-
Notifications
You must be signed in to change notification settings - Fork 183
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Catalog/Group from Metaschema is interpreted differently in XSD and JSON-Schema #1989
Comments
Wendel, @wendellpiez would you be able to take a look at the issue with me, or the guidance in the description is enough? |
This issue has been reported to the Metaschema XSLT processor with bug usnistgov/metaschema-xslt#105. That will need to be fixed there to resolve this issue in Metaschema. |
@JustKuzya, this looks good so far. The next step would be to flesh out the example in the form of unit tests to replicate the current and correct behaviors. Next step in prep would be to contrive a test Metaschema containing (isolating) a choice group. Maybe AJ's example in usnistgov/metaschema-xslt#105 could be worked up. From there we can step forward to writing XSpec tests. Once we know we can validate a change to be "the correction" (while not breaking other things etc.), the actual fix will likely be easy. Meanwhile, in addition to a logical mapping into JSON syntax such as you provide here, small examples that are "currently-wrong" are also needed (in the sense that the validator is misreporting them). These could be with the example (toy), with an OSCAL example, or both. The long term: this work dovetails with the schema validation-validation work I am doing in the oscal-xslt repository. Up for discussion is how OSCAL can support external tools developers with robust and solid examples for unit testing and regression testing. (I have ideas.) Subject to discussion: who is interested in learning to do this, or at least in seeing how it is done. |
Here is a starting point, an XSpec written by @aj-stein-nist last year to validate an adjustment in how fields are defined, that have values but not flags (i.e. an edge case), in the JSON Schema: https://github.com/usnistgov/metaschema-xslt/blob/develop/src/testing/issue_235_regression.xspec Note that targets are expressed in XML according to this rendering: https://www.w3.org/TR/xpath-functions-31/#func-json-to-xml (scroll down to see examples) This example shows mappings at the level of structures internal to documents, but the tests can be made to work from the top level as well, i.e. examining an entire mapping not just a particular bit of it. |
For field testing the JSON Schema, we need examples of the following, in JSON:
And we need a validation runtime that uses the JSON Schema to validate and examines its results to confirm they are correct to this lineup. My understanding is the current JSON Schema incorrectly reports 'group with both' as valid. |
Indeed the cases listed above are accurate per current definitions and XML Schema which properly represents
This is not a light decision to make and the community input is important. I am preparing the necessary information for the community (coming soon). So, TODAY, per current schema, all cases above are valid per JSON Schema. and are as listed per XML Schema. They need to be sinked but how, it will be based on the community's feedback. |
@JustKuzya aggregated all cases where
The choice is used in multiple places besides group/control some are clear (no attributes, which makes them min-max = 1-1), some are less clear in what the intent was, especially when there is a
|
Cool - except A couple of things to add:
Finally: additionally to the two suggestions made so far, there is a third 'in-between' technical solution, namely reflecting the rule ( (Indeed this is what we might have had in mind when we pondered this problem in forgotten-times.) |
Thank you @wendellpiez . A.
Where do we have those reasons documented so all current and future members of the team, and our collaborators have a clear understanding? B.
Both are needed, and I greatly appreciate your initiative, but the expertise and understanding of the
I like it, and we need to present it next to the others more 'extreme'. An alignment is needed. Thank you again. |
A. requires a canonical specification of a Metaschema -> XSD mapping or at least requirements for that. The Metaschema developers have discussed this but there are also good reasons against it. What is actually required (and does not require explaining both XSD and Metaschema to all OSCAL users) would be a set of field tests that exhaustively demonstrate expected behaviors by validators, plus ideally a harness for using it. Indeed this is essential if OSCAL plans to own its own validations, so it can both adjudicate among OSCAL implementations (which ones are 'correct') and some day migrate to tomorrow's schema technology. I have built one of these for the XSD and am proceeding to extend it to include JSON Schema, albeit not yet automate it - but see usnistgov/metaschema-xslt#110 Accordingly, I think we need three things at present (in addition to work on usnistgov/metaschema-xslt#105):
I'm proceeding with these, albeit not in this order - feel free to pitch in or ask how to do so. |
This bug is being fixed upstream (see usnistgov/metaschema-xslt#105 and usnistgov/metaschema-xslt#108 there a WIP PR exists towards supporting choice). Once metaschema-xslt/#105 is fixed and the JSON catalog schema gets updated, the existing OSCAL JSON catalogs become invalid IF the authores used |
Describe the bug
Metachema definition
Metaschema defines the top-level catalog/group (recursing by refs) as follows (note; it is a
choice
without attributes):I assume that the defaults in Metaschema match XSD ones and fall back to min/max-Occurs defaulting to 1
XSD schema definition
Ends up as follows:
which considering mixOccurs and maxOccurs defaulting to 1 => we have effectively an Exclusive OR
JSON Schema on the other hand
Has a plain no-choice-restricted definition (excerpt is larger than the two above to illustrate the context):
while the XSD equivalent, probably should be:
Who is the bug affecting
People who try to validate "inventive" and "non-classical" JSON catalogs
When groups and controls mixed together in "twigs and leaves in same bag"-style, which is allowed by OSCAL JSON Schema, but isn't allowed by Metaschema, XSD, and OSCAL-CLI tool, the catalog-authors get confused.
What is affected by this bug
Modeling
How do we replicate this issue
Expected behavior (i.e. solution)
Difference should be not be noticeable
Other comments
No response
Revisions
No response
The text was updated successfully, but these errors were encountered: