Automatic validation of parameter value using rule-based constraints

[david-waltermire]

User Story:

As an OSCAL author, I need the ability to specify a rules language and a corresponding rule in a control parameter constraint.

Goals:

Provide a structure that allows for the defintion of:

• A rules language by URI, and
• Rule content expressed in the specified rules language.

Dependencies:

None.

Acceptance Criteria

• The new constraint structure must allow for automatic verification that a parameter value meets the constraint.
• A proof of concept tool demonstrates use of this validation feature.

[trevor-vaughan]

@david-waltermire-nist This sounds similar to something we've been working on. Do you have a concrete example that you could share?

[anweiss]

@david-waltermire-nist can you also clarify whether or not this is analogous to co-occurrence constraints?

[david-waltermire]

@trevor-vaughan Some simple examples might be checking if the provided value is in a specific numeric range, matches a pattern, etc.

@anweiss This is not a co-occurrence constraint, since it is a constraint on a single data value, not a relationship between data values.

[aj-stein-nist]

This was discussed during backlog review today and we reoriented and confirm this is about parameter param/constraint/test more than anything else. One way we could move forward with this is group this with other relevant issues (such as #474 and discussion of typing of parameters, very relevant to this), and posit this as a discussion topic to the community. Far more research and feedback is needed.