Open Rene2mt opened 1 month ago
Updated proposal option 4 to:
- Rolled back addition of
uuid
flag in theauthorized-privilege
assembly- Rolled back
deprecated
flag in theauthorized-privilege
assembly
component
assembly requiring any of its authorized-privilege
assemblies to either have a role-id
or user-uuid
- Supports both user-centric and component-centric definition of authorized-privileges
- Allows association of association of authorized privileges with role, users, or both
Committer Notes
This is a DRAFT PR illustrating another option for how to represent FedRAMP's SSP separation of duties (issue #534 ). The approach in this is illustrated by the entity diagram below:
This would require require the following changes to the NIST OSCAL SSP models:
All Submissions:
By submitting a pull request, you are agreeing to provide this contribution under the CC0 1.0 Universal public domain dedication.