-
Notifications
You must be signed in to change notification settings - Fork 183
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Publication Characteristics #196
Comments
This is not a huge work item, but it must be coordinated with metaschema work since any metadata model we propose will also have to go there. Also suggest changing the name of this Issue to sth like "Catalog and Profile metadata modeling". |
2018-06-07 Meeting Notes:
|
@brianrufgsa has an ERD showing possible metadata fields, which he is forwarding to me. We will aim for something both comprehensive (enough) and lightweight. |
Items for team discussion/agreement:
|
June 14 Status: |
June 26 Status A sketched model is underway in the form of a metaschema, capturing fields appearing in the ERD. Will post again when committed. We didn't finish covering the details of these fields (from the db) in our work session: system_id Many of these might best be handled by a generic model, permitting FedRAMP (or other recipient/authority) to define the particular fields in detail, as in <meta-group term="security">
<meta term="sensitivity-level"> [ ... ] </meta-term>
<meta term="objective-confidentiality">[ ... ] </meta-term>
<meta term="objective-integrity">[ ... ] </meta-term>
<meta term="objective-availability">[ ... ] </meta-term>
<meta-group term="auth">
<meta term="ial"> [ ... ] </meta>
<meta term="eal"> [ ... ] </meta> Next steps: produce actual data conformant with our sketch; (re)iterate the design a few times. |
Note that while the model above could also be parts and properties ( Another thing to note is that whatever this is, it could be a utilitarian approach to one of the commonest sets of metadata requirements, namely keywords, index terms, controlled reference vocabularies and taxonomies. Which we have not faced yet (TMK) but it is likely to come up sooner or later. |
Work is proceeding in a new branch, with a commit here (very much WIP this mockup isn't even valid yet): 0d81459 |
For current WIP, see https://github.com/wendellpiez/OSCAL/tree/feature-metadata-schema/schema/xml especially Things are valid, hanging together, and ready to try out on real data. |
June 28 Status: As indicated by @wendellpiez above, Wendell, Brian, and Peter met to discuss this on June 26th and reached a proposed draft baseline. Next step is to seek concurrence from Dave. |
June 28 Status Meeting Update@brianrufgsa , @wendellpiez and @PCrayton worked on it on June 26th - see above |
July 18 Status Update (Sprint 12 Acceptance Meeting)@wendellpiez has a model that needs review. He will submit shortly a PR. |
A schema and demo file for a lightweight tag set for document-level metadata is here in a branch in my repo: https://github.com/wendellpiez/OSCAL/tree/feature-metadata-schema/schema/xml In the neighboring The "blank" XML document is not blank as to tagging (it has tagging valid to the model), but only as to data content. Most of the elements are optional and would not appear if not used; this is only a specimen for demo/testing. The next step is to use this file and schema in a "fill in the blank" exercise, collecting the relevant metadata for catalogs and profiles we have so far. I am ready to make a PR, but I should have asked, which branch should I request this be pulled into? @anweiss or @david-waltermire-nist any advice? |
Status UpdateThis is still a work in progress by @wendellpiez based on feedback from @brianrufgsa. |
Planning meeting for Thursday Aug 20 with @brianrufgsa and @PCrayton to review and proceed with making examples. |
Status Meeting: 8/23/2018@wendellpiez and @brianrufgsa met today and made more progress. |
9/6/2018 Status MeetingWe discussed the following as an example of document metadata. https://www.fedramp.gov/assets/resources/documents/CSP_Continuous_Monitoring_Strategy_Guide.pdf |
Sprint 13 Progress Sep 13 2018 Meeting with @david-waltermire-nist 9/12 we made progress on the (meta)schema for the metadata header (to be integrated into main schemas for catalog, profile and other modules). The model is now (even) simpler and more streamlined. A mockup/sample provided by @brianrufgsa is valid to the provisional model. We are making more examples, inasmuch as we need headers for SP800-53 and all profiles (NIST and FedRAMP). Percent complete: 50% |
Sprint 13 Progress Sep 20 2018 More progress is available in a branch in my repo including rough cut examples. Integrating the metadata (meta)schema into catalog and profile (meta)schemas should probably wait until outstanding PRs are accepted. Percent complete: 60% |
Sprint 13 Progress Sep 27 2018 IMO this will soon become a blocking task for other tasks and should be a priority for next Sprint. (This metaschema will be in play with the implementation layer as well.) Presently the work on modeling document headers (metadata) is all in a branch in my repo (feature-metadata-schema). It is difficult to push forward, however, until the metaschema work (in another branch and behind PR #237) is stabilized. Percent complete: 60% Finalizing this task will require input from NIST @iMichaela @david-waltermire-nist wrt the metadata headers on SP800-53 (catalog and profiles) and FedRAMP (GSA) @brianrufgsa on metadata headers on FedRAMP profiles (even if unofficial/provisional). |
9/26/2018@wendellpiez prototyped at OSCAL/schema/metaschema/nist-sp800-53-catalog-header.xml the newly proposed metadata. @david-waltermire-nist has concerns with the proposed model. A hash of the referenced catalog is suggested as an alternative, but @brianrufgsa finds it risky. |
User Story:
As an OSCAL content creator, I can provide standardized content within OSCAL files (catalogs, profiles, etc.) that identify publication characteristics.
At a minimum, this would include publication Title, Date, Version Number, and Publishing Organization. Ideally, this also includes contact information for the publishing organization (web site, email address, etc.) and document revision history (date, version, change description).
Goals:
Dependencies:
None.
Acceptance Criteria
The text was updated successfully, but these errors were encountered: