Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to track and communicate on specific development topics in our work? (Part 2) #1688

Open
1 of 11 tasks
aj-stein-nist opened this issue Mar 2, 2023 · 15 comments
Open
1 of 11 tasks
Labels
Community Feedback Needed Developer Experience Issues around enhancing and optimizing work for development of NIST OSCAL artifacts enhancement

Comments

@aj-stein-nist
Copy link
Contributor

aj-stein-nist commented Mar 2, 2023

User Story

As a NIST or community OSCAL developer, in order to understand the current state of work, I would like to know how a certain development issue (rules, customer responsibility matrix, a large topic in ongoing development) is communicated cohesively: a summary of that topic of work, the related epic or epics, and the issues within one or more epics to understand the progression of work and what parts are "done."

This issue will focus on rounding out work started in #1496 and focus on the pending work items described in comment #1496 (comment).

Goals

  • Communicate where topics there in different work streams from the NIST OSCAL Team.
  • Answer two key practical questions with the simplest, least effort approach:
    • Which topics have we worked on our plan to work on in the future? I want to understand where the NIST Team is at!
    • Which topic or topics are we actively working on?

Dependencies

Acceptance Criteria

  • An ADR that is reviewed or merged into main documenting the approach decided.
  • One or more NIST staff brief the community for feedback in the relevant public meeting venue.
    • Feedback is received and recorded in meeting minutes.
    • If applicable, NIST OSCAL Team reviews feedback and makes necessary adjustments where beneficial.
  • A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
  • The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.
@aj-stein-nist aj-stein-nist added Developer Experience Issues around enhancing and optimizing work for development of NIST OSCAL artifacts Community Feedback Needed and removed User Story labels Mar 2, 2023
@iMichaela iMichaela changed the title How do track and communicate on specific development topics in our work? (Part 2) How to track and communicate on specific development topics in our work? (Part 2) Mar 2, 2023
@aj-stein-nist
Copy link
Contributor Author

This is sadly overdue, to work in Sprint 67 or we need to find an interim solution before the sprint in which we next schedule this work.

@aj-stein-nist
Copy link
Contributor Author

I would like to start on this soon. I have looked at what Chris and Michaela are doing with DEFINE, so that will be a good starting point and I will hope to align with that. :-)

https://github.com/orgs/usnistgov/projects/48

@Arminta-Jenkins-NIST Arminta-Jenkins-NIST self-assigned this May 5, 2023
@aj-stein-nist aj-stein-nist self-assigned this May 5, 2023
@aj-stein-nist
Copy link
Contributor Author

For now Arminta will help but A.J. will drive this issue.

@aj-stein-nist
Copy link
Contributor Author

I have bumped up the priority of this from Moderate to High because before, during, and after the conference at the end of May messaging around this will be increasingly important.

@aj-stein-nist
Copy link
Contributor Author

aj-stein-nist commented May 10, 2023

I need to sync up with @Arminta-Jenkins-NIST this afternoon but I have spent spare time between non-OSCAL work researching how different projects communicate current work and medium/long-term roadmaps, particularly open-source projects for data formats and specifications generally, and particularly those in the cybersecurity domain. I will include a list of some of those for reference for colleagues and community members following this issue.

  • SLSA
  • SPDX
  • CycloneDX
  • in-toto specification(s)
  • SARIF
  • The family of OASIS OpenC2 standards

I also have started to look at a few that are not specific to cybersecurity.

  • OASIS DITA
  • OASIS ODF
  • TEI

Many of them use GitHub to track day-to-day technical work in the form of issues. Most repositories make use of these issues with labels. Very few, if any, use the GitHub Projects boards (the classic or new stable v2 version). The associated repos for these efforts that do use project boards make sparing use of them, many have infrequent usage or are completely stale. The one exception I found lately is SLSA.

https://github.com/orgs/slsa-framework/projects/1/views/1?layout=board

In terms of roadmap, the in-toto project does store the roadmap and the quarterly as Markdown files in their repo and it is worth considering.

https://github.com/in-toto/docs/tree/6400974e229b70cfa7a2585dafb854955422c8d1/roadmap-reviews

UPDATE: I also really enjoyed this roadmap as communicated for the Unison project.

https://www.unison-lang.org/roadmap/

@Arminta-Jenkins-NIST
Copy link
Contributor

I've started on a comprehensive list of suggested objectives/themes to sort the development topics. Please see the following hackMD.

@aj-stein-nist
Copy link
Contributor Author

@Arminta-Jenkins-NIST I wanted to provide some more detailed examples of what level of detail I think we need. Let me know what you think. We should catch up later today or early next week. Still very much a work in progress but let's catch up soon.

@aj-stein-nist aj-stein-nist moved this from Todo to In Progress in NIST OSCAL Work Board Jun 2, 2023
@aj-stein-nist
Copy link
Contributor Author

Need to meet with team and move this forward adjusting for feedback.

@aj-stein-nist
Copy link
Contributor Author

@aj-stein-nist needs to work with Chris to integrate research topics with the value stream concept (if we move forward with that), brief the time, make a decision as a group, move forward in the next 1-2 weeks.

@aj-stein-nist
Copy link
Contributor Author

I had a series of internal meetings and did work research on better layering a communications approach. Draft ADR, minimalist example, and more to follow.

@aj-stein-nist
Copy link
Contributor Author

Moving to Sprint 77 with related #1910, both are incomplete.

@aj-stein-nist
Copy link
Contributor Author

Although this is not technically started, it will be prudent to handle this with #1910, which is very close to done. We will talk about moving this forward in sprint planning.

@aj-stein-nist
Copy link
Contributor Author

This issue was discussed at length in coordination with #1910. This needs to be moved forward, with #1910 as a primary target of integrating into the board and communicating on those specific development topics. More to follow tomorrow.

@iMichaela
Copy link
Contributor

HackMD where work was started: https://hackmd.io/AfAityGDSMSMG74vrzQwDA

@Compton-US
Copy link
Contributor

Narrowing the scope on this issue a bit from the original broad scope team communication. For closing this issue out, we need to review 1910 and check off items that we already have tutorial content for.

For items that are not checked off, we need to review and create issues as necessary to plan the creation of new/updated content related to each of the value streams.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Community Feedback Needed Developer Experience Issues around enhancing and optimizing work for development of NIST OSCAL artifacts enhancement
Projects
Status: Under Review
Development

No branches or pull requests

4 participants