Skip to content

Commit

Permalink
Change to parameter setting in profile model (usnistgov#494, usnistgo…
Browse files Browse the repository at this point in the history
…v#288); release notes towards M2
  • Loading branch information
wendellpiez committed Sep 30, 2019
1 parent 90a1251 commit 7ceb220
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 17 deletions.
5 changes: 4 additions & 1 deletion src/metaschema/oscal_profile_metaschema.xml
Original file line number Diff line number Diff line change
Expand Up @@ -271,11 +271,14 @@
<model><!-- declarations tbf in the imported schema and to be aligned with it -->
<field ref="label"/>
<field ref="usage" max-occurs="unbounded">
<group-as name="usages"/>
<group-as name="descriptions"/>
</field>
<field ref="constraint" max-occurs="unbounded">
<group-as name="constraints"/>
</field>
<assembly ref="guideline" max-occurs="unbounded">
<group-as name="guidance"/>
</assembly>
<choice>
<field ref="value"/>
<assembly ref="select"/>
Expand Down
36 changes: 20 additions & 16 deletions src/release/release-notes.txt
Original file line number Diff line number Diff line change
Expand Up @@ -10,46 +10,50 @@ OSCAL 1.0.0 Milestone 1
OSCAL 1.0.0 Milestone 2
-----------------------

- The following content model changes have been made that may break content compatibility:
The following content model changes have been made that may break content compatibility:

## Document metadata/
## Document metadata

* `last-modified` is required. Its value must be a date-time with time zone (i.e., a timestamp).
* `published` is for a nominal publication date, as assigned by the owner or publisher of the catalog or resource. An electronic version of a previously published catalog should carry the publication date of the original resource (while it has a last-modified date reflecting its own version history).
* `last-modified` is required. Its value must be a date-time with time zone (i.e., a timestamp). The old element `last-modified-date` is no longer permitted.
* `published` is permitted for a nominal publication date, as assigned by the owner or publisher of the catalog or resource. An electronic version of a previously published catalog should carry its own publication date, if any, not that of the original resource (which can be described elsewhere with its own metadata).
* `role-id` is now assigned as an element in the XML, not an attribute. This permits it to be tokenized more explicitly.

## Parameters

XXX see Issues #494, #288 (adding 'guideline' to profile model)

## Control structures

### New property in SP800-53 catalog data

In the SP800-53 catalog, we have added a property called `sort-id` to controls and enhancements. Its string value represents the control's ID in a (zero-padded) notation that will sort gracefully against other sort-id values. This permits a robust reordering of controls in receiving systems without having to refer to an out-of-line document to restore the canonical order.
In the SP800-53 catalog, we have added a property called `sort-id` to controls and enhancements. Its string value represents the control's ID in a (zero-padded) notation that will sort gracefully against other `sort-id` values. This permits a robust reordering of controls in receiving systems without having to refer to an out-of-line document to restore the canonical order.

### Controls inside controls, but no "subcontrols"

Control enhancements are now represented using `control` not `subcontrol`. The constraints of restricting to two levels of hierarchy (even given groups and parts) became too unrewarding in view of the sacrifices so we have gone back to clean recursion.

Developers should take note that this relaxation also permits much more flexible adaptation of control structures (or requirements statements considered both broadly and narrowly) to particular and specialized organizations.
Control enhancements are now represented using `control` not `subcontrol`. The advantages of restricting to two levels of hierarchy (even given groups and parts) became too few in view of the sacrifices to expressiveness so we have gone back to clean recursion.

## Data type handling

Data type handling has been extended in several respects. Datatypes for dates and times have been added. Several XML-peculiar datatypes have been removed.

### Value enumeration on terminal nodes

The schema has also been extended to support validation against enumerated values, either exclusively (only declared values may appear) or inclusively (enumerations are documented while other values are also permitted). This is not a breaking change as no new constraints over the data were introduced.
The schema has also been extended to support validation against enumerated values, either exclusively (only declared values may appear) or inclusively (enumerations are documented while other values are also permitted). All allowed values newly declared are inclusive, so this is not a breaking change.

Affected data points: `prop/name`, `address/type`, `phone/type`, `hash/algorithm`, `role-id`. The enumerated values provided for each are documented.
Affected data points (in both models): `prop/name`, `address/type`, `phone/type`, `hash/algorithm`, `role-id`. The enumerated values provided for each are documented.

### Lexical datatyping at points

Supported for lexical datatyping has also been added to `link/href`, `rlink/href` (URI references), `published` and `last-modified` (timestamps), `email` (a nominal email address),`url` (a URI), `img/src`.

## Profile

* `subcontrol-id` and `with-subcontrols` have been dropped from call statements, since `subcontrol` has been dropped from the Catalog model.
* Elements besides control references are permitted inside `group` within the `merge` construct. So profile authors can provide titles and introductory content to groups they define for their represented aggregate control structures.
### Calling control enhancements (old "subcontrols")

From call statements, since `subcontrol` has been dropped from the Catalog model, `subcontrol-id` and `with-subcontrols` have been replaced with `control-id`, and `with-subcontrols` has been replaced by `with-child-controls`.

### Expanded model for new groups

Elements besides control references are now permitted inside `group` within the `merge` construct, so profile authors can provide titles and introductory content to groups they define for their represented aggregate control structures.

### Parameter settings

Added 'guideline' to profile model. It was omitted in error.

XXX see Issues #494, #288 (adding 'guideline' to profile model)

0 comments on commit 7ceb220

Please sign in to comment.