[WIP] Start of map lookup approach for GSA#833

Thanks to @kyhu65867 for humoring me and and walking through concepts
that need better explanation for example here.

src/validations/constraints/content/ssp-all-VALID.xml

@@ -10,7 +10,7 @@
     <version>1.1</version>
     <oscal-version>1.1.2</oscal-version>
     <document-id scheme="https://example.com/identifiers">SSP-2024-002</document-id>
-    <prop name="fedramp-version" ns="https://fedramp.gov/ns/oscal" value="fedramp-3.0.0rc1-oscal-1.1.2"/>
+    <prop name="fedramp-version" ns="https://fedramp.gov/ns/oscal" value="3.0.0-rc1"/>
 
     <role id="creator">
       <title>Document Creator</title>

src/validations/constraints/content/ssp-oscal-version-matches-fedramp-version-INVALID.xml

@@ -1,6 +1,9 @@
-<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" uuid="12345678-1234-4321-8765-123456789012">
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0"
+                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                      xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd"
+                      uuid="12345678-1234-4321-8765-123456789012">
   <metadata>
     <oscal-version>2.0.0</oscal-version>
-    <prop name="fedramp-version" ns="https://fedramp.gov/ns/oscal" value="fedramp-3.0.0rc1-oscal-2.0.0"/>
+    <prop name="fedramp-version" ns="https://fedramp.gov/ns/oscal" value="3.0.0-rc1"/>
   </metadata>
 </system-security-plan>

src/validations/constraints/fedramp-external-allowed-values.xml

@@ -124,7 +124,7 @@
             <allowed-values id="fedramp-version" target="metadata/prop[@name='fedramp-version'][@ns='https://fedramp.gov/ns/oscal']/@value" allow-other="no" level="ERROR">
                 <formal-name>FedRAMP Version</formal-name>
                 <description>Identifies the FedRAMP version of the document.</description>
-                <enum value="fedramp-3.0.0rc1-oscal-1.1.2">FedRAMP Version</enum>
+                <enum value="3.0.0-rc1">FedRAMP Version 3.0.0 Release Candidate 1</enum>
             </allowed-values>
 
             <allowed-values id="information-type-800-60-v2r1" target="system-characteristics/system-information/information-type/categorization[@system='https://doi.org/10.6028/NIST.SP.800-60v2r1']/information-type-id" allow-other="no" level="ERROR">

src/validations/constraints/fedramp-external-constraints.xml

@@ -25,16 +25,22 @@
         <metapath target="/(assessment-plan|assessment-results|plan-of-action-and-milestones|system-security-plan)/metadata"/>
 >>>>>>> 74f8093d (refactored context)
         <constraints>
-            <let var="fedramp-version-oscal-part" expression="tokenize(prop[@name='fedramp-version'][@ns='https://fedramp.gov/ns/oscal']/@value, '-')[4]"/>
-            <let var="fedramp-oscal-version-subparts" expression="tokenize($fedramp-version-oscal-part, '\.')"/>
-            <let var="oscal-version-subparts" expression="tokenize(oscal-version, '\.')"/>
-            <let var="major-version-valid" expression="$oscal-version-subparts[1]  = $fedramp-oscal-version-subparts[1]"/>
-            <let var="minor-version-valid" expression="$oscal-version-subparts[2] >= $fedramp-oscal-version-subparts[2]"/>
-            <let var="patch-version-valid" expression="$oscal-version-subparts[3] >= $fedramp-oscal-version-subparts[3]"/>
-            <expect id="oscal-version-matches-fedramp-version" target="prop[@name='fedramp-version'][@ns='https://fedramp.gov/ns/oscal']" test="$major-version-valid and $minor-version-valid and $patch-version-valid" level="WARNING">
+                <let var="fedramp-minimal-oscal-versions" expression="map{'3.0.0-rc1': '1.1.2'}"/>
+                <let var="doc-fedramp-version" expression="prop[@name='fedramp-version'][@ns='https://fedramp.gov/ns/oscal']/@value"/>
+                <let var="fedramp-required-minimal-version" expression="if $doc-fedramp-version in map:keys($fedramp-minimal-oscal-versions) then map:get($fedramp-minimal-oscal-versions, $doc-fedramp-version) else ()"/>
+                <let var="required-doc-oscal-version-parts" expression="tokenize($fedramp-required-minimal-version, '\.')"/>
+                <let var="doc-oscal-version-parts" expression="tokenize(oscal-version, '\.')"/>
+                <let var="major-version-valid" expression="$doc-oscal-version-parts[1]  = $required-doc-oscal-version-parts[1]">
+                    <remarks>
+                        <p>FedRAMP considers every major version as a possible source of backwards-compatible changes. FedRAMP only accepts versions with the same major version, but not newer.</p>
+                    </remarks>
+                </let>
+                <let var="minor-version-valid" expression="$doc-oscal-version-parts[2] >= $required-doc-oscal-version-parts[2]"/>
+                <let var="patch-version-valid" expression="$doc-oscal-version-parts[3] >= $required-doc-oscal-version-parts[3]"/>
+                <expect id="oscal-version-matches-fedramp-version" target="oscal-version" test="$major-version-valid and $minor-version-valid and $patch-version-valid" level="WARNING">
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://docs.oasis-open.org/sarif/sarif/v2.1.0"/>                
-                <message>A FedRAMP document SHOULD have an OSCAL version that matches the minimally required version for FedRAMP packages, {$fedramp-version-oscal-part}, not {../oscal-version}.</message>
-            </expect>           
+                <message>A FedRAMP document SHOULD have an OSCAL version that matches the minimally required version for FedRAMP packages, {if $fedramp-required-minimal-version then $fedramp-required-minimal-version else 'which is undefined due to an incorrect or missing FedRAMP Version'}, not {.}. DEBUG: {$doc-oscal-version-parts[1]}</message>
+            </expect>
         </constraints>
     </context>
     <context>