Optional Typing of Parameter Content #474
Comments
|
It may be possible to accomplish this with prop/part elements, which are already allowed under constraint; however, they are not currently allowed under value. |
david-waltermire
added
the
Scope: Modeling
david-waltermire
modified the milestones:
OSCAL 1.0 Milestone 3,
OSCAL 1.0 (Full Release)
|
As discussed in the OSCAL model review meeting today, I think using as many standards as possible, potentially referenced in a value type, to express the actual value representation will then allow easier interpretation of those values using common tools/libraries, and easier representation of things like parameter-constraint test expressions. In this example, ISO 8601 Durations could be specified as a value type such that tools can interpret a value of Using a widely adopted standard like ISO 8601 enables implementers to use common tools like Java's Duration or Moment.js Durations to parse, compare, and even display in localized, human-readable formats. The same could be done for other value types of course, and hopefully in the future the maintainers of control catalogs could adopt those as the preferred or required data types for parameters. |
|
W3C XML Schema Definition Language (XSD) 1.1 Part 2: Datatypes seems to be a good candidate for types (and extensions thereof). |
|
I would like to see a means by which we could use and support compound data types. For example, a frequency is a count (whole number or non-negative Integer) divided by a duration. There has got to be a manageable number of these types accounting for 80% of the instances. (The 20% will be interesting too.) Then too, "every January" can be broken into two rules, one a frequency (1/annum) the other a date test (month()=January). So we also need a way to express how rules expressed in prose are to be refactored, not just rewritten. A close examination of the parameters in use in SP800-53 could give us a sense at least of the range of opportunity. At present (OSCAL 1.0.0), parameters can offer a Maybe we need to conduct a data survey to see where the low-hanging fruit is. Also, I think we need to be looking at the |
|
See also #206. But note, what I said above is wrong. A frequency is not (only) a count divided by a duration. The length of the duration is significant. Three times / day is not the same as once every eight hours. In order to get these right, we probably have to delve all the way into how we expect to use these types to surface information (i.e. their operations). |
|
This work relates closely to #1059 and the constellation of issues around automating testing and evaluation. That work is targeted at OSCAL 1.2.0, so pushing this issue to the 1.2.0 release. |
User Story:
As an OSCAL adopter, it would be helpful to have optional, additional parameter syntax that allows units and boundaries to be associated with constraints and values.
For example, a parameter may reflect an organizationally-defined policy review requirement. If the constraint or value is "at least annually", it should be possible to identify units a days, months or years, and a boundary of "maximum", "at least annually" can be expressed as:
Goals:
To better facilitate machine-readable content, by creating additional, optional syntax that allows better modeling of common parameter scenarios.
Dependencies:
None.
Acceptance Criteria
{The items above are general acceptance criteria for all User Stories. Please describe anything else that must be completed for this issue to be considered resolved.}
The text was updated successfully, but these errors were encountered: