OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

was message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: evdl 0.1 update

I submitted an update to the schema, including auto-generated schema 
documentation and updated sample to:

http://www.oasis-open.org/apps/org/workgroup/was/document.php?document_id=10974

Please note that all documents are accessible to the general public, but 
you have to modify the URL:

http://www.oasis-open.org/committees/download.php/10974

For the list of all publically accessible docs go to:
http://www.oasis-open.org/committees/documents.php?wg_abbrev=was

---
This schema revision contains the following modifications:

  changes in EVDL schema:
  - renamed <sca> to <analysis> to make it consistent with naming
    convention of other verticals, such as protect, detect
   
  - cleaned up redundancy with ID:
  <ID>magnolia-9E9BC8AD2338EBBBF6986C4255409A6D </ID>
  instead of:
  <ID testCaseID="magnolia-9E9BC8AD2338EBBBF6986C4255409A6D"/>
 
  - corrected example to have more meaningful and neutral data
  - rootCause, relatedCauses cleaned up in schema and sca sample, new 
sample contains:
          <rootCause>
              <cause>Implementation</cause>
          </rootCause>
          <relatedCauses>
              <cause>Design</cause>
              <cause>UnitTest</cause>
          </relatedCauses>
  - added licenseText minOccurs=0
              <xsd:element name="licenseText" type="xsd:string" 
minOccurs="0"/>


------------------

Also, we discovered additional inconsistencies in the schema that we'll 
be correcting:
    - need more modeling, e.g. in sample, empty fields: need examples 
from real
      life:
              <riskRanking>
                  <threat/>
                  <impact/>
              </riskRanking>
              <references>
                  <vulnDatabase>
                      <name/>
                      <location>http://www.vulndb.com/1234</location>
                      <itemIdentifier/>
                  </vulnDatabase>
                  <!--
              <whitePaper></whitePaper>
              <newsExample></newsExample>
              -->
              </references>
    also:
            <title/>
            <abstract/>
            <description/>
     need modeling: is Title "per instance" or "per type"?
     e.g. Injection.SQL might always have the same title
     
    - need to modify locationOfIssue, make compatible with analysis vertical
    - sca has difference case from profile etc.: UpperCamelCase, as opposed
      to lowerCamelCase
            </AnalysisInfo>
    - need many small modifications to core schema for consistency 
relating to CamelCase
      e.g.:
      License



We'll review the changes at the next confcall 1/19/2005.

Peter

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]