parameter as:

The namespace is the registry/user/organization if present.

To me the docker PURL type is supposed to be a subset of the oci type and I do not see why the namespace definition between them should not be handled in the same way. Especially as in my eyes docker and OCI registries are basically the same thing nowaydays.