Re: OVAL record datatype not supported in XCCDF/SCAP

>-----Original Message-----
>From: [hidden email] [mailto:[hidden email]] On Behalf Of Michael
>Tan
>Sent: Monday, January 30, 2012 1:47 PM
>To: Multiple recipients of list
>Subject: RE: OVAL record datatype not supported in XCCDF/SCAP
>
>Hi Charles, thanks for your reply. Your understanding is correct;
>OVALDI doesn't complaint our OVAL content (check attached SCAP1.2 data stream).
>
>The most challenging dilemma for us is actually that we use SCAP
>validation tool as assurance to release our SCAP content. If we use
>var_ref for record, it hits below errors,
>
>oval:microsoft.com:var:1 - inconsistent datatype between the variable
>and an associated var_ref
>oval:microsoft.com:ste:1 - The use of var_ref is prohibited when the
>datatype is 'record'.
>
>This is a gap between XCCDF and OVAL around record type.
>
>I hope to get some suggestions from this community how we should create
>this content.
>
>Thanks,
>Michael
>
>
>-----Original Message-----
>From: Schmidt, Charles M. [mailto:[hidden email]]
>Sent: Friday, January 27, 2012 12:10 PM
>To: Michael Tan; Multiple recipients of list; [hidden email]
>Subject: RE: OVAL record datatype not supported in XCCDF/SCAP
>
>Hello Michael,
>
>To make sure I understand, what you wish for is the ability for an
>XCCDF Value to export an entire OVAL record. It does appear to be
>possible to import field values individually, but this, of course,
>leaves the list of field names fixed within a record. I'm guessing that
>part of the reason you wish to export a record in its entirety is to
>enable you to control the list of fields directly, not just their
>values. (Is this correct? Could you supply a pseudo-SCAP example of
>what you would like to have happen?)
>
>You are correct that XCCDF only exports simple values (or lists
>thereof) and not more structured entities. As I understand it, however,
>OVAL can only import simple values or lists as well. As such, the two
>languages seem to be in parity with each other and any changes would
>need to occur in both places.
>
>That said, last year the discussions around XCCDF discussed adding
>capabilities to allow structured XML to be exported via Values. The
>community rejected (or at least deferred) this feature for two reasons:
>1) no one could come up with a situation where such a feature could be
>used (which is still the case today given the inability of OVAL
>variables to hold record structures) and 2) it was observed that XML
>content could simply be URI-encoded and exported as a string. The
>latter isn't going to do you much good since OVAL variables cannot hold
>the record type, but if that ever changed such a URI-encoded string
>could be converted to a record using the same mechanics that allow
>other imports to be converted to the appropriate data type for testing.
>
>Sorry this isn't really a solution, but I wanted to respond and make
>sure I was understanding your concerns.
>
>Thanks,
>Charles
>
>>-----Original Message-----
>>From: [hidden email] [mailto:[hidden email]] On Behalf Of
>>Michael Tan
>>Sent: Thursday, January 26, 2012 9:27 PM
>>To: Multiple recipients of list
>>Subject: OVAL record datatype not supported in XCCDF/SCAP
>>
>>Hi, I am looking for helps/suggestions as my team is creating SCAP1.2
>content
>>using record data type.
>>
>>
>>
>>As part of OVAL5.10, new construct cmdlet_test is available for Windows.
>The
>>only datatype for cmdlet_state value is "record". However record value
>>cannot be imported as variable from XCCDF.  This breaks our normal
>>SCAP content structure.
>>
>>
>>
>>I wonder anyone in this group has been using record data type in OVAL
>>content and how you integrate with XCCDF to create SCAP content.  I
>>appreciate any suggestions.
>>
>>
>>
>>Thanks,
>>
>>Michael

>-----Original Message-----
>From: [hidden email] [mailto:[hidden email]] On Behalf Of Michael
>Tan
>Sent: Monday, January 30, 2012 5:04 PM
>To: Multiple recipients of list
>Subject: RE: OVAL record datatype not supported in XCCDF/SCAP
>
>Sorry Jon, I attached an early version of the sample, it invalidates OVAL
>schema. Please check attached sample again, it is based on an sample from
>Prabhu.
>
>SCAPVAL tool still complaints inconsistent data type because XCCDF doesn't
>support record.
>
>What we are trying to do is keeping the same SCAP content structure, define
>rule value in XCCDF as variable and exported/imported into OVAL. This is
>broken because record is only data type choice for cmdlet_state.
>
>At this point I don't consider this is limitation of OVAL. This is more of
>XCCDF/SCAP issue.
>
>Thanks,
>Michael
>
>-----Original Message-----
>From: Baker, Jon [mailto:[hidden email]]
>Sent: Monday, January 30, 2012 11:12 AM
>To: Michael Tan; Multiple recipients of list; oval-developer-list OVAL
>Developer List/Closed Public Discussion; [hidden email]
>Subject: RE: OVAL record datatype not supported in XCCDF/SCAP
>
>In looking at your example I think you are probably failing OVAL validation
>with the following state:
>
><cmdlet_state id="oval:microsoft.com:ste:1" version="3"
>xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
>   <value var_ref="oval:microsoft.com:var:1" datatype="record"
>operation="equals" /> </cmdlet_state>
>
>The value element has a datatype of "record" and so it cannot have a var_ref
>attribute. Can you explain in a bit more detail what you are looking to
>check?
>What do you want to provide to the state as a variable value?
>
>In OVAL 5.10 you can provide variable values to fields within a parent
>element, but not on the parent element itself.
>
>Thanks,
>
>Jon
>
>============================================
>Jonathan O. Baker
>G022 - IA Industry Collaboration
>The MITRE Corporation
>Email: [hidden email]
>
>
>>-----Original Message-----
>>From: [hidden email] [mailto:[hidden email]] On Behalf Of Michael
>>Tan
>>Sent: Monday, January 30, 2012 1:47 PM
>>To: Multiple recipients of list
>>Subject: RE: OVAL record datatype not supported in XCCDF/SCAP
>>
>>Hi Charles, thanks for your reply. Your understanding is correct;
>>OVALDI doesn't complaint our OVAL content (check attached SCAP1.2 data
>stream).
>>
>>The most challenging dilemma for us is actually that we use SCAP
>>validation tool as assurance to release our SCAP content. If we use
>>var_ref for record, it hits below errors,
>>
>>oval:microsoft.com:var:1 - inconsistent datatype between the variable
>>and an associated var_ref
>>oval:microsoft.com:ste:1 - The use of var_ref is prohibited when the
>>datatype is 'record'.
>>
>>This is a gap between XCCDF and OVAL around record type.
>>
>>I hope to get some suggestions from this community how we should create
>>this content.
>>
>>Thanks,
>>Michael
>>
>>
>>-----Original Message-----
>>From: Schmidt, Charles M. [mailto:[hidden email]]
>>Sent: Friday, January 27, 2012 12:10 PM
>>To: Michael Tan; Multiple recipients of list; [hidden email]
>>Subject: RE: OVAL record datatype not supported in XCCDF/SCAP
>>
>>Hello Michael,
>>
>>To make sure I understand, what you wish for is the ability for an
>>XCCDF Value to export an entire OVAL record. It does appear to be
>>possible to import field values individually, but this, of course,
>>leaves the list of field names fixed within a record. I'm guessing that
>>part of the reason you wish to export a record in its entirety is to
>>enable you to control the list of fields directly, not just their
>>values. (Is this correct? Could you supply a pseudo-SCAP example of
>>what you would like to have happen?)
>>
>>You are correct that XCCDF only exports simple values (or lists
>>thereof) and not more structured entities. As I understand it, however,
>>OVAL can only import simple values or lists as well. As such, the two
>>languages seem to be in parity with each other and any changes would
>>need to occur in both places.
>>
>>That said, last year the discussions around XCCDF discussed adding
>>capabilities to allow structured XML to be exported via Values. The
>>community rejected (or at least deferred) this feature for two reasons:
>>1) no one could come up with a situation where such a feature could be
>>used (which is still the case today given the inability of OVAL
>>variables to hold record structures) and 2) it was observed that XML
>>content could simply be URI-encoded and exported as a string. The
>>latter isn't going to do you much good since OVAL variables cannot hold
>>the record type, but if that ever changed such a URI-encoded string
>>could be converted to a record using the same mechanics that allow
>>other imports to be converted to the appropriate data type for testing.
>>
>>Sorry this isn't really a solution, but I wanted to respond and make
>>sure I was understanding your concerns.
>>
>>Thanks,
>>Charles
>>
>>>-----Original Message-----
>>>From: [hidden email] [mailto:[hidden email]] On Behalf Of
>>>Michael Tan
>>>Sent: Thursday, January 26, 2012 9:27 PM
>>>To: Multiple recipients of list
>>>Subject: OVAL record datatype not supported in XCCDF/SCAP
>>>
>>>Hi, I am looking for helps/suggestions as my team is creating SCAP1.2
>>content
>>>using record data type.
>>>
>>>
>>>
>>>As part of OVAL5.10, new construct cmdlet_test is available for Windows.
>>The
>>>only datatype for cmdlet_state value is "record". However record value
>>>cannot be imported as variable from XCCDF.  This breaks our normal
>>>SCAP content structure.
>>>
>>>
>>>
>>>I wonder anyone in this group has been using record data type in OVAL
>>>content and how you integrate with XCCDF to create SCAP content.  I
>>>appreciate any suggestions.
>>>
>>>
>>>
>>>Thanks,
>>>
>>>Michael
>