Merge pull request #22 from usnistgov/revert-21-working

Revert "Working"

draft/punchlist.txt

@@ -0,0 +1,105 @@
+
+RANDOM CHUNKS OF PROSE
+
+Write a simple narrative describing use of OSCAL
+
+OSCAL is a world of controls, which cluster together in groups and within other ('higher level') controls. Controls come in different types but they all have the same basic form. They probably have titles and almost certainly have some normative language, called the "description" of the control (or sometimes just the "control"). Additionally they have one or more *properties* and *statements*, which provide structured information associated with the control. Exactly which properties and statements are present or available for a control, will depend on the particular control and the control type.
+
+Properties are best thought of as name-value pairs. assigned to a control. So for example a control may have a property 'RATING' (or 'rating') that assigns a nominal rating to a control, permitting controls in a set to be sorted and filtered by rating. The "rating" of any control will be a single value (as this is a property), a string albeit sometimes embellished a little (parameters are described below).
+
+Statements, in contrast, are best thought of as chunks or globs or hunks of prose, of arbitrary length. (Special-purpose statements may be short but some controls use statements to help keep the description short, i.e. for 'spillover'.) They may have internal structure, or they may be simply soup or piles of paragraphs and lists. (OSCAL borrows from HTML to keep the markup inside statements familiar.) Like properties, they might be enhanced (parameters again) in certain ways, but they will generally be fairly free form.
+
+The 'description' of a control might indeed be considered a special or privileged kind of statement, even as its title is a kind of property. For the most part, however, OSCAL permits catalogs and profiles to define their own properties, property values, and statements, for whatever purposes they might need.
+
+
+Parameters
+
+Escape hatch: 'wait list' statements (i.e. no assigned role)
+
+Control enhancements (subcontrols)
+
+Declarations
+
+Adaptability
+
+The rules that define control types can be changed, and new control types can be introduced. Organizations can share control types and share information defined and described using them - that is, as "controls".
+
+(It should be noted in passing that these are digital data objects or data instances, not actual "controls" in the world -- something ineffable, which the documentation of a control can only represent. But metaphysics and epistemology are not in scope here.)
+
+Interchangeability
+
+OSCAL is an entirely independent semantic 'stack' intended to promote interchange of a particular kind (or pattern) of information, a "control set". As such it can be mapped cleanly to NISO JATS, NLM BITS, NISO STS, DITA, or any other format.
+
+
+
+EXTRAS      
+o write XSLT to produce RACI chart for (all of) COBIT 5?
+
+NOT EXTRAS
+
+o Regression testing (for schema, XSLT etc.)
+  Requiring authoritative sample docs
+    Go / no-go
+    Schematron XSpec
+
+in SaxonJS demo:
+look for ixsl:onchange mode (dynamic rendering)
+
+x XSD pathway
+  x RNC -> XSD frame via Trang
+  x XSD frame + OSCAL.oscal -> XSD (w/ warnings re disparities) cf xsd-merge-docs.xsl
+  o XProc for Trang?
+
+Monday Aug 14
+  Adjusted schema and Schematron
+    changed xref to a (inline links)
+    pulled link validation into a separate Schematron
+  Updated ISO27002 extraction
+  Implemented ISO27002 enhancement (adding internal links)
+  Improved SP800-53 enhancement (picking up "withdrawn")
+  Tightened and tested schema, Schematrons
+  Much documentation
+
+  to do:
+
+  XSLT to add/normalized assign/@id
+  Adjust assign model:
+
+  Repair "Assignment" Schematron to new model
+
+links -
+  x validate internal cross-references - href[starts-with(.,'#)]
+  x change xref to a
+  o VALIDATE link in declarations - validate required and singleton by @rel (relationship) not @class
+
+
+o add xsd-type for declaration i.e. <xsd-type>decimal</xsd:type> validates $x castable as xs:decimal? (use eval)
+  o prop, param
+
+o Rough out profile functionality
+  select controls by ID
+  (then deselect controls by arbitrary criteria?)
+  implement parameters and assignments (crude is okay)
+    pass 1: expand profile to contain params for all //assign
+    pass 2: produce collection with params in place
+            (and other mods e.g. overwrites, additions)
+
+  o validate collection (selected controls) against source catalog?
+    to verify (existence/coverage) of control
+
+OSCAL framework in oXygen? 
+  oXygen macros, boilerplate and auto-insert
+  e.g. parameter names by reference to declarations
+
+o relax declarations: not declaring something is not an error
+o collapse features and statements:
+  o permit prose in features
+  o eliminate statements and rename stmts as features
+
+  o experiment (again) w/ semantic aliases for feat[@class='objectives'] etc
+  o add declarations for paragraph[@class]
+  o contemplate recursion
+
+
+
+