Schema Change request

At present datatype for var_ref allows multiple types--- in reality
there is only one possible type, "string"

<var_ref datatype="string">oval:gov.nist.fdcc.xp:var:29</var_ref>

This can result in bad content that is NOT caught by a schema check.

            <variable_object
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
id="oval:gov.nist.fdcc.xp:obj:66725" version="1">
                  <var_ref
datatype="int">oval:gov.nist.fdcc.xp:var:6672</var_ref>
            </variable_object>

Clearly, oval:gov.nist.fdcc.xp:var:6672 is NOT an int.
-----------------------
May I suggest that either the datatype be changed to be "string" ONLY,
or the attribute datatype removed as obsolete.

Thanks

To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DISCUSSION-LIST-request@....

Responses inline below.

Sent from my iPhone

On Jul 9, 2008, at 11:27 AM, Ken Lassesen <ken.lassesen@...>  
wrote:

I agree entirely with this conclusion. ;)

>
> -----------------------
> May I suggest that either the datatype be changed to be "string" ONLY,
> or the attribute datatype removed as obsolete.

However, I can think of numerous instances where a var_ref element may  
reference an integer. Take for example the variable reference of a  
port definition within the /etc/services file of a *nix system. This  
file specifies IANA defined ports and custom port configurations for  
the TOE. It is trivial to imagine utilizing variable reference in this  
context during a configuration or compliance evaluation.

>
>
> Thanks
>
> To unsubscribe, send an email message to LISTSERV@... with
> SIGNOFF OVAL-DISCUSSION-LIST
> in the BODY of the message.  If you have difficulties, write to OVAL-DISCUSSION-LIST-request@...
> .

To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DISCUSSION-LIST-request@....

You are missing the key item... this is pointing to for example, a
<external_variable ...  which has a @datatype specified THERE.
This is where there is confusion.... var_ref describes an OVAL object
and NOT a data element. WHERE IT IS POINTED TO, contains YAD (Yet
Another Datatype) that describes the data....

For example:

<external_variable id="oval:gov.nist.fdcc.xp:var:24" version="1"
comment="number of passwords remembered" datatype="int"/>
<external_variable id="oval:gov.nist.fdcc.xp:var:13" version="1"
comment="are passwords stored using reversible encrption"
datatype="boolean"/>
<external_variable id="oval:gov.nist.fdcc.xp:var:29" version="1"
comment="Audit account logon events" datatype="string">
<local_variable id="oval:gov.nist.fdcc.xp:var:1" version="1"
comment="Windows system32 directory" datatype="string">
                       

-----Original Message-----
From: Thomas R. Jones [mailto:thomas.jones@...]

> -----------------------
> May I suggest that either the datatype be changed to be "string" ONLY,
> or the attribute datatype removed as obsolete.

However, I can think of numerous instances where a var_ref element may  
reference an integer. Take for example the variable reference of a  
port definition within the /etc/services file of a *nix system. This  
file specifies IANA defined ports and custom port configurations for  
the TOE. It is trivial to imagine utilizing variable reference in this  
context during a configuration or compliance evaluation.

To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DISCUSSION-LIST-request@....

It all depends on whether the datatype attribute on var_ref is intended
to specify the contents of the var_ref element, which seems kind of
pointless, or the datatype of the variable being referenced, which as
you have pointed out is redundant.

Is this spelled out somewhere in the OVAL documentation?

-----Original Message-----
From: Ken Lassesen [mailto:ken.lassesen@...]
Sent: Wednesday, July 09, 2008 2:13 PM
To: OVAL-DISCUSSION-LIST@...
Subject: Re: [OVAL-DISCUSSION-LIST] Schema Change request

You are missing the key item... this is pointing to for example, a
<external_variable ...  which has a @datatype specified THERE.
This is where there is confusion.... var_ref describes an OVAL object
and NOT a data element. WHERE IT IS POINTED TO, contains YAD (Yet
Another Datatype) that describes the data....

For example:

<external_variable id="oval:gov.nist.fdcc.xp:var:24" version="1"
comment="number of passwords remembered" datatype="int"/>
<external_variable id="oval:gov.nist.fdcc.xp:var:13" version="1"
comment="are passwords stored using reversible encrption"
datatype="boolean"/>
<external_variable id="oval:gov.nist.fdcc.xp:var:29" version="1"
comment="Audit account logon events" datatype="string"> <local_variable
id="oval:gov.nist.fdcc.xp:var:1" version="1"
comment="Windows system32 directory" datatype="string">
                       

-----Original Message-----
From: Thomas R. Jones [mailto:thomas.jones@...]

> -----------------------
> May I suggest that either the datatype be changed to be "string" ONLY,

> or the attribute datatype removed as obsolete.

However, I can think of numerous instances where a var_ref element may
reference an integer. Take for example the variable reference of a port
definition within the /etc/services file of a *nix system. This file
specifies IANA defined ports and custom port configurations for the TOE.
It is trivial to imagine utilizing variable reference in this context
during a configuration or compliance evaluation.

To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message.  If you have
difficulties, write to OVAL-DISCUSSION-LIST-request@....

To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DISCUSSION-LIST-request@....

I believe that we are referring to the var_ref element in the
variable_object. That element is based on the
EntityObjectVariableRefType. The annotation on the
EntityObjectVariableRefType says:

"The EntityObjectVariableRefType complex type defines a string object
entity that has a valid OVAL variable id as the value..."

We can find the intent of the datatype attribute by following the chain
of the schema up to the schema type that defiens the datatype
attribute. Here is the path to follow:
The EntityObjectVariableRefType is based on a restriction of the
EntityObjectStringType.
The EntityObjectStringType is a based on a restriction of the
EntityObjectBaseType.
The EntityObjectBaseType is an extension of the EntityBaseType.
The EntityBaseType defines the datatype attribute. There you will find
the following documentation:

"The optional datatype attribute specifies how the given operation
should be applied to the data. (the default datatype is 'string') An
example is with the statement 'is 123 less than 98'. If the data is
treated as integers the answer is no, but if the data is treated as
strings, then the answer is yes. Specifying a datatype details how the
less than operation should be performed. Another way of thinking of
things is that the datatype attribute specifies how the data should be
cast before performing the operation. In the previous example, if the
datatype is set to int, then '123' and '98' should be cast as integers.
If a cast can not be made, (trying to cast 'abc' to an integer) then an
error should be thrown. Another example is applying the 'equal'
operation to '1.0.0.0' and '1.0'. With datatype 'string' they are not
equal, with datatype 'version' they are."

Having read through this description I can see that the 'data' is never
really defined. We can clarify this in the next update to the
documentation. 'data' is intended to mean the value of the
EntityBaseType element or the values retrieved through any variable
referenced by the var_ref attribute on the element.

Basically the datatype you are asking about refers to the id of a
variable. Variables have a defined id format that is based on a string.
The Schematron rules in the schema restrict the allowed datatype
attribute value to string. This datatype is not at all related to the
datatype of the data that the variable being referenced actually
identifies.

Does that help, or simply further the confusion?

Jon

============================================
Jonathan O. Baker
The MITRE Corporation
Email: bakerj@...



>-----Original Message-----
>From: Harrison, Timothy [USA] [mailto:harrison_timothy@...]
>Sent: Friday, July 11, 2008 3:09 PM
>To: oval-discussion-list OVAL Discussion List/Closed Public Discussi
>Subject: Re: [OVAL-DISCUSSION-LIST] Schema Change request
>
>It all depends on whether the datatype attribute on var_ref is
intended <local_variable
>id="oval:gov.nist.fdcc.xp:var:1" version="1"
>comment="Windows system32 directory" datatype="string">
>
>
>-----Original Message-----
>From: Thomas R. Jones [mailto:thomas.jones@...]
>
>> -----------------------
>> May I suggest that either the datatype be changed to be "string"
ONLY,
>
>> or the attribute datatype removed as obsolete.
>
>However, I can think of numerous instances where a var_ref element may
>reference an integer. Take for example the variable reference of a
port
>definition within the /etc/services file of a *nix system. This file
>specifies IANA defined ports and custom port configurations for the
TOE.
To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DISCUSSION-LIST-request@....

The question to me is this,
   If an attribute can only have one possible value "string" and is
required --- why have it? It does not add value... and potentially adds
cost by the confusion that can arise....

-----Original Message-----
From: Baker, Jon [mailto:bakerj@...]

Basically the datatype you are asking about refers to the id of a
variable. Variables have a defined id format that is based on a string.
The Schematron rules in the schema restrict the allowed datatype
attribute value to string. This datatype is not at all related to the
datatype of the data that the variable being referenced actually
identifies.

Does that help, or simply further the confusion?

Jon

============================================
Jonathan O. Baker
The MITRE Corporation
Email: bakerj@...

To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DISCUSSION-LIST-request@....

The datatype attribute is optional with a default of string.  So in the
example you posted I don't think you need to specify the datatype.
Even though there is only one possible value, we have felt that it is a
good thing to keep so that this entity resembles the other entities in
OVAL.  Hopefully having a common structure makes the language easier to
learn and understand.  Agree?

Thanks
Drew




>-----Original Message-----
>From: Ken Lassesen [mailto:ken.lassesen@...]
>Sent: Monday, July 14, 2008 8:29 PM
>To: oval-discussion-list OVAL Discussion List/Closed Public Discussi
>Subject: Re: [OVAL-DISCUSSION-LIST] Schema Change request
>
>The question to me is this,
>   If an attribute can only have one possible value "string" and is
>required --- why have it? It does not add value... and potentially
adds
>cost by the confusion that can arise....
>
>-----Original Message-----
>From: Baker, Jon [mailto:bakerj@...]
>
>Basically the datatype you are asking about refers to the id of a
>variable. Variables have a defined id format that is based on a
string.
To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DISCUSSION-LIST-request@....

Jon,

Just to make sure I follow you correctly.

Where oval:foo.bar:var:1 is of type integer.

This is correct:
<var_ref>oval:foo.bar:var:1<var_ref>

This is incorrect:
<var_ref datatype="int">oval:foo.bar:var:1<var_ref>

However, if oval:foo.bar:var:1 referenced an object of type integer this
would be correct.
<var_ref datatype="int" var_ref="oval:foo.bar:var:1"/>

Thanks,
Tim

-----Original Message-----
From: Baker, Jon [mailto:bakerj@...]
Sent: Friday, July 11, 2008 4:08 PM
To: OVAL-DISCUSSION-LIST@...
Subject: Re: [OVAL-DISCUSSION-LIST] Schema Change request

I believe that we are referring to the var_ref element in the
variable_object. That element is based on the
EntityObjectVariableRefType. The annotation on the
EntityObjectVariableRefType says:

"The EntityObjectVariableRefType complex type defines a string object
entity that has a valid OVAL variable id as the value..."

We can find the intent of the datatype attribute by following the chain
of the schema up to the schema type that defiens the datatype attribute.
Here is the path to follow:
The EntityObjectVariableRefType is based on a restriction of the
EntityObjectStringType.
The EntityObjectStringType is a based on a restriction of the
EntityObjectBaseType.
The EntityObjectBaseType is an extension of the EntityBaseType.
The EntityBaseType defines the datatype attribute. There you will find
the following documentation:

"The optional datatype attribute specifies how the given operation
should be applied to the data. (the default datatype is 'string') An
example is with the statement 'is 123 less than 98'. If the data is
treated as integers the answer is no, but if the data is treated as
strings, then the answer is yes. Specifying a datatype details how the
less than operation should be performed. Another way of thinking of
things is that the datatype attribute specifies how the data should be
cast before performing the operation. In the previous example, if the
datatype is set to int, then '123' and '98' should be cast as integers.
If a cast can not be made, (trying to cast 'abc' to an integer) then an
error should be thrown. Another example is applying the 'equal'
operation to '1.0.0.0' and '1.0'. With datatype 'string' they are not
equal, with datatype 'version' they are."

Having read through this description I can see that the 'data' is never
really defined. We can clarify this in the next update to the
documentation. 'data' is intended to mean the value of the
EntityBaseType element or the values retrieved through any variable
referenced by the var_ref attribute on the element.

Basically the datatype you are asking about refers to the id of a
variable. Variables have a defined id format that is based on a string.
The Schematron rules in the schema restrict the allowed datatype
attribute value to string. This datatype is not at all related to the
datatype of the data that the variable being referenced actually
identifies.

Does that help, or simply further the confusion?

Jon

============================================
Jonathan O. Baker
The MITRE Corporation
Email: bakerj@...



