-
Notifications
You must be signed in to change notification settings - Fork 183
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define a version/revision data element for catalogs and profiles #220
Comments
Status Meeting: 8/23/2018More discussions are necessary to create a consistent format that generates a unique identifies. The metadata headers will include a uid. |
Addressing this issue fully may requires resolving some outstanding git issues in my repo in order to confirm all work that should be checked in and merged, has been. Presently (in one or another version) we expect to handle this issue in several ways:
This issue as defined in the original ticket described only the first of these. Would it be possible to close this Issue when @anweiss and myself can confirm that the modeling question (specifically, the availability of the requisite attribute on the requisite element) has been not only implemented, but committed and merged? For example see model-version='0.9.1' on NB this attribute has not yet been propagated to the profiles, partly because its value is not yet meaningful. |
8/30/2018 Status MeetingCandidate solution for a unique identifier of the file could leverage NIST beacon service https://beacon.nist.gov/home |
Sprint 13 Progress Note See #196 for progress on a schema for all document-level metadata (header info) including document identifiers. % Complete: 20%? we have a model, but so far no examples to illustrate it. Since this issue is important, our documentation may need a section just on identifiers and traceability and how OSCAL supports them. |
Adding to the work item here that we also need (a redundancy of) links from profiles to their catalogs (supporting hashes etc) as well perhaps from any OSCAL instance to its metaschema resources -- if only because users will need a trail to follow regarding what they are looking at. So far the metaschema is the only link back from the instance to the body of work (docs etc) beyond the XSD itself. In other words, profiles and catalogs need a little boilerplate pointing to documentation of (its) OSCAL and supporting validable claims regarding metaschema version, catalog version/hash etc. This is especially true since certain properties of catalogs (indeed: control architecture itself) is defined at the catalog level, not the OSCAL level. |
Sprint 13 Progress September 20 The current draft metaschema for metadata headers includes ample hooks for "two-factor" (and three-factor) cross-checking of document artifacts between IDs, file names and addresses/URIs, nominal URIs, hashes, and controlled identifiers of arbitrary kinds. (cf #196) See examples here: https://github.com/wendellpiez/OSCAL/tree/feature-metadata-schema/schema/metaschema these are very much WIP. % Complete: 60% notionally, but no one has validated the design so far, so 40%? |
Sprint 13 Progress September 27 Because the relevant fields are in the document metadata as well as at the top level, this Issue essentially hangs on #196. Once #196 is resolved, it should be straightforward to consider the acceptance criteria for this one. (Are the relevant fields present and is their use demonstrated and documented.) However, this does raise the issue of documentation, as well.... |
User Story:
As an OSCAL catalog and/or profile producer, I should have a way to include the version/revision of my catalog and/or profile directly within the OSCAL artifact as an appropriate flag/element. Today, the version/revision can only be articulated in the
title
element and/or the artifact file name itself per the naming conventions proposed inexample-naming-conventions.md
in PR #201.Goals:
The catalog/profile version/revision should be exposed as an element/flag in the OSCAL model. Today, it's up to catalog/profile producers to decide whether or not to include this information in the
title
element and/or choose to follow the naming conventions as proposed by PR #201 and include the info in the file name itself. As a result, it presents tool developers and implementers with an unreliable way to determine the specific version/revision to which a catalog/profile is associated.Dependencies:
This should be addressed in PR #201.
Acceptance Criteria
Catalog/profile producers can include version/revision information directly in a field in their artifacts and that which is defined by the OSCAL data model.
The text was updated successfully, but these errors were encountered: