[DONOTMERGE] Fix constraints and constraint test files per issue #773

[Rene2mt]

Committer Notes

This PR makes constraint, baseline, and example content (a.k.a. "template") updates to resolve issue #773

Specifically, it makes the following changes:

• For FedRAMP extension properties, changes namespace from "https://fedramp.gov/ns/oscal" to "http://fedramp.gov/ns/oscal"
• For the SSP identifier-type, changes the value from "https://fedramp.gov/ns/oscal" to "http://fedramp.gov/ns/oscal"
• For POA&M facets, changes the system flag from "https://fedramp.gov" to "http://fedramp.gov/ns/oscal"

All Submissions:

• Have you selected the correct base branch per Contributing guidance?
• Have you set "Allow edits and access to secrets by maintainers"?
• Have you checked to ensure there aren't other open Pull Requests for the same update/change?
• Have you squashed any non-relevant commits and commit messages? [instructions]
• Have you added an explanation of what your changes do and why you'd like us to include them?
• If applicable, have all FedRAMP Documents Related to OSCAL Adoption affected by the changes in this issue have been updated.?
• If applicable, does this PR reference the issue it addresses and explain how it addresses the issue?

By submitting a pull request, you are agreeing to provide this contribution under the CC0 1.0 Universal public domain dedication.

[aj-stein-gsa]

@Rene2mt, I assume we are staging this PR for discussion on Wednesday, if I get your message and our previous conversations?

Either way, thanks for putting this work together. This will be useful to drive discussion.

[DimitriZhurkin]

Sorry to chime in quite late. I think all files in the latest branch already have instances of http:/ replaced with https:/.

Apologies if I'm off the track.

[Gabeblis]

Is the goal to update every occurrence of ns="https..." in the repo? If so, this seems a little light.

[wandmagic]

Any chance we can just use gov.fedramp.oscal namespace? Makes more sense to me

[aj-stein-gsa]

Any chance we can just use gov.fedramp.oscal namespace? Makes more sense to me

I mean could we? Sure. Is it valid within the spec of URIs? Not quite, especially when you consider we have a full URI with a subpath, so you are proposing gov.fedramp.oscal/ns/oscal in full?

Technically speaking (because we are that kind of group), reverse DNS notation is not how an actual domain works in a URI, more details in the official RFC about the host requirement.

[wandmagic]

then could we just have fedramp.gov/ns/oscal? the confusing part for me is when i see http i expect to be able to send traffic to that domain over http protocol

As the Metaschema documentation describes the URI data type with that RFC, the short answer is nope. Scheme is not optional AFAICT.

https://datatracker.ietf.org/doc/html/rfc3986#section-3

Interesting that we do not enforce this through matches or something akin to that, I will look into that upstream actually.