-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Top-down review of models #478
Comments
I am starting a branch for changes based on this issue and #466. Please submit PRs against this branch for any changes. |
9/5/2019We will park this issue for another week to catch up on other issues that need to be reviewed as part of this top-down review of the model. |
Also see #307, which could be folded into this effort. |
I would like in particular to examine use of elements These could perhaps be consolidated, except one has text contents, the other has element (paragraph) contents. We might consider collapsing this distinction or renaming for less confusion. |
While some review has been completed in PR #493, this review was not completed. This work is still ongoing. Adding to sprint 25. |
Note: the SSP model has an element |
Also noting that the |
Similarly I wonder if there is not clarification possible among (between) |
@wendellpiez, yes I noticed when developing the Guide to OSCAL-based FedRAMP SSPs, there were a few places where responsible-role and responsible-party were confusingly similar - especially when working with components and inventory. As much as any change like this forces me to change that documentation, I think it's worth simplifying the syntax if they are truly intended to be the same. |
@wendellpiez I agree the lines between party, role, and user are blurry, and could benefit from clarification. First, party/role is defined in the metadata and is intended to be used broadly throughout any OSCAL layer, where the user assembly is just in the SSP syntax, added to capture system-specific user information, which includes several details not modeled for parties in metadata. Likewise, even being involved in the discussions and understanding the rationale between role, party, and responsible-role in metadata, I find it cumbersome and a little confusing to implement. Especially when adding responsible-role/responsible-party in other assemblies, and especially when trying to use these assemblies in convert with the users assembly. There is a lot of content in the FedRAMP Guide that is either already generic or could be made generic fairly easily, if it's worth re-using the content to inform non-FedRAMP uses of OSCAL. |
Yes, let's look at all these. If the model for Essentially what we have here is a network of dependent (one-way) relations between the system, its components, requirements, users/roles, designated responsibilities, and parties. Maybe we should sketch that out as a way of reducing it to its essentials. |
Noting today that we should consider making |
This review is complete in PR #758. |
This issue was addressed by PR #758. |
User Story:
As the Metaschema has been refined, the models have changed somewhat to take advantage of new features. Now the Metaschema feature set is mainly stable, we have an opportunity to bring the models closer to "final" status. A top-down review of the metaschemas (and their schemas) is appropriate.
Goals:
Review the metaschemas to see that they take full advantage of available features in the Metaschema, and ensure their consistency internally and with one another.
In particular, we should review the following:
@id
@href
@rel
anything else should be local including
control-id
and all the rest - especially those to which we intend to bind referential/key constraintsjson-key
to address (label) an object using a flag value (Adding JSON value keys to fields in Catalog and Profile models #466)json-value-key
to provide meaningful labels for field valuesAdditionally, we can take the opportunity to add any rules checking to the Metaschema Schematron to help ensure consistency going forward.
nb This includes a Metaschema check against using
group-as
when@max-occurs
is 1 or not given (i.e., is 1 by default).Finally, we can use this review as an opportunity to capture, organize and prioritize new Metaschema feature requests. such as being able to declare fields (not only flags) locally.
Dependencies:
We should be able to perform this review and make improvements without making any XML source data invalid: after these changes XML source data should still be valid to XSDs produced from revised metaschemas. However, JSON will have to be generated fresh to conform to new JSON schemas where
json-key
andjson-value-key
have been introduced.Acceptance Criteria
Note that changes to source data are not in scope for this Issue.
The text was updated successfully, but these errors were encountered: