OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cacao message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cacao] Project requirements


Hi David.

Thanks for the questions. We never really definedÂin the requirements document what is meant by projects, and it is probably a leftover term that should be removed, unless someone can define it. Somehow that slipped through the editingÂprocess.Â

Originally we thought we needed an extra wrapper called "actions". But then after doing some early implementations, we realized it was just an extra layer of indirection that really did not need to exist. We talked about this on a few calls, and no one could find a reason that we should keep it. So we simplified it down and now we have the "single action step" call the actual commands. Also steps are just logic steps and do not really have versions as that would not make sense. The command wrapper (think old actions) does have a version property that could be exposed in a UI. But you are correct in that new versions have new UUIDs so there really is no way to say this is the evolution of a command over time. Is this something that should be done differently?Â

Does this help?Â



Thanks,
Bret
PGP Fingerprint:Â63B4 FC53 680A 6B7D 1447 ÂF2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."


On Tue, Sep 8, 2020 at 4:58 PM Mr. David Kemp <d.kemp@cyber.nsa.gov> wrote:
Requirements CND-01 Identifiers (2.5) has requirements for projects and individual actions, and Targeting (2.6) has requirements for actions, projects and templates.

Playbooks CSD-01 defines playbook-template as a type of playbook, and uses "modified" as its version. It identifies actions by UUIDv5 values.

CSD-01 does not mention projects, nor versioning of actions.

* Is requirement IDENT.1 "System Integration" OBE with respect to projects?
* Is requirement TARGET.1 "Versioning" OBE with respect to semantic versioning? (modified date is an incremental version).
* Is requirement TARGET.1 OBE with respect to actions? (step--uuid1 identifies an action, but there is no base/version relationship between step--uuid1 and step--uuid2 - they appear to be different actions, not versions of a single action.)

regards,
David Kemp

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]