1 message in org.oasis-open.lists.wasevdl 0.1 update| From | Sent On | Attachments |
|---|---|---|
| Peter Michalek | Jan 13, 2005 11:06 am |
| Subject: | evdl 0.1 update | |
|---|---|---|
| From: | Peter Michalek (pet...@michalek.org) | |
| Date: | Jan 13, 2005 11:06:11 am | |
| List: | org.oasis-open.lists.was | |
I submitted an update to the schema, including auto-generated schema documentation and updated sample to:
http://www.oasis-open.org/apps/org/workgroup/was/document.php?document_id=10974
Please note that all documents are accessible to the general public, but you have to modify the URL:
http://www.oasis-open.org/committees/download.php/10974
For the list of all publically accessible docs go to: http://www.oasis-open.org/committees/documents.php?wg_abbrev=was
--- This schema revision contains the following modifications:
changes in EVDL schema: - renamed <sca> to <analysis> to make it consistent with naming convention of other verticals, such as protect, detect
- cleaned up redundancy with ID: <ID>magnolia-9E9BC8AD2338EBBBF6986C4255409A6D </ID> instead of: <ID testCaseID="magnolia-9E9BC8AD2338EBBBF6986C4255409A6D"/>
- corrected example to have more meaningful and neutral data - rootCause, relatedCauses cleaned up in schema and sca sample, new sample contains: <rootCause> <cause>Implementation</cause> </rootCause> <relatedCauses> <cause>Design</cause> <cause>UnitTest</cause> </relatedCauses> - added licenseText minOccurs=0 <xsd:element name="licenseText" type="xsd:string" minOccurs="0"/>
------------------
Also, we discovered additional inconsistencies in the schema that we'll be correcting: - need more modeling, e.g. in sample, empty fields: need examples from real life: <riskRanking> <threat/> <impact/> </riskRanking> <references> <vulnDatabase> <name/> <location>http://www.vulndb.com/1234</location> <itemIdentifier/> </vulnDatabase> <!-- <whitePaper></whitePaper> <newsExample></newsExample> --> </references> also: <title/> <abstract/> <description/> need modeling: is Title "per instance" or "per type"? e.g. Injection.SQL might always have the same title
- need to modify locationOfIssue, make compatible with analysis vertical - sca has difference case from profile etc.: UpperCamelCase, as opposed to lowerCamelCase </AnalysisInfo> - need many small modifications to core schema for consistency relating to CamelCase e.g.: License
We'll review the changes at the next confcall 1/19/2005.
Peter