Skip to content

Commit

Permalink
Add identifier props to control layer metaschemas
Browse files Browse the repository at this point in the history
  • Loading branch information
@Rene2mt @david-waltermire
Rene2mt authored and david-waltermire committed Aug 26, 2022
1 parent cc4d487 commit 8ba9a06
Show file tree
Hide file tree
Showing 3 changed files with 70 additions and 23 deletions.
12 changes: 10 additions & 2 deletions src/metaschema/oscal_control-common_metaschema.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,12 @@
<!-- This is an id because the idenfier is intended to be human-readable. -->
<formal-name>Part Identifier</formal-name>
<!-- Identifier Declaration -->
<description>A <a href="/concepts/identifier-use/#human-oriented">human-oriented</a>, <a href="/concepts/identifier-use/#locally-unique">locally unique</a> identifier with <a href="/concepts/identifier-use/#cross-instance">cross-instance</a> scope that can be used to reference this defined part elsewhere in <a href="/concepts/identifier-use/#scope">this or other OSCAL instances</a>. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned <a href="/concepts/identifier-use/#consistency">per-subject</a>, which means it should be consistently used to identify the same subject across revisions of the document.</description>
<description>Provides locally unique means to identify a given control part.</description>
<prop name="value-type" value="identifier"/>
<prop name="identifier-type" value="human-oriented"/>
<prop name="identifier-uniqueness" value="instance"/>
<prop name="identifier-scope" value="cross-instance"/>
<prop name="identifier-persistence" value="per-subject"/>
<remarks>
<p>While a part is not required to have an id, it is often desirable for an identifier to be provided, which allows the part to be referenced elsewhere in OSCAL document instances. For this reason, it is RECOMMENDED to provide a part identifier.</p>
</remarks>
Expand Down Expand Up @@ -257,7 +262,10 @@
<define-flag name="control-id" as-type="token">
<formal-name>Control Identifier Reference</formal-name>
<!-- Identifier Reference -->
<description>A <a href="/concepts/identifier-use/#human-oriented">human-oriented</a> identifier reference to a control with a corresponding <code>id</code> value. When referencing an externally defined <code>control</code>, the <code>Control Identifier Reference</code> must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).</description>
<description>A reference to a control with a corresponding <code>id</code> value. When referencing an externally defined <code>control</code>, the <code>Control Identifier Reference</code> must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).</description>
<prop name="value-type" value="identifier-reference"/>
<prop name="identifier-type" value="human-oriented"/>
<prop name="identifier-scope" value="cross-instance"/>
</define-flag>
<define-assembly name="include-all">
<formal-name>Include All</formal-name>
Expand Down
59 changes: 44 additions & 15 deletions src/metaschema/oscal_metadata_metaschema.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,9 +77,14 @@
<group-as name="roles" in-json="ARRAY"/>
<define-flag name="id" as-type="token" required="yes">
<!-- This is an id because the idenfier is assigned and managed by humans. -->
<!-- identifier declarations -->
<!-- Identifier Declarations -->
<formal-name>Role Identifier</formal-name>
<description>A <a href="/concepts/identifier-use/#human-oriented">human-oriented</a>, <a href="/concepts/identifier-use/#locally-unique">locally unique</a> identifier with <a href="/concepts/identifier-use/#cross-instance">cross-instance</a> scope that can be used to reference this defined role elsewhere in <a href="/concepts/identifier-use/#scope">this or other OSCAL instances</a>. When referenced from another OSCAL instance, the locally defined <em>ID</em> of the <code>Role</code> from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned <a href="/concepts/identifier-use/#consistency">per-subject</a>, which means it should be consistently used to identify the same subject across revisions of the document.</description>
<description>Provides locally unique means to identify a given role.</description>
<prop name="value-type" value="identifier"/>
<prop name="identifier-type" value="human-oriented"/>
<prop name="identifier-uniqueness" value="instance"/>
<prop name="identifier-scope" value="cross-instance"/>
<prop name="identifier-persistence" value="per-subject"/>
<!-- TODO: discuss overriding of locally defined values. -->
</define-flag>
<model>
Expand Down Expand Up @@ -225,8 +230,14 @@
<group-as name="parties" in-json="ARRAY"/>
<define-flag name="uuid" as-type="uuid" required="yes">
<formal-name>Party Universally Unique Identifier</formal-name>
<!-- identifier declaration -->
<!-- Identifier Declaration -->
<description>A <a href="/concepts/identifier-use/#machine-oriented">machine-oriented</a>, <a href="/concepts/identifier-use/#globally-unique">globally unique</a> identifier with <a href="/concepts/identifier-use/#cross-instance">cross-instance</a> scope that can be used to reference this defined party elsewhere in <a href="/concepts/identifier-use/#scope">this or other OSCAL instances</a>. The locally defined <em>UUID</em> of the <code>party</code> can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned <a href="/concepts/identifier-use/#consistency">per-subject</a>, which means it should be consistently used to identify the same subject across revisions of the document.</description>
<description>Provides locally unique means to identify a given party.</description>
<prop name="value-type" value="identifier"/>
<prop name="identifier-type" value="machine-oriented"/>
<prop name="identifier-uniqueness" value="instance"/>
<prop name="identifier-scope" value="cross-instance"/>
<prop name="identifier-persistence" value="per-subject"/>
</define-flag>
<define-flag name="type" as-type="string" required="yes">
<formal-name>Party Type</formal-name>
Expand Down Expand Up @@ -294,9 +305,12 @@
</choice>
<define-field name="member-of-organization" as-type="uuid" max-occurs="unbounded">
<formal-name>Organizational Affiliation</formal-name>
<!-- identifier reference -->
<description>A <a href="/concepts/identifier-use/#machine-oriented">machine-oriented</a> identifier reference to another <code>party</code> (<code>person</code> or <code>organization</code>) that this subject is associated with. The <em>UUID</em> of the <code>party</code> in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).
<!-- Identifier Reference -->
<description>A reference to another <code>party</code> (<code>person</code> or <code>organization</code>) that this subject is associated with. The <em>UUID</em> of the <code>party</code> in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).
</description>
<prop name="value-type" value="identifier-reference"/>
<prop name="identifier-type" value="machine-oriented"/>
<prop name="identifier-scope" value="cross-instance"/>
<group-as name="member-of-organizations" in-json="ARRAY"/>
<constraint>
<!-- TODO: Move to top-level to address cross-document issues. -->
Expand Down Expand Up @@ -414,9 +428,12 @@

<define-flag name="location-uuid" as-type="uuid">
<formal-name>Location Universally Unique Identifier Reference</formal-name>
<!-- identifier reference -->
<description>A <a href="/concepts/identifier-use/#machine-oriented">machine-oriented</a> identifier reference to a <code>location</code> defined in the <code>metadata</code> section of this or another OSCAL instance. The <em>UUID</em> of the <code>location</code> in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).
<!-- Identifier Reference -->
<description>A reference to a <code>location</code> defined in the <code>metadata</code> section of this or another OSCAL instance. The <em>UUID</em> of the <code>location</code> in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).
</description>
<prop name="value-type" value="identifier-reference"/>
<prop name="identifier-type" value="machine-oriented"/>
<prop name="identifier-scope" value="cross-instance"/>
<constraint>
<!-- TODO: Dave to resolve syntax error. Likely requires updated metaschema schema -->
<index-has-key name="index-metadata-location-uuid">
Expand All @@ -428,9 +445,12 @@

<define-field name="location-uuid" as-type="uuid">
<formal-name>Location Universally Unique Identifier Reference</formal-name>
<!-- identifier reference -->
<description>A <a href="/concepts/identifier-use/#machine-oriented">machine-oriented</a> identifier reference to a <code>location</code> defined in the <code>metadata</code> section of this or another OSCAL instance. The <em>UUID</em> of the <code>location</code> in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).
<!-- Identifier Reference -->
<description>A reference to a <code>location</code> defined in the <code>metadata</code> section of this or another OSCAL instance. The <em>UUID</em> of the <code>location</code> in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).
</description>
<prop name="value-type" value="identifier-reference"/>
<prop name="identifier-type" value="machine-oriented"/>
<prop name="identifier-scope" value="cross-instance"/>
<constraint>
<index-has-key name="index-metadata-location-uuid" target=".">
<!-- TODO: This is impacted by cross-document cross-references We need to relocate or localize this constraint. -->
Expand All @@ -444,9 +464,12 @@

<define-field name="party-uuid" as-type="uuid">
<formal-name>Party Universally Unique Identifier Reference</formal-name>
<!-- identifier reference -->
<description>A <a href="/concepts/identifier-use/#machine-oriented">machine-oriented</a> identifier reference to another <code>party</code> defined in <code>metadata</code>. The <em>UUID</em> of the <code>party</code> in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).
<!-- Identifier Reference -->
<description>A reference to another <code>party</code> defined in <code>metadata</code>. The <em>UUID</em> of the <code>party</code> in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).
</description>
<prop name="value-type" value="identifier-reference"/>
<prop name="identifier-type" value="machine-oriented"/>
<prop name="identifier-scope" value="cross-instance"/>
<constraint>
<index-has-key name="index-metadata-party-uuid" target=".">
<!-- TODO: This is impacted by cross-document cross-references We need to relocate or localize this constraint. -->
Expand All @@ -460,8 +483,11 @@

<define-field name="role-id" as-type="token">
<formal-name>Role Identifier Reference</formal-name>
<!-- identifier reference -->
<description>A <a href="/concepts/identifier-use/#human-oriented">human-oriented</a> identifier reference to <code>roles</code> served by the user.</description>
<!-- Identifier Reference -->
<description>A reference to <code>roles</code> served by the user.</description>
<prop name="value-type" value="identifier-reference"/>
<prop name="identifier-type" value="human-oriented"/>
<prop name="identifier-scope" value="cross-instance"/>
<constraint>
<index-has-key name="index-metadata-role-id" target=".">
<!-- TODO: This is impacted by cross-document cross-references We need to relocate or localize this constraint. -->
Expand Down Expand Up @@ -802,8 +828,11 @@
<description>A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.</description>
<define-flag required="yes" name="role-id" as-type="token">
<formal-name>Responsible Role</formal-name>
<!-- identifier reference -->
<description>A <a href="/concepts/identifier-use/#human-oriented">human-oriented</a> identifier reference to a <code>role</code> performed.</description>
<!-- Identifier Reference -->
<description>A reference to a <code>role</code> performed by a <code>party</code>.</description>
<prop name="value-type" value="identifier-reference"/>
<prop name="identifier-type" value="human-oriented"/>
<prop name="identifier-scope" value="cross-instance"/>
</define-flag>
<model>
<field ref="party-uuid" min-occurs="1" max-occurs="unbounded">
Expand Down
22 changes: 16 additions & 6 deletions src/metaschema/oscal_profile_metaschema.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,10 @@
<!-- Identifier Declaration -->
<description>Provides a globally unique means to identify a given profile instance.</description>
<prop name="value-type" value="identifier"/>
<prop name="identifier-type" value="machine-oriented"/>
<prop name="identifier-uniqueness" value="global"/>
<prop name="identifier-scope" value="cross-instance"/>
<prop name="identifier-persistence" value="change-on-write"/>
<prop name="identifier-type" value="machine-oriented"/>
<prop name="identifier-uniqueness" value="global"/>
<prop name="identifier-scope" value="cross-instance"/>
<prop name="identifier-persistence" value="change-on-write"/>
</define-flag>
<model>
<assembly ref="metadata" min-occurs="1"/>
Expand Down Expand Up @@ -151,7 +151,12 @@
<!-- This is an id because the idenfier is assigned and managed externally by humans. -->
<formal-name>Group Identifier</formal-name>
<!-- Identifier Declaration -->
<description>A <a href="/concepts/identifier-use/#human-oriented">human-oriented</a>, <a href="/concepts/identifier-use/#locally-unique">locally unique</a> identifier with <a href="/concepts/identifier-use/#cross-instance">cross-instance</a> scope that can be used to reference this defined group elsewhere in <a href="/concepts/identifier-use/#profile-identifiers">this or other OSCAL instances</a>. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned <a href="/concepts/identifier-use/#consistency">per-subject</a>, which means it should be consistently used to identify the same group across revisions of the document.</description>
<description>Provides locally unique means to identify a given control group.</description>
<prop name="value-type" value="identifier"/>
<prop name="identifier-type" value="human-oriented"/>
<prop name="identifier-uniqueness" value="instance"/>
<prop name="identifier-scope" value="cross-instance"/>
<prop name="identifier-persistence" value="per-subject"/>
</define-flag>
<define-flag name="class" as-type="token">
<formal-name>Group Class</formal-name>
Expand Down Expand Up @@ -203,7 +208,12 @@
<!-- This is an id because the idenfier is assigned and managed by humans. -->
<formal-name>Parameter ID</formal-name>
<!-- Identifier Declaration -->
<description>A <a href="/concepts/identifier-use/#human-oriented">human-oriented</a>, <a href="/concepts/identifier-use/#locally-unique">locally unique</a> identifier with <a href="/concepts/identifier-use/#cross-instance">cross-instance</a> scope that can be used to reference this defined parameter elsewhere in <a href="/concepts/identifier-use/#profile-identifiers">this or other OSCAL instances</a>. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned <a href="/concepts/identifier-use/#consistency">per-subject</a>, which means it should be consistently used to identify the same subject across revisions of the document.</description>
<description>Provides locally unique means to identify a given paramater.</description>
<prop name="value-type" value="identifier"/>
<prop name="identifier-type" value="human-oriented"/>
<prop name="identifier-uniqueness" value="instance"/>
<prop name="identifier-scope" value="cross-instance"/>
<prop name="identifier-persistence" value="per-subject"/>
</define-flag>
<define-flag name="class" as-type="token">
<formal-name>Parameter Class</formal-name>
Expand Down

0 comments on commit 8ba9a06

Please sign in to comment.