ronaldtse
commented
8 months ago Maybe we can bridge this using the Shale gem? @HassanAkbar
Open ronaldtse opened 1 year ago
ronaldtse
commented
8 months ago Maybe we can bridge this using the Shale gem? @HassanAkbar
HassanAkbar
commented
8 months ago @ronaldtse Sure, will look into it after finalizing stepmod-utils issues.
RS-Credentive
commented
4 months ago Hey, I am working on this with a couple of others (for python) here: https://github.com/Credentive-Sec/metaschema-python
I have some design notes and there are weekly calls with the metaschema team to talk about the challenges and discuss ideas. Let me know if you're interested in joining. The more the merrier!
ronaldtse
commented
1 month ago Instead of the Shale gem we are looking at our own lutaml-model gem which has superseded Shale.
ronaldtse
commented
4 days ago This task is now active. We will first move this to the https://github.com/lutaml/ org to continue.
ronaldtse
commented
4 days ago This task is now handled by @hasaniskandar
RS-Credentive
commented
3 days ago The 'metaschema-python' library is now the 'metaschema-codegen' library, expressly for the purpose of supporting multiple programming languages as output. Very happy to have a chat with you all anytime to talk about where it is and how to make it produce ruby libraries as an output.
ronaldtse
commented
3 days ago Thanks @RS-Credentive for the tip! We'd be more than happy to contribute to the metaschema-codegen after we complete implementation.
Our goal here is to handle all versions of the OSCAL metaschemas using the same Ruby library, since we're trying to help our users on the other side (Metanorma) to handle OSCAL as simply as possible.
The other goal we have is to improve our schema handling library (lutaml-model), so it's just a process we need to work through.
RS-Credentive
commented
3 days ago I'm happy to share any tips or information that I have gleaned, so feel free to ping me. I highly recommend joining the once a week metaschema calls on Friday at 1 PM Eastern. If your team would like to participate, I can forward the invitation or put you in touch with the organizers. It's hosted by the ex NIST/OSCAL now GSA/Fedramp team that is writing metaschema.
ronaldtse
commented
3 days ago @RS-Credentive Happy to join the call for this week! My email is tse@ribose.com if you don't mind communicating the details separately. P.S. Is Michaela etc now with the new team?
RS-Credentive
commented
3 days ago Michaela is still manning the ship at NIST. Dave and AJ are building a team at FedRAMP.
ronaldtse
commented
3 days ago Thank you @RS-Credentive !
NIST OSCAL is a cybersecurity-artifact data specification language that provides a set of data schemas used.
The OSCAL data structures are versioned according to a "metaschema XML". This metaschema XML further defines the data structure across the JSON, YAML and XML implementation formats. i.e. the "Metaschema" is defined in XML, and this "Metaschema" dictates how the resulting "OSCAL JSON", "OSCAL YAML", and "OSCAL XML" data schema looks like.
These are the particulars about the OSCAL Metaschema:
We need to generate the (Ruby) object accessors in the "oscal" gem, because:
Currently, the Ruby "oscal" gem implements only the "OSCAL Catalog" data schema at a particular version (one of the data schemas provided by the Metaschema). Once we have this, it means that we can support 1.0, 1.0.1, 1.0.4 etc versions in the same gem.
Allows us to use one implementation across all Metaschema versions. Users need to parse/build not only the latest version, but also older versions.
Allows the "oscal" Ruby gem to parse and build all the data schema objects across JSON, YAML and XML.
The relevant input to this task are:
The approach is:
Oscal::Catalog::Version104.parse(catalog_xml).to_xml.We will need to reimplement the internals of the current gem because we need to generate the classes depending on the metaschema XML.
Let's first do the Catalog metaschema (with multiple metaschema versions):
The other metaschemas can be found at: