diff --git a/OSCALRestOpenAPI.json b/OSCALRestOpenAPI.json
index 449ce6e..05fe7cb 100644
--- a/OSCALRestOpenAPI.json
+++ b/OSCALRestOpenAPI.json
@@ -1,5 +1,5 @@
{
- "openapi": "3.0.3",
+ "openapi": "3.0.0",
"info": {
"title": "OSCAL REST",
"description": "This is an open-source REST API specification for exchanging [OSCAL](https://pages.nist.gov/OSCAL/) content between tools and organizations.\n\nThe _OSCAL REST OpenAPI Specification_ addresses OSCAL XML, JSON and YAML content for all seven OSCAL models. Each OSCAL model has a primary set of REST API methods and endpoints for the OSCAL content itself, as well as methods and endpoints for snapshots and attachments. OSCAL profiles also have methods and endpoints for live profile resolution and snapshots of resolved profiles.\n\nFor an overview and more information, visit [https://docs.oscal.io/docs/oscal-rest-openapi](https://docs.oscal.io/docs/oscal-rest-openapi)\n\n---\n\n**Known-Issue: OSCAL XML Representation**\n\nThere is a [known-issue](https://github.com/OAI/OpenAPI-Specification/issues/630) that prevents proper expression of OSCAL XML in OpenAPI.\n\nWhen the specification calls for OSCAL content to be accepted or returned, the content must be fully OSCAL valid. Even if the specification shows a non-compliant schema or example.",
@@ -12,7 +12,7 @@
"name" : "Creative Commons Attribution Share Alike 4.0 International",
"url" : "https://github.com/EasyDynamics/oscal-rest/blob/develop/LICENSE"
},
- "version": "1.0.0"
+ "version": "1.0.2"
},
"externalDocs": {
"description": "Find out more about OSCAL",
@@ -20,59 +20,64 @@
},
"servers": [
{
- "url": "http://localhost:8080/oscal/v1"
- },
- {
- "url": "https://raw.githubusercontent.com/"
+ "url": "http://localhost:8080/oscal/v1",
+ "description": "A sample target host that assumes the implementation is running locally. Replace this with the URL to your implementaiton. Consider including `/oscal/v1` as part of the implementaiton's root URL."
}
],
"tags": [
{
- "name": "OSCAL Catalog",
+ "name": "Catalog",
+ "description": "OSCAL Catalog Methods and Endpoints.",
"externalDocs": {
- "description": "Find out more",
+ "description": "OSCAL Catalog Model",
"url": "https://pages.nist.gov/OSCAL/concepts/layer/control/catalog/"
}
},
{
- "name": "OSCAL Profile",
+ "name": "Profile",
+ "description": "OSCAL Profile Methods and Endpoints.",
"externalDocs": {
- "description": "Find out more",
+ "description": "OSCAL Profile Model",
"url": "https://pages.nist.gov/OSCAL/concepts/layer/control/profile/"
}
},
{
- "name": "OSCAL System Security Plan",
+ "name": "System Security Plan",
+ "description": "OSCAL SSP Methods and Endpoints.",
"externalDocs": {
- "description": "Find out more",
+ "description": "OSCAL SSP Model",
"url": "https://pages.nist.gov/OSCAL/concepts/layer/implementation/ssp/"
}
},
{
- "name": "OSCAL Component Definition",
+ "name": "Component Definition",
+ "description": "OSCAL cDef Methods and Endpoints.",
"externalDocs": {
- "description": "Find out more",
+ "description": "OSCAL cDef Model",
"url": "https://pages.nist.gov/OSCAL/concepts/layer/implementation/component-definition/"
}
},
{
- "name": "OSCAL Plan of Action and Milestones",
+ "name": "Plan of Action and Milestones",
+ "description": "OSCAL POA&M Methods and Endpoints.",
"externalDocs": {
- "description": "Find out more",
+ "description": "OSCAL POA&M Model",
"url": "https://pages.nist.gov/OSCAL/concepts/layer/assessment/poam/"
}
},
{
- "name": "OSCAL Assessment Plan",
+ "name": "Assessment Plan",
+ "description": "OSCAL Assessment Plan Methods and Endpoints.",
"externalDocs": {
- "description": "Find out more",
+ "description": "OSCAL AP Model",
"url": "https://pages.nist.gov/OSCAL/concepts/layer/assessment/assessment-plan/"
}
},
{
- "name": "OSCAL Assessment Results",
+ "name": "Assessment Results",
+ "description": "OSCAL Assessment Results Methods and Endpoints.",
"externalDocs": {
- "description": "Find out more",
+ "description": "OSCAL AR Model",
"url": "https://pages.nist.gov/OSCAL/concepts/layer/assessment/assessment-results/"
}
}
@@ -81,7 +86,7 @@
"/assessment-plan": {
"get": {
"tags": [
- "OSCAL Assessment Plan"
+ "Assessment Plan"
],
"summary": "Returns a list of every relevant assessment plan.",
"description": "Returns a list of every relevant assessment plan.",
@@ -158,10 +163,10 @@
},
"post": {
"tags": [
- "OSCAL Assessment Plan"
+ "Assessment Plan"
],
"summary": "Adds a new assessment plan.",
- "description": "Adds a new assessment plan.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
+ "description": "Adds a new assessment plan.\n\n **The client _must_** include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format. \n\n **The implementation _must_** accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n\n **The implementation _must_** check for the presence of an `identifer` with a `scheme` value of `http://oscal.io/oscal/identifier/content-uuid` in the document ID array (`//metaschema/document-ids`). \n\n- If present, the implementaiton must use this value as the `content-uuid`. \n- If not present, the implementation must generate a v4 or v5 UUID for use as the `content-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/content-uuid` as the `scheme` value. \n",
"operationId": "postAssessmentPlan",
"responses": {
"201": {
@@ -286,22 +291,22 @@
]
}
},
- "/assessment-plan/{assessmentPlanID}": {
+ "/assessment-plan/{content-uuid}": {
"get": {
"tags": [
- "OSCAL Assessment Plan"
+ "Assessment Plan"
],
- "summary": "Returns the assessment plan represented by the assessment plan ID.",
- "description": "Returns the assessment plan represented by the assessment plan ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
+ "summary": "Returns the assessment plan represented by the `content-uuid`.",
+ "description": "Returns the assessment plan represented by the `content-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
"operationId": "getAssessmentPlanById",
"parameters": [
{
- "name": "assessmentPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -387,19 +392,19 @@
},
"put": {
"tags": [
- "OSCAL Assessment Plan"
+ "Assessment Plan"
],
- "summary": "Replaces the assessment plan represented by the assessment plan ID.",
- "description": "Replaces the assessment plan represented by the assessment plan ID.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
+ "summary": "Replaces the assessment plan represented by the `content-uuid`.",
+ "description": "Replaces the assessment plan represented by the `content-uuid`.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
"operationId": "putAssessmentPlan",
"parameters": [
{
- "name": "assessmentPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -520,19 +525,19 @@
},
"delete": {
"tags": [
- "OSCAL Assessment Plan"
+ "Assessment Plan"
],
- "summary": "Deletes the assessment plan represented by the assessment plan ID.",
- "description": "Deletes the assessment plan represented by the assessment plan ID.",
+ "summary": "Deletes the assessment plan represented by the `content-uuid`.",
+ "description": "Deletes the assessment plan represented by the `content-uuid`.",
"operationId": "deleteAssessmentPlan",
"parameters": [
{
- "name": "assessmentPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -601,22 +606,22 @@
]
}
},
- "/assessment-plan/{assessmentPlanID}/attachment": {
+ "/assessment-plan/{content-uuid}/attachment": {
"get": {
"tags": [
- "OSCAL Assessment Plan"
+ "Assessment Plan"
],
"summary": "Returns a list of every relevant attachment.",
"description": "Returns a list of every relevant attachment.",
"operationId": "getAssessmentPlanAttachment",
"parameters": [
{
- "name": "assessmentPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -692,19 +697,19 @@
},
"post": {
"tags": [
- "OSCAL Assessment Plan"
+ "Assessment Plan"
],
"summary": "Adds a new attachment and returns the UUID of the resource.",
"description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.",
"operationId": "postAssessmentPlanAttachment",
"parameters": [
{
- "name": "assessmentPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -810,26 +815,26 @@
]
}
},
- "/assessment-plan/{assessmentPlanID}/attachment/{resourceUUID}": {
+ "/assessment-plan/{content-uuid}/attachment/{resource-uuid}": {
"get": {
"tags": [
- "OSCAL Assessment Plan"
+ "Assessment Plan"
],
"summary": "Returns the attachment represented by the back-matter resource UUID.",
"description": "Returns the attachment represented by the back-matter resource UUID.",
"operationId": "getAssessmentPlanAttachmentByUuid",
"parameters": [
{
- "name": "assessmentPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -931,23 +936,23 @@
},
"put": {
"tags": [
- "OSCAL Assessment Plan"
+ "Assessment Plan"
],
"summary": "Replaces the attachment represented by the resource UUID.",
"description": "Replaces the attachment represented by the resource UUID.",
"operationId": "putAssessmentPlanAttachment",
"parameters": [
{
- "name": "assessmentPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -1052,23 +1057,23 @@
},
"delete": {
"tags": [
- "OSCAL Assessment Plan"
+ "Assessment Plan"
],
"summary": "Deletes the attachment and associated resource.",
"description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.",
"operationId": "deleteAssessmentPlanAttachment",
"parameters": [
{
- "name": "assessmentPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -1142,26 +1147,26 @@
]
}
},
- "/assessment-plan/{assessmentPlanID}/attachment/{resourceUUID}/resource": {
+ "/assessment-plan/{content-uuid}/attachment/{resource-uuid}/resource": {
"get": {
"tags": [
- "OSCAL Assessment Plan"
+ "Assessment Plan"
],
"summary": "Retrieves the OSCAL back-matter / resource information.",
"description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.",
"operationId": "getAssessmentPlanAttachmentResourceBy",
"parameters": [
{
- "name": "assessmentPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -1242,23 +1247,23 @@
},
"put": {
"tags": [
- "OSCAL Assessment Plan"
+ "Assessment Plan"
],
"summary": "Updates the content of the back-matter resource.",
"description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.",
"operationId": "putAssessmentPlanAttachmentResource",
"parameters": [
{
- "name": "assessmentPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -1371,22 +1376,22 @@
]
}
},
- "/assessment-plan/{assessmentPlanID}/snapshot": {
+ "/assessment-plan/{content-uuid}/snapshot": {
"get": {
"tags": [
- "OSCAL Assessment Plan"
+ "Assessment Plan"
],
"summary": "Returns a list of every relevant snapshot.",
"description": "Returns a list of every relevant snapshot.",
"operationId": "getAssessmentPlanSnapshot",
"parameters": [
{
- "name": "assessmentPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -1462,19 +1467,19 @@
},
"post": {
"tags": [
- "OSCAL Assessment Plan"
+ "Assessment Plan"
],
"summary": "Creates a snapshot of the file in its current state.",
- "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
+ "description": "Creates a snapshot of the file in its current state. The implementation must generate a v4 or v5 UUID for use as the `snapshot-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/snapshot-uuid` as the scheme value.\n\nThe implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
"operationId": "postAssessmentPlanSnapshot",
"parameters": [
{
- "name": "assessmentPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -1589,26 +1594,26 @@
]
}
},
- "/assessment-plan/{assessmentPlanID}/snapshot/{snapshotID}": {
+ "/assessment-plan/{content-uuid}/snapshot/{snapshot-uuid}": {
"get": {
"tags": [
- "OSCAL Assessment Plan"
+ "Assessment Plan"
],
- "summary": "Returns the snapshot represented by the snapshot ID.",
- "description": "Returns the snapshot represented by the snapshot ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
+ "summary": "Returns the snapshot represented by the `snapshot-uuid`.",
+ "description": "Returns the snapshot represented by the `snapshot-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
"operationId": "getAssessmentPlanSnapshotById",
"parameters": [
{
- "name": "assessmentPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -1699,23 +1704,23 @@
},
"put": {
"tags": [
- "OSCAL Assessment Plan"
+ "Assessment Plan"
],
"summary": "Modifies the snapshot description, types and labels.",
"description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
"operationId": "putAssessmentPlanSnapshot",
"parameters": [
{
- "name": "assessmentPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -1829,23 +1834,23 @@
},
"delete": {
"tags": [
- "OSCAL Assessment Plan"
+ "Assessment Plan"
],
- "summary": "Deletes the snapshot represented by the snapshot ID.",
- "description": "Deletes the snapshot represented by the snapshot ID.",
+ "summary": "Deletes the snapshot represented by the `snapshot-uuid`.",
+ "description": "Deletes the snapshot represented by the `snapshot-uuid`.",
"operationId": "deleteAssessmentPlanSnapshot",
"parameters": [
{
- "name": "assessmentPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -1922,7 +1927,7 @@
"/profile": {
"get": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
"summary": "Returns a list of every relevant profile.",
"description": "Returns a list of every relevant profile.",
@@ -1999,10 +2004,10 @@
},
"post": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
"summary": "Adds a new profile.",
- "description": "Adds a new profile.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
+ "description": "Adds a new profile.\n\n **The client _must_** include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format. \n\n **The implementation _must_** accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n\n **The implementation _must_** check for the presence of an `identifer` with a `scheme` value of `http://oscal.io/oscal/identifier/content-uuid` in the document ID array (`//metaschema/document-ids`). \n\n- If present, the implementaiton must use this value as the `content-uuid`. \n- If not present, the implementation must generate a v4 or v5 UUID for use as the `content-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/content-uuid` as the `scheme` value. \n",
"operationId": "postProfile",
"responses": {
"201": {
@@ -2127,22 +2132,22 @@
]
}
},
- "/profile/{profileID}": {
+ "/profile/{content-uuid}": {
"get": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
- "summary": "Returns the profile represented by the profile ID.",
- "description": "Returns the profile represented by the profile ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
+ "summary": "Returns the profile represented by the `content-uuid`.",
+ "description": "Returns the profile represented by the `content-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
"operationId": "getProfileById",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -2228,19 +2233,19 @@
},
"put": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
- "summary": "Replaces the profile represented by the profile ID.",
- "description": "Replaces the profile represented by the profile ID.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
+ "summary": "Replaces the profile represented by the `content-uuid`.",
+ "description": "Replaces the profile represented by the `content-uuid`.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
"operationId": "putProfile",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -2361,19 +2366,19 @@
},
"delete": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
- "summary": "Deletes the profile represented by the profile ID.",
- "description": "Deletes the profile represented by the profile ID.",
+ "summary": "Deletes the profile represented by the `content-uuid`.",
+ "description": "Deletes the profile represented by the `content-uuid`.",
"operationId": "deleteProfile",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -2442,22 +2447,22 @@
]
}
},
- "/profile/{profileID}/resolved-catalog": {
+ "/profile/{content-uuid}/resolved-catalog": {
"get": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
"summary": "Resolves the identified profile based on currently available sources and returns a resolved profile catalog.",
"description": "Resolves the identified profile based on currently available sources and returns a resolved profile catalog.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
"operationId": "getProfileResolvedCatalogBy",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -2542,22 +2547,22 @@
]
}
},
- "/profile/{profileID}/attachment": {
+ "/profile/{content-uuid}/attachment": {
"get": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
"summary": "Returns a list of every relevant attachment.",
"description": "Returns a list of every relevant attachment.",
"operationId": "getProfileAttachment",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -2633,19 +2638,19 @@
},
"post": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
"summary": "Adds a new attachment and returns the UUID of the resource.",
"description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.",
"operationId": "postProfileAttachment",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -2751,26 +2756,26 @@
]
}
},
- "/profile/{profileID}/attachment/{resourceUUID}": {
+ "/profile/{content-uuid}/attachment/{resource-uuid}": {
"get": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
"summary": "Returns the attachment represented by the back-matter resource UUID.",
"description": "Returns the attachment represented by the back-matter resource UUID.",
"operationId": "getProfileAttachmentByUuid",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -2872,23 +2877,23 @@
},
"put": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
"summary": "Replaces the attachment represented by the resource UUID.",
"description": "Replaces the attachment represented by the resource UUID.",
"operationId": "putProfileAttachment",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -2993,23 +2998,23 @@
},
"delete": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
"summary": "Deletes the attachment and associated resource.",
"description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.",
"operationId": "deleteProfileAttachment",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -3083,26 +3088,26 @@
]
}
},
- "/profile/{profileID}/attachment/{resourceUUID}/resource": {
+ "/profile/{content-uuid}/attachment/{resource-uuid}/resource": {
"get": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
"summary": "Retrieves the OSCAL back-matter / resource information.",
"description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.",
"operationId": "getProfileAttachmentResourceBy",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -3183,23 +3188,23 @@
},
"put": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
"summary": "Updates the content of the back-matter resource.",
"description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.",
"operationId": "putProfileAttachmentResource",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -3312,22 +3317,22 @@
]
}
},
- "/profile/{profileID}/snapshot": {
+ "/profile/{content-uuid}/snapshot": {
"get": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
"summary": "Returns a list of every relevant snapshot.",
"description": "Returns a list of every relevant snapshot.",
"operationId": "getProfileSnapshot",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -3403,19 +3408,19 @@
},
"post": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
"summary": "Creates a snapshot of the file in its current state.",
- "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
+ "description": "Creates a snapshot of the file in its current state. The implementation must generate a v4 or v5 UUID for use as the `snapshot-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/snapshot-uuid` as the scheme value.\n\n The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
"operationId": "postProfileSnapshot",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -3530,26 +3535,26 @@
]
}
},
- "/profile/{profileID}/snapshot/{snapshotID}": {
+ "/profile/{content-uuid}/snapshot/{snapshot-uuid}": {
"get": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
- "summary": "Returns the snapshot represented by the snapshot ID.",
- "description": "Returns the snapshot represented by the snapshot ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
+ "summary": "Returns the snapshot represented by the `snapshot-uuid`.",
+ "description": "Returns the snapshot represented by the `snapshot-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
"operationId": "getProfileSnapshotById",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -3640,23 +3645,23 @@
},
"put": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
"summary": "Modifies the snapshot description, types and labels.",
"description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
"operationId": "putProfileSnapshot",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -3770,23 +3775,23 @@
},
"delete": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
- "summary": "Deletes the snapshot represented by the snapshot ID.",
- "description": "Deletes the snapshot represented by the snapshot ID.",
+ "summary": "Deletes the snapshot represented by the `snapshot-uuid`.",
+ "description": "Deletes the snapshot represented by the `snapshot-uuid`.",
"operationId": "deleteProfileSnapshot",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -3860,22 +3865,22 @@
]
}
},
- "/profile/{profileID}/resolved-snapshot": {
+ "/profile/{content-uuid}/resolved-snapshot": {
"get": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
"summary": "Returns a list of every relevant resolved profile catalog.",
"description": "Returns a list of every relevant resolved profile catalog.",
"operationId": "getProfileResolvedSnapshot",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -3951,19 +3956,19 @@
},
"post": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
"summary": "Resolves the profile and saves the result.",
- "description": "Processes the profile and creates a snapshot as a resolved profile catalog. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property and a `snapshot-type` set to `resolved-profile` in the OSCAL document's `metadata` as follows:\n\n - **Resolved Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Resolved Snapshot Type** Property [**1 or more**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"resolved-profile\"`\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation implementation _may_ set a `snapshot-description` property, as well as `snapshot-label` and additional `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Resolved Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional resolved snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Resolved Snapshot Type** Property [**1 or more**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"resolved-profile\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
+ "description": "Processes the profile and creates a snapshot as a resolved profile catalog. The implementation must generate a v4 or v5 UUID for use as the `resolved-snapshot-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/resolved-snapshot-uuid` as the scheme value.\n\n The implementation _must_ add the `snapshot-created` property and a `snapshot-type` set to `resolved-profile` in the OSCAL document's `metadata` as follows:\n\n - **Resolved Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Resolved Snapshot Type** Property [**1 or more**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"resolved-profile\"`\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation implementation _may_ set a `snapshot-description` property, as well as `snapshot-label` and additional `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Resolved Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional resolved snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Resolved Snapshot Type** Property [**1 or more**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"resolved-profile\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
"operationId": "postProfileResolvedSnapshot",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -4078,28 +4083,28 @@
]
}
},
- "/profile/{profileID}/resolved-snapshot/{resolvedSnapshotID}": {
+ "/profile/{content-uuid}/resolved-snapshot/{resolved-snapshot-uuid}": {
"get": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
- "summary": "Returns the resolved profile catalog represented by the resolved profile catalog ID.",
- "description": "Returns the resolved profile catalog represented by the resolved profile catalog ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
+ "summary": "Returns the resolved profile catalog represented by the `resolved-snapshot-uuid`.",
+ "description": "Returns the resolved profile catalog represented by the `resolved-snapshot-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
"operationId": "getProfileResolvedSnapshotById",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resolvedSnapshotID",
+ "name": "resolved-snapshot-uuid",
"in": "path",
- "description": "ID of ResolvedSnapshot",
+ "description": "UUID of the resolved snapshot",
"required": true,
"schema": {
"type": "string"
@@ -4188,25 +4193,25 @@
},
"put": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
"summary": "Modifies the snapshot description, types and label.",
"description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
"operationId": "putProfileResolvedSnapshot",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resolvedSnapshotID",
+ "name": "resolved-snapshot-uuid",
"in": "path",
- "description": "ID of ResolvedSnapshot",
+ "description": "UUID of the resolved snapshot",
"required": true,
"schema": {
"type": "string"
@@ -4318,25 +4323,25 @@
},
"delete": {
"tags": [
- "OSCAL Profile"
+ "Profile"
],
"summary": "Deletes the resolved snapshot represented by the resolved snapshot ID.",
"description": "Deletes the resolved snapshot represented by the resolved snapshot ID.",
"operationId": "deleteProfileResolvedSnapshot",
"parameters": [
{
- "name": "profileID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Profile",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resolvedSnapshotID",
+ "name": "resolved-snapshot-uuid",
"in": "path",
- "description": "ID of ResolvedSnapshot",
+ "description": "UUID of the resolved snapshot",
"required": true,
"schema": {
"type": "string"
@@ -4411,7 +4416,7 @@
"/assessment-results": {
"get": {
"tags": [
- "OSCAL Assessment Results"
+ "Assessment Results"
],
"summary": "Returns a list of every relevant assessment results.",
"description": "Returns a list of every relevant assessment results.",
@@ -4488,10 +4493,10 @@
},
"post": {
"tags": [
- "OSCAL Assessment Results"
+ "Assessment Results"
],
"summary": "Adds a new assessment results.",
- "description": "Adds a new assessment results.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
+ "description": "Adds a new assessment results.\n\n **The client _must_** include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format. \n\n **The implementation _must_** accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n\n **The implementation _must_** check for the presence of an `identifer` with a `scheme` value of `http://oscal.io/oscal/identifier/content-uuid` in the document ID array (`//metaschema/document-ids`). \n\n- If present, the implementaiton must use this value as the `content-uuid`. \n- If not present, the implementation must generate a v4 or v5 UUID for use as the `content-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/content-uuid` as the `scheme` value. \n",
"operationId": "postAssessmentResults",
"responses": {
"201": {
@@ -4616,22 +4621,22 @@
]
}
},
- "/assessment-results/{assessmentResultsID}": {
+ "/assessment-results/{content-uuid}": {
"get": {
"tags": [
- "OSCAL Assessment Results"
+ "Assessment Results"
],
- "summary": "Returns the assessment results represented by the assessment results ID.",
- "description": "Returns the assessment results represented by the assessment results ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
+ "summary": "Returns the assessment results represented by the `content-uuid`.",
+ "description": "Returns the assessment results represented by the `content-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
"operationId": "getAssessmentResultsById",
"parameters": [
{
- "name": "assessmentResultsID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentResults",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -4717,19 +4722,19 @@
},
"put": {
"tags": [
- "OSCAL Assessment Results"
+ "Assessment Results"
],
- "summary": "Replaces the assessment results represented by the assessment results ID.",
- "description": "Replaces the assessment results represented by the assessment results ID.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
+ "summary": "Replaces the assessment results represented by the `content-uuid`.",
+ "description": "Replaces the assessment results represented by the `content-uuid`.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
"operationId": "putAssessmentResults",
"parameters": [
{
- "name": "assessmentResultsID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentResults",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -4850,19 +4855,19 @@
},
"delete": {
"tags": [
- "OSCAL Assessment Results"
+ "Assessment Results"
],
- "summary": "Deletes the assessment results represented by the assessment results ID.",
- "description": "Deletes the assessment results represented by the assessment results ID.",
+ "summary": "Deletes the assessment results represented by the `content-uuid`.",
+ "description": "Deletes the assessment results represented by the `content-uuid`.",
"operationId": "deleteAssessmentResults",
"parameters": [
{
- "name": "assessmentResultsID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentResults",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -4931,22 +4936,22 @@
]
}
},
- "/assessment-results/{assessmentResultsID}/attachment": {
+ "/assessment-results/{content-uuid}/attachment": {
"get": {
"tags": [
- "OSCAL Assessment Results"
+ "Assessment Results"
],
"summary": "Returns a list of every relevant attachment.",
"description": "Returns a list of every relevant attachment.",
"operationId": "getAssessmentResultsAttachment",
"parameters": [
{
- "name": "assessmentResultsID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentResults",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -5022,19 +5027,19 @@
},
"post": {
"tags": [
- "OSCAL Assessment Results"
+ "Assessment Results"
],
"summary": "Adds a new attachment and returns the UUID of the resource.",
"description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.",
"operationId": "postAssessmentResultsAttachment",
"parameters": [
{
- "name": "assessmentResultsID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentResults",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -5140,26 +5145,26 @@
]
}
},
- "/assessment-results/{assessmentResultsID}/attachment/{resourceUUID}": {
+ "/assessment-results/{content-uuid}/attachment/{resource-uuid}": {
"get": {
"tags": [
- "OSCAL Assessment Results"
+ "Assessment Results"
],
"summary": "Returns the attachment represented by the back-matter resource UUID.",
"description": "Returns the attachment represented by the back-matter resource UUID.",
"operationId": "getAssessmentResultsAttachmentByUuid",
"parameters": [
{
- "name": "assessmentResultsID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentResults",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -5261,23 +5266,23 @@
},
"put": {
"tags": [
- "OSCAL Assessment Results"
+ "Assessment Results"
],
"summary": "Replaces the attachment represented by the resource UUID.",
"description": "Replaces the attachment represented by the resource UUID.",
"operationId": "putAssessmentResultsAttachment",
"parameters": [
{
- "name": "assessmentResultsID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentResults",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -5382,23 +5387,23 @@
},
"delete": {
"tags": [
- "OSCAL Assessment Results"
+ "Assessment Results"
],
"summary": "Deletes the attachment and associated resource.",
"description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.",
"operationId": "deleteAssessmentResultsAttachment",
"parameters": [
{
- "name": "assessmentResultsID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentResults",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -5472,26 +5477,26 @@
]
}
},
- "/assessment-results/{assessmentResultsID}/attachment/{resourceUUID}/resource": {
+ "/assessment-results/{content-uuid}/attachment/{resource-uuid}/resource": {
"get": {
"tags": [
- "OSCAL Assessment Results"
+ "Assessment Results"
],
"summary": "Retrieves the OSCAL back-matter / resource information.",
"description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.",
"operationId": "getAssessmentResultsAttachmentResourceBy",
"parameters": [
{
- "name": "assessmentResultsID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentResults",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -5572,23 +5577,23 @@
},
"put": {
"tags": [
- "OSCAL Assessment Results"
+ "Assessment Results"
],
"summary": "Updates the content of the back-matter resource.",
"description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.",
"operationId": "putAssessmentResultsAttachmentResource",
"parameters": [
{
- "name": "assessmentResultsID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentResults",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -5701,22 +5706,22 @@
]
}
},
- "/assessment-results/{assessmentResultsID}/snapshot": {
+ "/assessment-results/{content-uuid}/snapshot": {
"get": {
"tags": [
- "OSCAL Assessment Results"
+ "Assessment Results"
],
"summary": "Returns a list of every relevant snapshot.",
"description": "Returns a list of every relevant snapshot.",
"operationId": "getAssessmentResultsSnapshot",
"parameters": [
{
- "name": "assessmentResultsID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentResults",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -5792,19 +5797,19 @@
},
"post": {
"tags": [
- "OSCAL Assessment Results"
+ "Assessment Results"
],
"summary": "Creates a snapshot of the file in its current state.",
- "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
+ "description": "Creates a snapshot of the file in its current state. The implementation must generate a v4 or v5 UUID for use as the `snapshot-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/snapshot-uuid` as the scheme value.\n\n The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
"operationId": "postAssessmentResultsSnapshot",
"parameters": [
{
- "name": "assessmentResultsID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentResults",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -5919,26 +5924,26 @@
]
}
},
- "/assessment-results/{assessmentResultsID}/snapshot/{snapshotID}": {
+ "/assessment-results/{content-uuid}/snapshot/{snapshot-uuid}": {
"get": {
"tags": [
- "OSCAL Assessment Results"
+ "Assessment Results"
],
- "summary": "Returns the snapshot represented by the snapshot ID.",
- "description": "Returns the snapshot represented by the snapshot ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
+ "summary": "Returns the snapshot represented by the `snapshot-uuid`.",
+ "description": "Returns the snapshot represented by the `snapshot-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
"operationId": "getAssessmentResultsSnapshotById",
"parameters": [
{
- "name": "assessmentResultsID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentResults",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -6029,23 +6034,23 @@
},
"put": {
"tags": [
- "OSCAL Assessment Results"
+ "Assessment Results"
],
"summary": "Modifies the snapshot description, types and labels.",
"description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
"operationId": "putAssessmentResultsSnapshot",
"parameters": [
{
- "name": "assessmentResultsID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentResults",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -6159,23 +6164,23 @@
},
"delete": {
"tags": [
- "OSCAL Assessment Results"
+ "Assessment Results"
],
- "summary": "Deletes the snapshot represented by the snapshot ID.",
- "description": "Deletes the snapshot represented by the snapshot ID.",
+ "summary": "Deletes the snapshot represented by the `snapshot-uuid`.",
+ "description": "Deletes the snapshot represented by the `snapshot-uuid`.",
"operationId": "deleteAssessmentResultsSnapshot",
"parameters": [
{
- "name": "assessmentResultsID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of AssessmentResults",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -6252,7 +6257,7 @@
"/catalog": {
"get": {
"tags": [
- "OSCAL Catalog"
+ "Catalog"
],
"summary": "Returns a list of every relevant catalog.",
"description": "Returns a list of every relevant catalog.",
@@ -6329,10 +6334,10 @@
},
"post": {
"tags": [
- "OSCAL Catalog"
+ "Catalog"
],
"summary": "Adds a new catalog.",
- "description": "Adds a new catalog.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
+ "description": "Adds a new catalog.\n\n **The client _must_** include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format. \n\n **The implementation _must_** accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n\n **The implementation _must_** check for the presence of an `identifer` with a `scheme` value of `http://oscal.io/oscal/identifier/content-uuid` in the document ID array (`//metaschema/document-ids`). \n\n- If present, the implementaiton must use this value as the `content-uuid`. \n- If not present, the implementation must generate a v4 or v5 UUID for use as the `content-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/content-uuid` as the `scheme` value. \n",
"operationId": "postCatalog",
"responses": {
"201": {
@@ -6457,22 +6462,22 @@
]
}
},
- "/catalog/{catalogID}": {
+ "/catalog/{content-uuid}": {
"get": {
"tags": [
- "OSCAL Catalog"
+ "Catalog"
],
"summary": "Returns the catalog represented by the catalog ID.",
"description": "Returns the catalog represented by the catalog ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
"operationId": "getCatalogById",
"parameters": [
{
- "name": "catalogID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Catalog",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -6558,19 +6563,19 @@
},
"put": {
"tags": [
- "OSCAL Catalog"
+ "Catalog"
],
"summary": "Replaces the catalog represented by the catalog ID.",
"description": "Replaces the catalog represented by the catalog ID.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
"operationId": "putCatalog",
"parameters": [
{
- "name": "catalogID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Catalog",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -6691,19 +6696,19 @@
},
"delete": {
"tags": [
- "OSCAL Catalog"
+ "Catalog"
],
"summary": "Deletes the catalog represented by the catalog ID.",
"description": "Deletes the catalog represented by the catalog ID.",
"operationId": "deleteCatalog",
"parameters": [
{
- "name": "catalogID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Catalog",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -6772,22 +6777,22 @@
]
}
},
- "/catalog/{catalogID}/attachment": {
+ "/catalog/{content-uuid}/attachment": {
"get": {
"tags": [
- "OSCAL Catalog"
+ "Catalog"
],
"summary": "Returns a list of every relevant attachment.",
"description": "Returns a list of every relevant attachment.",
"operationId": "getCatalogAttachment",
"parameters": [
{
- "name": "catalogID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Catalog",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -6863,19 +6868,19 @@
},
"post": {
"tags": [
- "OSCAL Catalog"
+ "Catalog"
],
"summary": "Adds a new attachment and returns the UUID of the resource.",
"description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.",
"operationId": "postCatalogAttachment",
"parameters": [
{
- "name": "catalogID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Catalog",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -6981,26 +6986,26 @@
]
}
},
- "/catalog/{catalogID}/attachment/{resourceUUID}": {
+ "/catalog/{content-uuid}/attachment/{resource-uuid}": {
"get": {
"tags": [
- "OSCAL Catalog"
+ "Catalog"
],
"summary": "Returns the attachment represented by the back-matter resource UUID.",
"description": "Returns the attachment represented by the back-matter resource UUID.",
"operationId": "getCatalogAttachmentByUuid",
"parameters": [
{
- "name": "catalogID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Catalog",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -7102,23 +7107,23 @@
},
"put": {
"tags": [
- "OSCAL Catalog"
+ "Catalog"
],
"summary": "Replaces the attachment represented by the resource UUID.",
"description": "Replaces the attachment represented by the resource UUID.",
"operationId": "putCatalogAttachment",
"parameters": [
{
- "name": "catalogID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Catalog",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -7223,23 +7228,23 @@
},
"delete": {
"tags": [
- "OSCAL Catalog"
+ "Catalog"
],
"summary": "Deletes the attachment and associated resource.",
"description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.",
"operationId": "deleteCatalogAttachment",
"parameters": [
{
- "name": "catalogID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Catalog",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -7313,26 +7318,26 @@
]
}
},
- "/catalog/{catalogID}/attachment/{resourceUUID}/resource": {
+ "/catalog/{content-uuid}/attachment/{resource-uuid}/resource": {
"get": {
"tags": [
- "OSCAL Catalog"
+ "Catalog"
],
"summary": "Retrieves the OSCAL back-matter / resource information.",
"description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.",
"operationId": "getCatalogAttachmentResourceBy",
"parameters": [
{
- "name": "catalogID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Catalog",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -7413,23 +7418,23 @@
},
"put": {
"tags": [
- "OSCAL Catalog"
+ "Catalog"
],
"summary": "Updates the content of the back-matter resource.",
"description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.",
"operationId": "putCatalogAttachmentResource",
"parameters": [
{
- "name": "catalogID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Catalog",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -7542,22 +7547,22 @@
]
}
},
- "/catalog/{catalogID}/snapshot": {
+ "/catalog/{content-uuid}/snapshot": {
"get": {
"tags": [
- "OSCAL Catalog"
+ "Catalog"
],
"summary": "Returns a list of every relevant snapshot.",
"description": "Returns a list of every relevant snapshot.",
"operationId": "getCatalogSnapshot",
"parameters": [
{
- "name": "catalogID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Catalog",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -7633,19 +7638,19 @@
},
"post": {
"tags": [
- "OSCAL Catalog"
+ "Catalog"
],
"summary": "Creates a snapshot of the file in its current state.",
- "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
+ "description": "Creates a snapshot of the file in its current state. The implementation must generate a v4 or v5 UUID for use as the `snapshot-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/snapshot-uuid` as the scheme value.\n\n The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
"operationId": "postCatalogSnapshot",
"parameters": [
{
- "name": "catalogID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Catalog",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -7760,26 +7765,26 @@
]
}
},
- "/catalog/{catalogID}/snapshot/{snapshotID}": {
+ "/catalog/{content-uuid}/snapshot/{snapshot-uuid}": {
"get": {
"tags": [
- "OSCAL Catalog"
+ "Catalog"
],
- "summary": "Returns the snapshot represented by the snapshot ID.",
- "description": "Returns the snapshot represented by the snapshot ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
+ "summary": "Returns the snapshot represented by the `snapshot-uuid`.",
+ "description": "Returns the snapshot represented by the `snapshot-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
"operationId": "getCatalogSnapshotById",
"parameters": [
{
- "name": "catalogID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Catalog",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -7870,23 +7875,23 @@
},
"put": {
"tags": [
- "OSCAL Catalog"
+ "Catalog"
],
"summary": "Modifies the snapshot description, types and labels.",
"description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
"operationId": "putCatalogSnapshot",
"parameters": [
{
- "name": "catalogID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Catalog",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -8000,23 +8005,23 @@
},
"delete": {
"tags": [
- "OSCAL Catalog"
+ "Catalog"
],
- "summary": "Deletes the snapshot represented by the snapshot ID.",
- "description": "Deletes the snapshot represented by the snapshot ID.",
+ "summary": "Deletes the snapshot represented by the `snapshot-uuid`.",
+ "description": "Deletes the snapshot represented by the `snapshot-uuid`.",
"operationId": "deleteCatalogSnapshot",
"parameters": [
{
- "name": "catalogID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of Catalog",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -8093,7 +8098,7 @@
"/system-security-plan": {
"get": {
"tags": [
- "OSCAL System Security Plan"
+ "System Security Plan"
],
"summary": "Returns a list of every relevant system security plan.",
"description": "Returns a list of every relevant system security plan.",
@@ -8170,10 +8175,10 @@
},
"post": {
"tags": [
- "OSCAL System Security Plan"
+ "System Security Plan"
],
"summary": "Adds a new system security plan.",
- "description": "Adds a new system security plan.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
+ "description": "Adds a new system security plan.\n\n **The client _must_** include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format. \n\n **The implementation _must_** accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n\n **The implementation _must_** check for the presence of an `identifer` with a `scheme` value of `http://oscal.io/oscal/identifier/content-uuid` in the document ID array (`//metaschema/document-ids`). \n\n- If present, the implementaiton must use this value as the `content-uuid`. \n- If not present, the implementation must generate a v4 or v5 UUID for use as the `content-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/content-uuid` as the `scheme` value. \n",
"operationId": "postSystemSecurityPlan",
"responses": {
"201": {
@@ -8298,22 +8303,22 @@
]
}
},
- "/system-security-plan/{systemSecurityPlanID}": {
+ "/system-security-plan/{content-uuid}": {
"get": {
"tags": [
- "OSCAL System Security Plan"
+ "System Security Plan"
],
- "summary": "Returns the system security plan represented by the system security plan ID.",
- "description": "Returns the system security plan represented by the system security plan ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
+ "summary": "Returns the system security plan represented by the `content-uuid`.",
+ "description": "Returns the system security plan represented by the `content-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
"operationId": "getSystemSecurityPlanById",
"parameters": [
{
- "name": "systemSecurityPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of SystemSecurityPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -8399,19 +8404,19 @@
},
"put": {
"tags": [
- "OSCAL System Security Plan"
+ "System Security Plan"
],
- "summary": "Replaces the system security plan represented by the system security plan ID.",
- "description": "Replaces the system security plan represented by the system security plan ID.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
+ "summary": "Replaces the system security plan represented by the `content-uuid`.",
+ "description": "Replaces the system security plan represented by the `content-uuid`.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
"operationId": "putSystemSecurityPlan",
"parameters": [
{
- "name": "systemSecurityPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of SystemSecurityPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -8532,19 +8537,19 @@
},
"delete": {
"tags": [
- "OSCAL System Security Plan"
+ "System Security Plan"
],
- "summary": "Deletes the system security plan represented by the system security plan ID.",
- "description": "Deletes the system security plan represented by the system security plan ID.",
+ "summary": "Deletes the system security plan represented by the `content-uuid`.",
+ "description": "Deletes the system security plan represented by the `content-uuid`.",
"operationId": "deleteSystemSecurityPlan",
"parameters": [
{
- "name": "systemSecurityPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of SystemSecurityPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -8613,22 +8618,22 @@
]
}
},
- "/system-security-plan/{systemSecurityPlanID}/attachment": {
+ "/system-security-plan/{content-uuid}/attachment": {
"get": {
"tags": [
- "OSCAL System Security Plan"
+ "System Security Plan"
],
"summary": "Returns a list of every relevant attachment.",
"description": "Returns a list of every relevant attachment.",
"operationId": "getSystemSecurityPlanAttachment",
"parameters": [
{
- "name": "systemSecurityPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of SystemSecurityPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -8704,19 +8709,19 @@
},
"post": {
"tags": [
- "OSCAL System Security Plan"
+ "System Security Plan"
],
"summary": "Adds a new attachment and returns the UUID of the resource.",
"description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.",
"operationId": "postSystemSecurityPlanAttachment",
"parameters": [
{
- "name": "systemSecurityPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of SystemSecurityPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -8822,26 +8827,26 @@
]
}
},
- "/system-security-plan/{systemSecurityPlanID}/attachment/{resourceUUID}": {
+ "/system-security-plan/{content-uuid}/attachment/{resource-uuid}": {
"get": {
"tags": [
- "OSCAL System Security Plan"
+ "System Security Plan"
],
"summary": "Returns the attachment represented by the back-matter resource UUID.",
"description": "Returns the attachment represented by the back-matter resource UUID.",
"operationId": "getSystemSecurityPlanAttachmentByUuid",
"parameters": [
{
- "name": "systemSecurityPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of SystemSecurityPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -8943,23 +8948,23 @@
},
"put": {
"tags": [
- "OSCAL System Security Plan"
+ "System Security Plan"
],
"summary": "Replaces the attachment represented by the resource UUID.",
"description": "Replaces the attachment represented by the resource UUID.",
"operationId": "putSystemSecurityPlanAttachment",
"parameters": [
{
- "name": "systemSecurityPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of SystemSecurityPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -9064,23 +9069,23 @@
},
"delete": {
"tags": [
- "OSCAL System Security Plan"
+ "System Security Plan"
],
"summary": "Deletes the attachment and associated resource.",
"description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.",
"operationId": "deleteSystemSecurityPlanAttachment",
"parameters": [
{
- "name": "systemSecurityPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of SystemSecurityPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -9154,26 +9159,26 @@
]
}
},
- "/system-security-plan/{systemSecurityPlanID}/attachment/{resourceUUID}/resource": {
+ "/system-security-plan/{content-uuid}/attachment/{resource-uuid}/resource": {
"get": {
"tags": [
- "OSCAL System Security Plan"
+ "System Security Plan"
],
"summary": "Retrieves the OSCAL back-matter / resource information.",
"description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.",
"operationId": "getSystemSecurityPlanAttachmentResourceBy",
"parameters": [
{
- "name": "systemSecurityPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of SystemSecurityPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -9254,23 +9259,23 @@
},
"put": {
"tags": [
- "OSCAL System Security Plan"
+ "System Security Plan"
],
"summary": "Updates the content of the back-matter resource.",
"description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.",
"operationId": "putSystemSecurityPlanAttachmentResource",
"parameters": [
{
- "name": "systemSecurityPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of SystemSecurityPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -9383,22 +9388,22 @@
]
}
},
- "/system-security-plan/{systemSecurityPlanID}/snapshot": {
+ "/system-security-plan/{content-uuid}/snapshot": {
"get": {
"tags": [
- "OSCAL System Security Plan"
+ "System Security Plan"
],
"summary": "Returns a list of every relevant snapshot.",
"description": "Returns a list of every relevant snapshot.",
"operationId": "getSystemSecurityPlanSnapshot",
"parameters": [
{
- "name": "systemSecurityPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of SystemSecurityPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -9474,19 +9479,19 @@
},
"post": {
"tags": [
- "OSCAL System Security Plan"
+ "System Security Plan"
],
"summary": "Creates a snapshot of the file in its current state.",
- "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
+ "description": "Creates a snapshot of the file in its current state. The implementation must generate a v4 or v5 UUID for use as the `snapshot-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/snapshot-uuid` as the scheme value.\n\n The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
"operationId": "postSystemSecurityPlanSnapshot",
"parameters": [
{
- "name": "systemSecurityPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of SystemSecurityPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -9601,26 +9606,26 @@
]
}
},
- "/system-security-plan/{systemSecurityPlanID}/snapshot/{snapshotID}": {
+ "/system-security-plan/{content-uuid}/snapshot/{snapshot-uuid}": {
"get": {
"tags": [
- "OSCAL System Security Plan"
+ "System Security Plan"
],
- "summary": "Returns the snapshot represented by the snapshot ID.",
- "description": "Returns the snapshot represented by the snapshot ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
+ "summary": "Returns the snapshot represented by the `snapshot-uuid`.",
+ "description": "Returns the snapshot represented by the `snapshot-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
"operationId": "getSystemSecurityPlanSnapshotById",
"parameters": [
{
- "name": "systemSecurityPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of SystemSecurityPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -9711,23 +9716,23 @@
},
"put": {
"tags": [
- "OSCAL System Security Plan"
+ "System Security Plan"
],
"summary": "Modifies the snapshot description, types and labels.",
"description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
"operationId": "putSystemSecurityPlanSnapshot",
"parameters": [
{
- "name": "systemSecurityPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of SystemSecurityPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -9841,23 +9846,23 @@
},
"delete": {
"tags": [
- "OSCAL System Security Plan"
+ "System Security Plan"
],
- "summary": "Deletes the snapshot represented by the snapshot ID.",
- "description": "Deletes the snapshot represented by the snapshot ID.",
+ "summary": "Deletes the snapshot represented by the `snapshot-uuid`.",
+ "description": "Deletes the snapshot represented by the `snapshot-uuid`.",
"operationId": "deleteSystemSecurityPlanSnapshot",
"parameters": [
{
- "name": "systemSecurityPlanID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of SystemSecurityPlan",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -9934,7 +9939,7 @@
"/plan-of-action-and-milestones": {
"get": {
"tags": [
- "OSCAL Plan of Action and Milestones"
+ "Plan of Action and Milestones"
],
"summary": "Returns a list of every relevant plan of action and milestones.",
"description": "Returns a list of every relevant plan of action and milestones.",
@@ -10011,10 +10016,10 @@
},
"post": {
"tags": [
- "OSCAL Plan of Action and Milestones"
+ "Plan of Action and Milestones"
],
"summary": "Adds a new plan of action and milestones.",
- "description": "Adds a new plan of action and milestones.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
+ "description": "Adds a new plan of action and milestones.\n\n **The client _must_** include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format. \n\n **The implementation _must_** accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n\n **The implementation _must_** check for the presence of an `identifer` with a `scheme` value of `http://oscal.io/oscal/identifier/content-uuid` in the document ID array (`//metaschema/document-ids`). \n\n- If present, the implementaiton must use this value as the `content-uuid`. \n- If not present, the implementation must generate a v4 or v5 UUID for use as the `content-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/content-uuid` as the `scheme` value. \n",
"operationId": "postPlanOfActionAndMilestones",
"responses": {
"201": {
@@ -10139,22 +10144,22 @@
]
}
},
- "/plan-of-action-and-milestones/{planOfActionAndMilestonesID}": {
+ "/plan-of-action-and-milestones/{content-uuid}": {
"get": {
"tags": [
- "OSCAL Plan of Action and Milestones"
+ "Plan of Action and Milestones"
],
- "summary": "Returns the plan of action and milestones represented by the plan of action and milestones ID.",
- "description": "Returns the plan of action and milestones represented by the plan of action and milestones ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
+ "summary": "Returns the plan of action and milestones represented by the `content-uuid`.",
+ "description": "Returns the plan of action and milestones represented by the `content-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
"operationId": "getPlanOfActionAndMilestonesById",
"parameters": [
{
- "name": "planOfActionAndMilestonesID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of PlanOfActionAndMilestones",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -10240,19 +10245,19 @@
},
"put": {
"tags": [
- "OSCAL Plan of Action and Milestones"
+ "Plan of Action and Milestones"
],
- "summary": "Replaces the plan of action and milestones represented by the plan of action and milestones ID.",
- "description": "Replaces the plan of action and milestones represented by the plan of action and milestones ID.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
+ "summary": "Replaces the plan of action and milestones represented by the `content-uuid`.",
+ "description": "Replaces the plan of action and milestones represented by the `content-uuid`.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
"operationId": "putPlanOfActionAndMilestones",
"parameters": [
{
- "name": "planOfActionAndMilestonesID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of PlanOfActionAndMilestones",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -10373,19 +10378,19 @@
},
"delete": {
"tags": [
- "OSCAL Plan of Action and Milestones"
+ "Plan of Action and Milestones"
],
- "summary": "Deletes the plan of action and milestones represented by the plan of action and milestones ID.",
- "description": "Deletes the plan of action and milestones represented by the plan of action and milestones ID.",
+ "summary": "Deletes the plan of action and milestones represented by the `content-uuid`.",
+ "description": "Deletes the plan of action and milestones represented by the `content-uuid`.",
"operationId": "deletePlanOfActionAndMilestones",
"parameters": [
{
- "name": "planOfActionAndMilestonesID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of PlanOfActionAndMilestones",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -10454,22 +10459,22 @@
]
}
},
- "/plan-of-action-and-milestones/{planOfActionAndMilestonesID}/attachment": {
+ "/plan-of-action-and-milestones/{content-uuid}/attachment": {
"get": {
"tags": [
- "OSCAL Plan of Action and Milestones"
+ "Plan of Action and Milestones"
],
"summary": "Returns a list of every relevant attachment.",
"description": "Returns a list of every relevant attachment.",
"operationId": "getPlanOfActionAndMilestonesAttachment",
"parameters": [
{
- "name": "planOfActionAndMilestonesID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of PlanOfActionAndMilestones",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -10545,19 +10550,19 @@
},
"post": {
"tags": [
- "OSCAL Plan of Action and Milestones"
+ "Plan of Action and Milestones"
],
"summary": "Adds a new attachment and returns the UUID of the resource.",
"description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.",
"operationId": "postPlanOfActionAndMilestonesAttachment",
"parameters": [
{
- "name": "planOfActionAndMilestonesID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of PlanOfActionAndMilestones",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -10663,26 +10668,26 @@
]
}
},
- "/plan-of-action-and-milestones/{planOfActionAndMilestonesID}/attachment/{resourceUUID}": {
+ "/plan-of-action-and-milestones/{content-uuid}/attachment/{resource-uuid}": {
"get": {
"tags": [
- "OSCAL Plan of Action and Milestones"
+ "Plan of Action and Milestones"
],
"summary": "Returns the attachment represented by the back-matter resource UUID.",
"description": "Returns the attachment represented by the back-matter resource UUID.",
"operationId": "getPlanOfActionAndMilestonesAttachmentByUuid",
"parameters": [
{
- "name": "planOfActionAndMilestonesID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of PlanOfActionAndMilestones",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -10784,23 +10789,23 @@
},
"put": {
"tags": [
- "OSCAL Plan of Action and Milestones"
+ "Plan of Action and Milestones"
],
"summary": "Replaces the attachment represented by the resource UUID.",
"description": "Replaces the attachment represented by the resource UUID.",
"operationId": "putPlanOfActionAndMilestonesAttachment",
"parameters": [
{
- "name": "planOfActionAndMilestonesID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of PlanOfActionAndMilestones",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -10905,23 +10910,23 @@
},
"delete": {
"tags": [
- "OSCAL Plan of Action and Milestones"
+ "Plan of Action and Milestones"
],
"summary": "Deletes the attachment and associated resource.",
"description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.",
"operationId": "deletePlanOfActionAndMilestonesAttachment",
"parameters": [
{
- "name": "planOfActionAndMilestonesID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of PlanOfActionAndMilestones",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -10995,26 +11000,26 @@
]
}
},
- "/plan-of-action-and-milestones/{planOfActionAndMilestonesID}/attachment/{resourceUUID}/resource": {
+ "/plan-of-action-and-milestones/{content-uuid}/attachment/{resource-uuid}/resource": {
"get": {
"tags": [
- "OSCAL Plan of Action and Milestones"
+ "Plan of Action and Milestones"
],
"summary": "Retrieves the OSCAL back-matter / resource information.",
"description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.",
"operationId": "getPlanOfActionAndMilestonesAttachmentResourceBy",
"parameters": [
{
- "name": "planOfActionAndMilestonesID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of PlanOfActionAndMilestones",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -11095,23 +11100,23 @@
},
"put": {
"tags": [
- "OSCAL Plan of Action and Milestones"
+ "Plan of Action and Milestones"
],
"summary": "Updates the content of the back-matter resource.",
"description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.",
"operationId": "putPlanOfActionAndMilestonesAttachmentResource",
"parameters": [
{
- "name": "planOfActionAndMilestonesID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of PlanOfActionAndMilestones",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -11224,22 +11229,22 @@
]
}
},
- "/plan-of-action-and-milestones/{planOfActionAndMilestonesID}/snapshot": {
+ "/plan-of-action-and-milestones/{content-uuid}/snapshot": {
"get": {
"tags": [
- "OSCAL Plan of Action and Milestones"
+ "Plan of Action and Milestones"
],
"summary": "Returns a list of every relevant snapshot.",
"description": "Returns a list of every relevant snapshot.",
"operationId": "getPlanOfActionAndMilestonesSnapshot",
"parameters": [
{
- "name": "planOfActionAndMilestonesID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of PlanOfActionAndMilestones",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -11315,19 +11320,19 @@
},
"post": {
"tags": [
- "OSCAL Plan of Action and Milestones"
+ "Plan of Action and Milestones"
],
"summary": "Creates a snapshot of the file in its current state.",
- "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
+ "description": "Creates a snapshot of the file in its current state. The implementation must generate a v4 or v5 UUID for use as the `snapshot-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/snapshot-uuid` as the scheme value.\n\n The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
"operationId": "postPlanOfActionAndMilestonesSnapshot",
"parameters": [
{
- "name": "planOfActionAndMilestonesID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of PlanOfActionAndMilestones",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -11442,26 +11447,26 @@
]
}
},
- "/plan-of-action-and-milestones/{planOfActionAndMilestonesID}/snapshot/{snapshotID}": {
+ "/plan-of-action-and-milestones/{content-uuid}/snapshot/{snapshot-uuid}": {
"get": {
"tags": [
- "OSCAL Plan of Action and Milestones"
+ "Plan of Action and Milestones"
],
- "summary": "Returns the snapshot represented by the snapshot ID.",
- "description": "Returns the snapshot represented by the snapshot ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
+ "summary": "Returns the snapshot represented by the `snapshot-uuid`.",
+ "description": "Returns the snapshot represented by the `snapshot-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
"operationId": "getPlanOfActionAndMilestonesSnapshotById",
"parameters": [
{
- "name": "planOfActionAndMilestonesID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of PlanOfActionAndMilestones",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -11552,23 +11557,23 @@
},
"put": {
"tags": [
- "OSCAL Plan of Action and Milestones"
+ "Plan of Action and Milestones"
],
"summary": "Modifies the snapshot description, types and labels.",
"description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
"operationId": "putPlanOfActionAndMilestonesSnapshot",
"parameters": [
{
- "name": "planOfActionAndMilestonesID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of PlanOfActionAndMilestones",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -11682,23 +11687,23 @@
},
"delete": {
"tags": [
- "OSCAL Plan of Action and Milestones"
+ "Plan of Action and Milestones"
],
- "summary": "Deletes the snapshot represented by the snapshot ID.",
- "description": "Deletes the snapshot represented by the snapshot ID.",
+ "summary": "Deletes the snapshot represented by the `snapshot-uuid`.",
+ "description": "Deletes the snapshot represented by the `snapshot-uuid`.",
"operationId": "deletePlanOfActionAndMilestonesSnapshot",
"parameters": [
{
- "name": "planOfActionAndMilestonesID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of PlanOfActionAndMilestones",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -11775,7 +11780,7 @@
"/component-definition": {
"get": {
"tags": [
- "OSCAL Component Definition"
+ "Component Definition"
],
"summary": "Returns a list of every relevant component definition.",
"description": "Returns a list of every relevant component definition.",
@@ -11852,10 +11857,10 @@
},
"post": {
"tags": [
- "OSCAL Component Definition"
+ "Component Definition"
],
"summary": "Adds a new component definition.",
- "description": "Adds a new component definition.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
+ "description": "Adds a new component definition.\n\n **The client _must_** include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format. \n\n **The implementation _must_** accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n\n **The implementation _must_** check for the presence of an `identifer` with a `scheme` value of `http://oscal.io/oscal/identifier/content-uuid` in the document ID array (`//metaschema/document-ids`). \n\n- If present, the implementaiton must use this value as the `content-uuid`. \n- If not present, the implementation must generate a v4 or v5 UUID for use as the `content-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/content-uuid` as the `scheme` value. \n",
"operationId": "postComponentDefinition",
"responses": {
"201": {
@@ -11980,22 +11985,22 @@
]
}
},
- "/component-definition/{componentDefinitionID}": {
+ "/component-definition/{content-uuid}": {
"get": {
"tags": [
- "OSCAL Component Definition"
+ "Component Definition"
],
- "summary": "Returns the component definition represented by the component definition ID.",
- "description": "Returns the component definition represented by the component definition ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
+ "summary": "Returns the component definition represented by the `content-uuid`.",
+ "description": "Returns the component definition represented by the `content-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
"operationId": "getComponentDefinitionById",
"parameters": [
{
- "name": "componentDefinitionID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of ComponentDefinition",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -12081,19 +12086,19 @@
},
"put": {
"tags": [
- "OSCAL Component Definition"
+ "Component Definition"
],
- "summary": "Replaces the component definition represented by the component definition ID.",
- "description": "Replaces the component definition represented by the component definition ID.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
+ "summary": "Replaces the component definition represented by the `content-uuid`.",
+ "description": "Replaces the component definition represented by the `content-uuid`.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n",
"operationId": "putComponentDefinition",
"parameters": [
{
- "name": "componentDefinitionID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of ComponentDefinition",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -12214,19 +12219,19 @@
},
"delete": {
"tags": [
- "OSCAL Component Definition"
+ "Component Definition"
],
- "summary": "Deletes the component definition represented by the component definition ID.",
- "description": "Deletes the component definition represented by the component definition ID.",
+ "summary": "Deletes the component definition represented by the `content-uuid`.",
+ "description": "Deletes the component definition represented by the `content-uuid`.",
"operationId": "deleteComponentDefinition",
"parameters": [
{
- "name": "componentDefinitionID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of ComponentDefinition",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -12295,22 +12300,22 @@
]
}
},
- "/component-definition/{componentDefinitionID}/attachment": {
+ "/component-definition/{content-uuid}/attachment": {
"get": {
"tags": [
- "OSCAL Component Definition"
+ "Component Definition"
],
"summary": "Returns a list of every relevant attachment.",
"description": "Returns a list of every relevant attachment.",
"operationId": "getComponentDefinitionAttachment",
"parameters": [
{
- "name": "componentDefinitionID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of ComponentDefinition",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -12386,19 +12391,19 @@
},
"post": {
"tags": [
- "OSCAL Component Definition"
+ "Component Definition"
],
"summary": "Adds a new attachment and returns the UUID of the resource.",
"description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.",
"operationId": "postComponentDefinitionAttachment",
"parameters": [
{
- "name": "componentDefinitionID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of ComponentDefinition",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -12504,26 +12509,26 @@
]
}
},
- "/component-definition/{componentDefinitionID}/attachment/{resourceUUID}": {
+ "/component-definition/{content-uuid}/attachment/{resource-uuid}": {
"get": {
"tags": [
- "OSCAL Component Definition"
+ "Component Definition"
],
"summary": "Returns the attachment represented by the back-matter resource UUID.",
"description": "Returns the attachment represented by the back-matter resource UUID.",
"operationId": "getComponentDefinitionAttachmentByUuid",
"parameters": [
{
- "name": "componentDefinitionID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of ComponentDefinition",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -12625,23 +12630,23 @@
},
"put": {
"tags": [
- "OSCAL Component Definition"
+ "Component Definition"
],
"summary": "Replaces the attachment represented by the resource UUID.",
"description": "Replaces the attachment represented by the resource UUID.",
"operationId": "putComponentDefinitionAttachment",
"parameters": [
{
- "name": "componentDefinitionID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of ComponentDefinition",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -12746,23 +12751,23 @@
},
"delete": {
"tags": [
- "OSCAL Component Definition"
+ "Component Definition"
],
"summary": "Deletes the attachment and associated resource.",
"description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.",
"operationId": "deleteComponentDefinitionAttachment",
"parameters": [
{
- "name": "componentDefinitionID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of ComponentDefinition",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -12836,26 +12841,26 @@
]
}
},
- "/component-definition/{componentDefinitionID}/attachment/{resourceUUID}/resource": {
+ "/component-definition/{content-uuid}/attachment/{resource-uuid}/resource": {
"get": {
"tags": [
- "OSCAL Component Definition"
+ "Component Definition"
],
"summary": "Retrieves the OSCAL back-matter / resource information.",
"description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.",
"operationId": "getComponentDefinitionAttachmentResourceBy",
"parameters": [
{
- "name": "componentDefinitionID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of ComponentDefinition",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -12936,23 +12941,23 @@
},
"put": {
"tags": [
- "OSCAL Component Definition"
+ "Component Definition"
],
"summary": "Updates the content of the back-matter resource.",
"description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.",
"operationId": "putComponentDefinitionAttachmentResource",
"parameters": [
{
- "name": "componentDefinitionID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of ComponentDefinition",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "resourceUUID",
+ "name": "resource-uuid",
"in": "path",
"description": "UUID of Back Matter Resource",
"required": true,
@@ -13065,22 +13070,22 @@
]
}
},
- "/component-definition/{componentDefinitionID}/snapshot": {
+ "/component-definition/{content-uuid}/snapshot": {
"get": {
"tags": [
- "OSCAL Component Definition"
+ "Component Definition"
],
"summary": "Returns a list of every relevant snapshot.",
"description": "Returns a list of every relevant snapshot.",
"operationId": "getComponentDefinitionSnapshot",
"parameters": [
{
- "name": "componentDefinitionID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of ComponentDefinition",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -13156,19 +13161,19 @@
},
"post": {
"tags": [
- "OSCAL Component Definition"
+ "Component Definition"
],
"summary": "Creates a snapshot of the file in its current state.",
- "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
+ "description": "Creates a snapshot of the file in its current state.The implementation must generate a v4 or v5 UUID for use as the `snapshot-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/snapshot-uuid` as the scheme value.\n\n The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
"operationId": "postComponentDefinitionSnapshot",
"parameters": [
{
- "name": "componentDefinitionID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of ComponentDefinition",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
}
],
@@ -13283,26 +13288,26 @@
]
}
},
- "/component-definition/{componentDefinitionID}/snapshot/{snapshotID}": {
+ "/component-definition/{content-uuid}/snapshot/{snapshot-uuid}": {
"get": {
"tags": [
- "OSCAL Component Definition"
+ "Component Definition"
],
- "summary": "Returns the snapshot represented by the snapshot ID.",
- "description": "Returns the snapshot represented by the snapshot ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
+ "summary": "Returns the snapshot represented by the `snapshot-uuid`.",
+ "description": "Returns the snapshot represented by the `snapshot-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n",
"operationId": "getComponentDefinitionSnapshotById",
"parameters": [
{
- "name": "componentDefinitionID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of ComponentDefinition",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -13393,23 +13398,23 @@
},
"put": {
"tags": [
- "OSCAL Component Definition"
+ "Component Definition"
],
"summary": "Modifies the snapshot description, types and labels.",
"description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n",
"operationId": "putComponentDefinitionSnapshot",
"parameters": [
{
- "name": "componentDefinitionID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of ComponentDefinition",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -13523,23 +13528,23 @@
},
"delete": {
"tags": [
- "OSCAL Component Definition"
+ "Component Definition"
],
- "summary": "Deletes the snapshot represented by the snapshot ID.",
- "description": "Deletes the snapshot represented by the snapshot ID.",
+ "summary": "Deletes the snapshot represented by the `snapshot-uuid`.",
+ "description": "Deletes the snapshot represented by the `snapshot-uuid`.",
"operationId": "deleteComponentDefinitionSnapshot",
"parameters": [
{
- "name": "componentDefinitionID",
+ "name": "content-uuid",
"in": "path",
"description": "ID of ComponentDefinition",
"required": true,
"schema": {
- "$ref": "#/components/schemas/DocId"
+ "$ref": "#/components/schemas/content-uuid"
}
},
{
- "name": "snapshotID",
+ "name": "snapshot-uuid",
"in": "path",
"description": "ID of Snapshot",
"required": true,
@@ -13626,10 +13631,7 @@
},
"OSCALCatalogXML": {
"type": "object",
- "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-catalog_catalog",
- "xml": {
- "name": "catalog"
- }
+ "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-catalog_catalog"
},
"OSCALProfile": {
"type": "object",
@@ -13641,10 +13643,7 @@
},
"OSCALProfileXML": {
"type": "object",
- "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_profile_schema.json#/definitions/assembly_oscal-profile_profile",
- "xml": {
- "name": "profile"
- }
+ "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_profile_schema.json#/definitions/assembly_oscal-profile_profile"
},
"OSCALComponentDefinition": {
"type": "object",
@@ -13656,10 +13655,7 @@
},
"OSCALComponentDefinitionXML": {
"type": "object",
- "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_component_schema.json#/definitions/assembly_oscal-component-definition_component-definition",
- "xml": {
- "name": "component-definition"
- }
+ "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_component_schema.json#/definitions/assembly_oscal-component-definition_component-definition"
},
"OSCALSystemSecurityPlan": {
"type": "object",
@@ -13671,10 +13667,7 @@
},
"OSCALSystemSecurityPlanXML": {
"type": "object",
- "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_ssp_schema.json#/definitions/assembly_oscal-ssp_system-security-plan",
- "xml": {
- "name": "system-security-plan"
- }
+ "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_ssp_schema.json#/definitions/assembly_oscal-ssp_system-security-plan"
},
"OSCALPlanOfActionAndMilestones": {
"type": "object",
@@ -13686,10 +13679,7 @@
},
"OSCALPlanOfActionAndMilestonesXML": {
"type": "object",
- "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_poam_schema.json#/definitions/assembly_oscal-poam_plan-of-action-and-milestones",
- "xml": {
- "name": "plan-of-action-and-milestones"
- }
+ "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_poam_schema.json#/definitions/assembly_oscal-poam_plan-of-action-and-milestones"
},
"OSCALAssessmentPlan": {
"type": "object",
@@ -13701,10 +13691,7 @@
},
"OSCALAssessmentPlanXML": {
"type": "object",
- "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_assessment-plan_schema.json#/definitions/assembly_oscal-ap_assessment-plan",
- "xml": {
- "name": "assessment-plan"
- }
+ "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_assessment-plan_schema.json#/definitions/assembly_oscal-ap_assessment-plan"
},
"OSCALErrorMessage": {
"type": "object",
@@ -13727,16 +13714,48 @@
},
"OSCALAssessmentResultsXML": {
"type": "object",
- "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_assessment-results_schema.json#/definitions/assembly_oscal-ar_assessment-results",
- "xml": {
- "name": "assessment-results"
- }
+ "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_assessment-results_schema.json#/definitions/assembly_oscal-ar_assessment-results"
},
"OSCALAttachmentEntry": {
- "$ref": "#/components/schemas/OSCALResource"
- },
- "OSCALAttachmentEntryXML": {
- "$ref": "#/components/schemas/OSCALResourceXML"
+ "type": "object",
+ "properties": {
+ "resource": {
+ "properties": {
+ "content-uuid": {
+ "type": "string",
+ "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"
+ },
+ "resource-uuid": {
+ "type": "string",
+ "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"
+ },
+ "title": {
+ "type": "string"
+ },
+ "description": {
+ "type": "string"
+ },
+ "document-ids": {
+ "type": "array",
+ "items": {
+ "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_document-id"
+ }
+ },
+ "citation": {
+ "$ref": "#/components/schemas/OSCALCitation"
+ },
+ "rlinks": {
+ "$ref": "#/components/schemas/OSCALRLinks"
+ },
+ "base64": {
+ "$ref": "#/components/schemas/OSCALBase64"
+ },
+ "remarks": {
+ "$ref": "#/components/schemas/OSCALRemarks"
+ }
+ }
+ }
+ }
},
"OSCALAttachments": {
"type": "object",
@@ -13744,7 +13763,7 @@
"attachment-list": {
"type": "array",
"items": {
- "$ref": "#/components/schemas/OSCALAttachmentNoBase64"
+ "$ref": "#/components/schemas/OSCALResourceNoBase64"
}
}
}
@@ -13760,15 +13779,6 @@
}
}
},
- "OSCALProfileEntryXML": {
- "type": "array",
- "items": {
- "$ref": "#/components/schemas/OSCALModelEntry"
- },
- "xml": {
- "name": "profile-list"
- }
- },
"OSCALCatalogEntry": {
"type": "object",
"properties": {
@@ -13780,15 +13790,6 @@
}
}
},
- "OSCALCatalogEntryXML": {
- "type": "array",
- "items": {
- "$ref": "#/components/schemas/OSCALModelEntry"
- },
- "xml": {
- "name": "catalog-list"
- }
- },
"OSCALSystemSecurityPlanEntry": {
"type": "object",
"properties": {
@@ -13800,15 +13801,6 @@
}
}
},
- "OSCALSystemSecurityPlanEntryXML": {
- "type": "array",
- "items": {
- "$ref": "#/components/schemas/OSCALModelEntry"
- },
- "xml": {
- "name": "system-security-plan-list"
- }
- },
"OSCALComponentDefinitionEntry": {
"type": "object",
"properties": {
@@ -13820,15 +13812,6 @@
}
}
},
- "OSCALComponentDefinitionEntryXML": {
- "type": "array",
- "items": {
- "$ref": "#/components/schemas/OSCALModelEntry"
- },
- "xml": {
- "name": "component-definition-list"
- }
- },
"OSCALAssessmentPlanEntry": {
"type": "object",
"properties": {
@@ -13840,15 +13823,6 @@
}
}
},
- "OSCALAssessmentPlanEntryXML": {
- "type": "array",
- "items": {
- "$ref": "#/components/schemas/OSCALModelEntry"
- },
- "xml": {
- "name": "assessment-plan-list"
- }
- },
"OSCALAssessmentResultsEntry": {
"type": "object",
"properties": {
@@ -13860,15 +13834,6 @@
}
}
},
- "OSCALAssessmentResultsEntryXML": {
- "type": "array",
- "items": {
- "$ref": "#/components/schemas/OSCALModelEntry"
- },
- "xml": {
- "name": "assessment-results-list"
- }
- },
"OSCALPlanOfActionAndMilestonesEntry": {
"type": "object",
"properties": {
@@ -13880,15 +13845,6 @@
}
}
},
- "OSCALPlanOfActionAndMilestonesEntryXML": {
- "type": "array",
- "items": {
- "$ref": "#/components/schemas/OSCALModelEntry"
- },
- "xml": {
- "name": "plan-of-action-and-milestones-list"
- }
- },
"OSCALProfilesEntries": {
"type": "object",
"properties": {
@@ -13977,15 +13933,6 @@
}
}
},
- "OSCALResolvedSnapshotsSnapshotsXML": {
- "type": "array",
- "items": {
- "$ref": "#/components/schemas/OSCALModelSnapshotEntry"
- },
- "xml": {
- "name": "resolved-snapshot-list"
- }
- },
"OSCALCatalogsSnapshots": {
"type": "object",
"properties": {
@@ -13997,23 +13944,6 @@
}
}
},
- "OSCALCatalogsSnapshotsXML": {
- "type": "array",
- "items": {
- "$ref": "#/components/schemas/OSCALModelSnapshotEntry"
- },
- "xml": {
- "name": "catalog-snapshot-list"
- }
- },
- "OSCALCatalogSnapshot": {
- "type": "object",
- "properties": {
- "catalog-snapshot": {
- "$ref": "#/components/schemas/OSCALModelSnapshotEntry"
- }
- }
- },
"OSCALProfilesSnapshots": {
"type": "object",
"properties": {
@@ -14025,23 +13955,6 @@
}
}
},
- "OSCALProfilesSnapshotsXML": {
- "type": "array",
- "items": {
- "$ref": "#/components/schemas/OSCALModelSnapshotEntry"
- },
- "xml": {
- "name": "profile-snapshot-list"
- }
- },
- "OSCALProfileSnapshot": {
- "type": "object",
- "properties": {
- "profile-snapshot": {
- "$ref": "#/components/schemas/OSCALModelSnapshotEntry"
- }
- }
- },
"OSCALSystemSecurityPlansSnapshots": {
"type": "object",
"properties": {
@@ -14053,37 +13966,39 @@
}
}
},
- "OSCALSystemSecurityPlansSnapshotsXML": {
- "type": "array",
- "items": {
- "$ref": "#/components/schemas/OSCALModelSnapshotEntry"
- },
- "xml": {
- "name": "system-security-plan-snapshot-list"
- }
- },
- "OSCALAttachmentNoBase64": {
+ "OSCALResourceNoBase64": {
"type": "object",
"properties": {
+ "content-uuid": {
+ "type": "string",
+ "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"
+ },
"resource-uuid": {
"type": "string",
"pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"
},
- "file-name": {
+ "title": {
"type": "string"
},
- "media-type": {
+ "description": {
"type": "string"
},
- "title": {
- "type": "string"
+ "document-ids": {
+ "type": "array",
+ "items": {
+ "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_document-id"
+ }
},
- "published": {
- "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_published"
+ "citation": {
+ "$ref": "#/components/schemas/OSCALCitation"
+ },
+ "rlinks": {
+ "$ref": "#/components/schemas/OSCALRLinks"
},
"remarks": {
- "type": "string"
- }
+ "$ref": "#/components/schemas/OSCALRemarks"
+ }
+
}
},
"OSCALResource": {
@@ -14123,42 +14038,6 @@
}
}
},
- "OSCALResourceXML": {
- "type": "object",
- "properties": {
- "uuid": {
- "type": "string",
- "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"
- },
- "title": {
- "type": "string"
- },
- "description": {
- "type": "string"
- },
- "document-ids": {
- "type": "array",
- "items": {
- "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_document-id"
- }
- },
- "citation": {
- "$ref": "#/components/schemas/OSCALCitation"
- },
- "rlinks": {
- "$ref": "#/components/schemas/OSCALRLinks"
- },
- "base64": {
- "$ref": "#/components/schemas/OSCALBase64"
- },
- "remarks": {
- "$ref": "#/components/schemas/OSCALRemarks"
- }
- },
- "xml": {
- "name": "resource"
- }
- },
"OSCALCitation": {
"type": "object",
"properties": {
@@ -14284,35 +14163,11 @@
"OSCALAttachment": {
"$ref": "#/components/schemas/OSCALResource"
},
- "OSCALAttachment64": {
- "type": "object",
- "properties": {
- "file": {
- "properties": {
- "resource-uuid": {
- "type": "string",
- "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"
- },
- "name": {
- "type": "string"
- },
- "media-type": {
- "type": "string"
- },
- "attachment-binary": {
- "type": "string",
- "format": "binary"
- }
- }
- }
- }
- },
"OSCALModelSnapshotEntry": {
"type": "object",
"properties": {
- "file-id": {
- "type": "string",
- "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"
+ "content-uuid": {
+ "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-catalog_catalog/properties/uuid"
},
"title": {
"type": "string"
@@ -14341,15 +14196,8 @@
"type": "string"
}
},
- "status": {
- "type": "string"
- },
"remarks": {
"$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_remarks"
- },
- "snapshot": {
- "type": "object",
- "$ref" : "#/components/schemas/OSCALSnapshotAttributes"
}
}
},
@@ -14385,9 +14233,8 @@
"OSCALModelEntry": {
"type": "object",
"properties": {
- "file-id": {
- "type": "string",
- "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"
+ "content-uuid": {
+ "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-catalog_catalog/properties/uuid"
},
"title": {
"type": "string"
@@ -14421,14 +14268,6 @@
}
}
},
- "OSCALSystemSecurityPlanSnapshot": {
- "type": "object",
- "properties": {
- "system-security-plan-snapshot": {
- "$ref": "#/components/schemas/OSCALModelSnapshotEntry"
- }
- }
- },
"OSCALAssessmentPlansSnapshots": {
"type": "object",
"properties": {
@@ -14440,23 +14279,6 @@
}
}
},
- "OSCALAssessmentPlanSnapshot": {
- "type": "object",
- "properties": {
- "assessment-snapshot": {
- "$ref": "#/components/schemas/OSCALModelSnapshotEntry"
- }
- }
- },
- "OSCALAssessmentPlansSnapshotsXML": {
- "type": "array",
- "items": {
- "$ref": "#/components/schemas/OSCALModelSnapshotEntry"
- },
- "xml": {
- "name": "assessment-plan-snapshot-list"
- }
- },
"OSCALComponentDefinitionsSnapshots": {
"type": "object",
"properties": {
@@ -14468,23 +14290,6 @@
}
}
},
- "OSCALComponentDefinitionsSnapshotsXML": {
- "type": "array",
- "items": {
- "$ref": "#/components/schemas/OSCALModelSnapshotEntry"
- },
- "xml": {
- "name": "component-definition-snapshot-list"
- }
- },
- "OSCALComponentDefinitionSnapshot": {
- "type": "object",
- "properties": {
- "component-definition-snapshot": {
- "$ref": "#/components/schemas/OSCALModelSnapshotEntry"
- }
- }
- },
"OSCALAssessmentResultsListSnapshots": {
"type": "object",
"properties": {
@@ -14496,23 +14301,6 @@
}
}
},
- "OSCALAssessmentResultsListSnapshotsXML": {
- "type": "array",
- "items": {
- "$ref": "#/components/schemas/OSCALModelSnapshotEntry"
- },
- "xml": {
- "name": "assessment-results-snapshot-list"
- }
- },
- "OSCALAssessmentResultsSnapshot": {
- "type": "object",
- "properties": {
- "assessment-results-snapshot": {
- "$ref": "#/components/schemas/OSCALModelSnapshotEntry"
- }
- }
- },
"OSCALPlanOfActionAndMilestonesListSnapshots": {
"type": "object",
"properties": {
@@ -14524,34 +14312,14 @@
}
}
},
- "OSCALPlanOfActionAndMilestonesListSnapshotsXML": {
- "type": "array",
- "items": {
- "$ref": "#/components/schemas/OSCALModelSnapshotEntry"
- },
- "xml": {
- "name": "plan-of-action-and-milestones-list"
- }
- },
- "OSCALPlanOfActionAndMilestonesSnapshot": {
- "type": "object",
- "properties": {
- "plan-of-action-and-milestones-snapshot": {
- "$ref": "#/components/schemas/OSCALModelSnapshotEntry"
- }
- }
- },
"Token": {
"type": "string",
"minLength": 1,
"maxLength": 72,
"pattern": "^(\\p{Ll}|_)(\\p{L}|\\p{N}|[.\\-_])*$"
},
- "DocId": {
- "type": "string",
- "minLength": 1,
- "maxLength": 72,
- "pattern": "^(\\p{Ll}|_)(\\p{L}|\\p{N}|[.\\-_])*$"
+ "content-uuid": {
+ "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-catalog_catalog/properties/uuid"
}
},
"securitySchemes": {
diff --git a/README.md b/README.md
index fa844cd..1bde3d6 100644
--- a/README.md
+++ b/README.md
@@ -12,8 +12,17 @@ For more information, vist and bookmark [https://docs.oscal.io/docs/oscal-rest-o
All endpoint syntax is provided as:
-|`METHOD /{model-name}`
`METHOD /{model-name}/{identifier}`
`METHOD /{model-name}/{identifier}/snapshot`
`METHOD /{model-name}/{identifier}/snapshot/{identifier}`
`METHOD /{model-name}/{identifier}/attachment`
`METHOD /{model-name}/{identifier}/attachment/{resource-uuid}`
`METHOD /{model-name}/{identifier}/attachment/{resource-uuid}/resource`|
-|:--- |
+| METHODS | ENDPOINTS |
+|:--- |:--- |
+| `GET`, `POST` | `/{model-name}` |
+| `GET`, `PUT`, `DELETE` | `/{model-name}/{content-uuid}` |
+| `GET`, `POST` | `/{model-name}/{content-uuid}/attachment` |
+| `GET`, `PUT`, `DELETE` | `/{model-name}/{content-uuid}/attachment/{resource-uuid}` |
+| `GET`, `POST` | `/{model-name}/{content-uuid}/snapshot` |
+| `GET`, `PUT`, `DELETE` | `{model-name}/{content-uuid}/snapshot/{snapshot-uuid}` |
+
+
+
The `{model-name}` is always one of the seven root-level OSCAL model names exactly as they are defined in the OSCAL syntax. Simply replace `{model-name}` with one of the following:
@@ -27,23 +36,30 @@ The `{model-name}` is always one of the seven root-level OSCAL model names exact
Profiles have additional endpoints related to profile resolution:
-|`METHOD /profile/{identifier}/resolved-catalog`
`METHOD /profile/{identifier}/resolved-snapshot`
`METHOD /profile/{identifier}/resolved-snapshot/{identifier}`|
-|:--- |
+| METHODS | ENDPOINTS |
+|:--- |:--- |
+| `GET` | `/profile/{content-uuid}/resolved-catalog` |
+| `GET`, `POST` | `/profile/{content-uuid}/resolved-snapshot` |
+| `GET`, `PUT`, `DELETE` | `/{model-name}/{content-uuid}/resolved-snapshot-uuid` |
+
## Known Issue: XML Expression
-When the specification calls for OSCAL content to be accepted or returned, the content must be fully OSCAL valid. Even if the specification shows a non-compliant schema or example.
+There is a known OpenAPI issue that prevents proper definition of OSCAL XML schemas.
+
+**When the specification calls for OSCAL content to be accepted or returned, the content must be fully valid OSCAL per the NIST standard, even if the specification shows a non-compliant schema or example.**
+
+### Additional Information
-There is a known-issue that prevents proper expression of OSCAL XML content in OpenAPI.
+All versions of the OpenAPI specification only accept JSON schema definitions, and attempts to derive any XML schema from the JSON schema.
-XML elements have both _attributes_ and _children_. JSON elements only have _children_. There is no way to specify an element _attribute_ using a JSON schema.
+The issue is JSON elements only have _children_, while XML elements have both _attributes_ and _children_. There is no way to specify an OSCAL XML element _attributes_ using a JSON schema. As a result all OpenAPI viewers and code generators incorrectly represent OSCAL XML element _attributes_ as element _children_.
-All versions of the OpenAPI specification, up to and including 3.1, only accept JSON schema definitions. As a result all OpenAPI viewers and code generators incorrectly represent OSCAL XML element _attributes_ as element _children_.
## Viewing / Editing
The proposed OSCAL REST OpenAPI specification is expressed using the OpenAPI 3.1 standard:
-[RAW](OSCALRestOpenAPI.json) | [VIEWER](https://raw.githack.com/EasyDynamics/oscal-rest/develop/viewer/index.html?url=https://raw.githubusercontent.com/EasyDynamics/oscal-rest/develop/OSCALRestOpenAPI.json)
+[RAW](OSCALRestOpenAPI.json) | [VIEWER](https://editor.swagger.io?url=https://raw.githubusercontent.com/EasyDynamics/oscal-rest/develop/OSCALRestOpenAPI.json)
## Contributing and Feedback