Add support to associate roles with privileges

src/metaschema/oscal_implementation-common_metaschema.xml

@@ -386,6 +386,7 @@
                   <field ref="role-id" min-occurs="0" max-occurs="unbounded">
                         <group-as name="role-ids" in-json="ARRAY"/>
                   </field>
+                  <!-- TODO: deprecate use of 'authorized-privilege' in the user assembly.  Instead, add 'role-id' to 'authorized-privilege' assembly and apply to  -->
                   <assembly ref="authorized-privilege" max-occurs="unbounded">
                         <group-as name="authorized-privileges" in-json="ARRAY"/>
                   </assembly>
@@ -429,6 +430,10 @@
                   <field ref="function-performed" min-occurs="1" max-occurs="unbounded">
                         <group-as name="functions-performed" in-json="ARRAY"/>
                   </field>
+                  <field ref="role-id" min-occurs="0" max-occurs="unbounded">
+                        <group-as name="role-ids" in-json="ARRAY"/>
+                  </field>
+                  <!-- Todo: will need to create contstraint such that referenced role-id must exist in the metadata -->
             </model>
       </define-assembly>
       <define-field name="function-performed" as-type="string">

src/metaschema/oscal_ssp_metaschema.xml

@@ -581,6 +581,12 @@
         <use-name>user</use-name>
         <group-as name="users" in-json="ARRAY"/>
       </assembly>
+
+      <assembly ref="authorized-privilege" min-occurs="1" max-occurs="unbounded">
+        <authorized-privilege>authorized-privilege</authorized-privilege>
+        <group-as name="authorized-privileges" in-json="ARRAY" />
+      </assembly>
+
       <assembly ref="system-component" min-occurs="1" max-occurs="unbounded">
         <use-name>component</use-name>
         <group-as name="components" in-json="ARRAY"/>