Enhance schemas to support more digest methods #632
Comments
david-waltermire
added a commit
to david-waltermire/OSCAL
that referenced
this issue
May 31, 2020
Migrated definition of a system interconnection and service into components. The "service" and "interconnection" component types are now used to define these. (usnistgov#498) Flattened party -> org/person to be just party. Party now has a type which identifies if the party is a person or organization. Added SHA-3 algorithms to the hash algorithm list. (usnistgov#632)
This was
linked to
pull requests
May 31, 2020
david-waltermire
added a commit
that referenced
this issue
Jun 1, 2020
* Renamed group-as names to make them more consistent. * Moved levergaed-authorizations to system-implementation. Made system-implementation and control-implementation required. * Added metadata and fixed other front matter in content * Updated examples with AU-5 mock-up data * Filled in missing titles and descriptions. Added role/user. * Updates to examples. Tweak to SSP Metaschema * Adding metaschema support for UUIDs. Implemented uuids addressing issue #676. * Fixed broken schema and schematron paths. * Fixed content to use new uuid-based flags. * Profile resolution test set update to M3 models * Updating profile resolver; renaming uuid support XSLT (#42) * Removed SSL certificate check for wget to deal with broken SSL cert on apache archive site. * Updated OSCAL version in metaschema files. * Migrated definition of a system interconnection and service into components. The "service" and "interconnection" component types are now used to define these. (#498) * Flattened party -> org/person to be just party. Party now has a type which identifies if the party is a person or organization. * Added SHA-3 algorithms to the hash algorithm list. (#632) * Fixed Docker container to run scripts that require in-place editing. * Fixed SSP elements that reference a component UUID, but lacked the correct type. * Added a location title. * Updating metaschema support to fix bug (usnistgov/metaschema#56). * Added "homepage" link relation. * Fixed message error in round-trip validation which indicated the wrong type of conversion as compared to what was actually happening. Fixed remaining round-trip issues. * Updated Assessment Metaschemas * Updated FedRAMP Profiles * WIP - UUID transition prep * WIP assessment * Finished UUID Transition * Significant assessment metaschema updates * Assessment metaschema changes * Assessment metaschema changes * party assembly tweaks * Assessment Metaschema Updates * Updated FedRAMP Profiles * additional assessment model tweaks * SAR and POA&M Model Adjustments * Metaschema gymnastics * Fixed invalid content. * SSP Example - Remove Schema Line * Baselines with relative path to catalog * Baseline path tweaks Co-authored-by: David Waltermire <[email protected]> Co-authored-by: Wendell Piez <[email protected]> Co-authored-by: Wendell Piez <[email protected]>
aj-stein-nist
pushed a commit
to aj-stein-nist/OSCAL-forked
that referenced
this issue
Jan 25, 2023
* Renamed group-as names to make them more consistent. * Moved levergaed-authorizations to system-implementation. Made system-implementation and control-implementation required. * Added metadata and fixed other front matter in content * Updated examples with AU-5 mock-up data * Filled in missing titles and descriptions. Added role/user. * Updates to examples. Tweak to SSP Metaschema * Adding metaschema support for UUIDs. Implemented uuids addressing issue usnistgov#676. * Fixed broken schema and schematron paths. * Fixed content to use new uuid-based flags. * Profile resolution test set update to M3 models * Updating profile resolver; renaming uuid support XSLT (#42) * Removed SSL certificate check for wget to deal with broken SSL cert on apache archive site. * Updated OSCAL version in metaschema files. * Migrated definition of a system interconnection and service into components. The "service" and "interconnection" component types are now used to define these. (usnistgov#498) * Flattened party -> org/person to be just party. Party now has a type which identifies if the party is a person or organization. * Added SHA-3 algorithms to the hash algorithm list. (usnistgov#632) * Fixed Docker container to run scripts that require in-place editing. * Fixed SSP elements that reference a component UUID, but lacked the correct type. * Added a location title. * Updating metaschema support to fix bug (usnistgov/metaschema#56). * Added "homepage" link relation. * Fixed message error in round-trip validation which indicated the wrong type of conversion as compared to what was actually happening. Fixed remaining round-trip issues. * Updated Assessment Metaschemas * Updated FedRAMP Profiles * WIP - UUID transition prep * WIP assessment * Finished UUID Transition * Significant assessment metaschema updates * Assessment metaschema changes * Assessment metaschema changes * party assembly tweaks * Assessment Metaschema Updates * Updated FedRAMP Profiles * additional assessment model tweaks * SAR and POA&M Model Adjustments * Metaschema gymnastics * Fixed invalid content. * SSP Example - Remove Schema Line * Baselines with relative path to catalog * Baseline path tweaks Co-authored-by: David Waltermire <[email protected]> Co-authored-by: Wendell Piez <[email protected]> Co-authored-by: Wendell Piez <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
User Story:
As an OSCAL user, I need to be able to use digest methods (SHA-variants) that are not listed in the W3C Security Algorithm Cross-Reference Digest Methods (W3C, April 2013)
Goals:
Add support in the Schema for newer SHA functions such as SHA3-224, SHA3-256, SHA3-384, SHA3-512 (see https://tools.ietf.org/html/rfc6931#section-2.1.5 for standardized URIs) and permutation-based Hash and Extendable-Output Functions (https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf)
Dependencies:
none
Acceptance Criteria
The text was updated successfully, but these errors were encountered: