< Return to Calendar

* OHDF TC Meeting (Conference Call)
Name * OHDF TC Meeting (Conference Call)
Time Wednesday, 10 January 2024, 05:00pm to 06:00pm UTC
(Wednesday, 10 January 2024, 05:00pm to 06:00pm UTC)
Description

Topic: OHDF January 2024 Meeting
Time: Jan 10, 2024 12:00 PM Eastern Time (US and Canada)

Join ZoomGov Meeting
https://mitre.zoomgov.com/j/1615093982

Meeting ID: 161 509 3982
One tap mobile
+16692545252,,1615093982# US (San Jose)
+16468287666,,1615093982# US (New York)

Dial by your location
        +1 669 254 5252 US (San Jose)
        +1 646 828 7666 US (New York)
        +1 646 964 1167 US (US Spanish Line)
        +1 551 285 1373 US (New Jersey)
        +1 669 216 1590 US (San Jose)
        +1 415 449 4000 US (US Spanish Line)
Meeting ID: 161 509 3982
Find your local number: https://mitre.zoomgov.com/u/aeBviT6wQp

Join by SIP
1615093982@sip.zoomgov.com

Join by H.323
161.199.138.10 (US West)
161.199.136.10 (US East)
Meeting ID: 161 509 3982
Agenda
  • Introductions from the TC leadership (MITRE, industry leaders, OASIS Open personnel)
  • Establishing regular TC cadence
    • Current suggestion: Monthly
  • Current state of OHDF
  • Plans for next phase of activity
    • Capture and formalize current OHDF schema
      • Current suggestion: use [NIST Metaschema](https://pages.nist.gov/metaschema/)
      •  Open call for other suggestions from TC
      • Resolves open PR on [Seed Contribution InSpecJS Schemas](https://github.com/oasis-tcs/ohdf/pull/4)
    • Develop the next data elements to be established for OHDF v1.0 draft
      • Current suggestions:
        • "Target Data" -- the system to which the OHDF data pertains
        • "Overall Control Status" -- dictates the "final" state of the control after all post-processing (attestations, waivers, etc.) is applied; can be used to override control state via attestations and waivers
        • "Run Identifier" -- a UUID of some kind to differentiate the same OHDF-formatted scan run against the same target multiple times
          • Resolves issues raised by users regarding OHDF not having any IDs for individual runs
        • "Adjudicated Control" -- boolean which is flipped to True if the Overall Control Status was changed by an attestation or waiver
          • Resolves concerns that attestations and waivers could be a "thumb on the scale" that would not be clear from the OHDF data
  • Next datatype integration research
    • Current suggestion: Integrating SBOM data into OHDF
    • Open call for other suggestions from TC
  • Open floor for TC members
Submitter Mr. Stefan Hagen
GroupOASIS Heimdall Data Format (OHDF) TC
Access This event is visible to OASIS Heimdall Data Format (OHDF) TC and shared with
  • OASIS Open (General Membership)
  • General Public