-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhance schemas to support more digest methods #632
Comments
david-waltermire
added a commit
to david-waltermire/OSCAL
that referenced
this issue
May 31, 2020
Migrated definition of a system interconnection and service into components. The "service" and "interconnection" component types are now used to define these. (usnistgov#498) Flattened party -> org/person to be just party. Party now has a type which identifies if the party is a person or organization. Added SHA-3 algorithms to the hash algorithm list. (usnistgov#632)
This was
linked to
pull requests
May 31, 2020
david-waltermire
added a commit
that referenced
this issue
Jun 1, 2020
* Renamed group-as names to make them more consistent. * Moved levergaed-authorizations to system-implementation. Made system-implementation and control-implementation required. * Added metadata and fixed other front matter in content * Updated examples with AU-5 mock-up data * Filled in missing titles and descriptions. Added role/user. * Updates to examples. Tweak to SSP Metaschema * Adding metaschema support for UUIDs. Implemented uuids addressing issue #676. * Fixed broken schema and schematron paths. * Fixed content to use new uuid-based flags. * Profile resolution test set update to M3 models * Updating profile resolver; renaming uuid support XSLT (#42) * Removed SSL certificate check for wget to deal with broken SSL cert on apache archive site. * Updated OSCAL version in metaschema files. * Migrated definition of a system interconnection and service into components. The "service" and "interconnection" component types are now used to define these. (#498) * Flattened party -> org/person to be just party. Party now has a type which identifies if the party is a person or organization. * Added SHA-3 algorithms to the hash algorithm list. (#632) * Fixed Docker container to run scripts that require in-place editing. * Fixed SSP elements that reference a component UUID, but lacked the correct type. * Added a location title. * Updating metaschema support to fix bug (usnistgov/metaschema#56). * Added "homepage" link relation. * Fixed message error in round-trip validation which indicated the wrong type of conversion as compared to what was actually happening. Fixed remaining round-trip issues. * Updated Assessment Metaschemas * Updated FedRAMP Profiles * WIP - UUID transition prep * WIP assessment * Finished UUID Transition * Significant assessment metaschema updates * Assessment metaschema changes * Assessment metaschema changes * party assembly tweaks * Assessment Metaschema Updates * Updated FedRAMP Profiles * additional assessment model tweaks * SAR and POA&M Model Adjustments * Metaschema gymnastics * Fixed invalid content. * SSP Example - Remove Schema Line * Baselines with relative path to catalog * Baseline path tweaks Co-authored-by: David Waltermire <[email protected]> Co-authored-by: Wendell Piez <[email protected]> Co-authored-by: Wendell Piez <[email protected]>
aj-stein-nist
pushed a commit
to aj-stein-nist/OSCAL-forked
that referenced
this issue
Jan 25, 2023
* Renamed group-as names to make them more consistent. * Moved levergaed-authorizations to system-implementation. Made system-implementation and control-implementation required. * Added metadata and fixed other front matter in content * Updated examples with AU-5 mock-up data * Filled in missing titles and descriptions. Added role/user. * Updates to examples. Tweak to SSP Metaschema * Adding metaschema support for UUIDs. Implemented uuids addressing issue usnistgov#676. * Fixed broken schema and schematron paths. * Fixed content to use new uuid-based flags. * Profile resolution test set update to M3 models * Updating profile resolver; renaming uuid support XSLT (#42) * Removed SSL certificate check for wget to deal with broken SSL cert on apache archive site. * Updated OSCAL version in metaschema files. * Migrated definition of a system interconnection and service into components. The "service" and "interconnection" component types are now used to define these. (usnistgov#498) * Flattened party -> org/person to be just party. Party now has a type which identifies if the party is a person or organization. * Added SHA-3 algorithms to the hash algorithm list. (usnistgov#632) * Fixed Docker container to run scripts that require in-place editing. * Fixed SSP elements that reference a component UUID, but lacked the correct type. * Added a location title. * Updating metaschema support to fix bug (usnistgov/metaschema#56). * Added "homepage" link relation. * Fixed message error in round-trip validation which indicated the wrong type of conversion as compared to what was actually happening. Fixed remaining round-trip issues. * Updated Assessment Metaschemas * Updated FedRAMP Profiles * WIP - UUID transition prep * WIP assessment * Finished UUID Transition * Significant assessment metaschema updates * Assessment metaschema changes * Assessment metaschema changes * party assembly tweaks * Assessment Metaschema Updates * Updated FedRAMP Profiles * additional assessment model tweaks * SAR and POA&M Model Adjustments * Metaschema gymnastics * Fixed invalid content. * SSP Example - Remove Schema Line * Baselines with relative path to catalog * Baseline path tweaks Co-authored-by: David Waltermire <[email protected]> Co-authored-by: Wendell Piez <[email protected]> Co-authored-by: Wendell Piez <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
User Story:
As an OSCAL user, I need to be able to use digest methods (SHA-variants) that are not listed in the W3C Security Algorithm Cross-Reference Digest Methods (W3C, April 2013)
Goals:
Add support in the Schema for newer SHA functions such as SHA3-224, SHA3-256, SHA3-384, SHA3-512 (see https://tools.ietf.org/html/rfc6931#section-2.1.5 for standardized URIs) and permutation-based Hash and Extendable-Output Functions (https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf)
Dependencies:
none
Acceptance Criteria
The text was updated successfully, but these errors were encountered: