iMichaela
commented
1 year ago @wendellpiez - I am thinking it would be more practical if the profile resolver is a separate tool than the SSP tool (for simplicity) and clarity of the process. Thoughts?
Open wendellpiez opened 1 year ago
iMichaela
commented
1 year ago @wendellpiez - I am thinking it would be more practical if the profile resolver is a separate tool than the SSP tool (for simplicity) and clarity of the process. Thoughts?
wendellpiez
commented
1 year ago @iMichaela indeed, that is what this proposal is aimed at, exactly, to keep them separate. :+1:
The idea would be that a user who has a profile can use any profile resolver to create the catalog from it, which could be used here to get a 'stub' SSP. Later (or even sooner), this SSP could then import the profile, as a proxy for the catalog represented by the profile and used in the tool. (Just as a profile is a proxy for a catalog produced by resolving it, such a catalog can be a proxy for the profile.)
iMichaela
commented
1 year ago Excellent - thank you!
This application would accept an OSCAL catalog as input and produce an SSP 'blank' or near-blank to be saved locally, with placeholder markup and boilerplate contents for controls to be addressed. By 'near-blank' we mean that some metadata, for example, could be provided for. But this is not a full-fledged SSP editor, only a 'scaffolder' that produces an SSP good enough to get started.
By reading catalogs it can step around the requirement for profile resolution. But the ordinary use case would expect a catalog produced by profile resolution (perhaps with scores of controls, not hundreds), and we'd offer help on doing this.
The application could both render the boilerplate SSP, and offer a local save.
Since UUID generation and significant user interaction are needed, SaxonJS is called for, hence CSX on this platform (with updated SaxonJS?) not XSLT-Blender.
Basic idea prompted by @iMichaela, who can help define requirements and test.