>-----Original Message-----
>From: Harrison, Timothy [USA] [mailto:harrison_timothy@...]
>Sent: Friday, July 11, 2008 3:09 PM
>To: oval-discussion-list OVAL Discussion List/Closed Public Discussi
>Subject: Re: [OVAL-DISCUSSION-LIST] Schema Change request
>
>It all depends on whether the datatype attribute on var_ref is
intended <local_variable
>id="oval:gov.nist.fdcc.xp:var:1" version="1"
>comment="Windows system32 directory" datatype="string">
>
>
>-----Original Message-----
>From: Thomas R. Jones [mailto:thomas.jones@...]
>
>> -----------------------
>> May I suggest that either the datatype be changed to be "string"
ONLY,
>
>> or the attribute datatype removed as obsolete.
>
>However, I can think of numerous instances where a var_ref element may
>reference an integer. Take for example the variable reference of a
port
>definition within the /etc/services file of a *nix system. This file
>specifies IANA defined ports and custom port configurations for the
TOE.
To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message.  If you have
difficulties, write to OVAL-DISCUSSION-LIST-request@....

To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DISCUSSION-LIST-request@....

Tim,

You are close.

>
>Just to make sure I follow you correctly.
>
>Where oval:foo.bar:var:1 is of type integer.
>
>This is correct:
><var_ref>oval:foo.bar:var:1<var_ref>
>

You are correct!

>This is incorrect:
><var_ref datatype="int">oval:foo.bar:var:1<var_ref>
>

You are correct! This is not allowed. The datatype attribute here is
referring to the string "oval:foo.bar:var:1", and nothing else. It has
no bearing on the value retrieved from "oval:foo.bar:var:1".

>However, if oval:foo.bar:var:1 referenced an object of type integer
this
>would be correct.
><var_ref datatype="int" var_ref="oval:foo.bar:var:1"/>
>

This is never correct regardless of the datatype that
"oval:foo.bar:var:1" returns. The datatype of the "oval:foo.bar:var:1"
is specified on the variable itself, not the reference to the variable.

Does this help?

Regards,

Jon

To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DISCUSSION-LIST-request@....

Problem is that

<var_ref datatype="int" var_ref="oval:foo.bar:var:1"/>

would violates the schema. There is no var_ref element (that I can locate)

We are taking about the
<external_variable
element

Ken Lassesen
Lassesen Consulting, LLC, http://lassesen.com
MSNMessenger: Ken@...
Office: 206-734-4718  Home: 360-724-3190  Fax: 952-516-5077
Cell:360-509-2402 Skype:Ken.Lassesen

CONFIDENTIALITY NOTICE

The information contained in this electronic message may contain
confidential and priviledged information and is intended only for use by the
individual(s) or entity(ies) to whom it was addressed.  Any unauthorized
review, use, disclosure, or distribution of this communication is strictly
prohibited.  If you are not the intended recipient, please contact the
sender by reply email and permanently delete and destroy the original
message.
----- Original Message -----
From: "Harrison, Timothy [USA]" <harrison_timothy@...>
To: <OVAL-DISCUSSION-LIST@...>
Sent: Friday, July 18, 2008 8:00 AM
Subject: Re: [OVAL-DISCUSSION-LIST] Schema Change request


Jon,

Just to make sure I follow you correctly.

Where oval:foo.bar:var:1 is of type integer.

This is correct:
<var_ref>oval:foo.bar:var:1<var_ref>

This is incorrect:
<var_ref datatype="int">oval:foo.bar:var:1<var_ref>

However, if oval:foo.bar:var:1 referenced an object of type integer this
would be correct.
<var_ref datatype="int" var_ref="oval:foo.bar:var:1"/>

Thanks,
Tim

-----Original Message-----
From: Baker, Jon [mailto:bakerj@...]
Sent: Friday, July 11, 2008 4:08 PM
To: OVAL-DISCUSSION-LIST@...
Subject: Re: [OVAL-DISCUSSION-LIST] Schema Change request

I believe that we are referring to the var_ref element in the
variable_object. That element is based on the
EntityObjectVariableRefType. The annotation on the
EntityObjectVariableRefType says:

"The EntityObjectVariableRefType complex type defines a string object
entity that has a valid OVAL variable id as the value..."

We can find the intent of the datatype attribute by following the chain
of the schema up to the schema type that defiens the datatype attribute.
Here is the path to follow:
The EntityObjectVariableRefType is based on a restriction of the
EntityObjectStringType.
The EntityObjectStringType is a based on a restriction of the
EntityObjectBaseType.
The EntityObjectBaseType is an extension of the EntityBaseType.
The EntityBaseType defines the datatype attribute. There you will find
the following documentation:

"The optional datatype attribute specifies how the given operation
should be applied to the data. (the default datatype is 'string') An
example is with the statement 'is 123 less than 98'. If the data is
treated as integers the answer is no, but if the data is treated as
strings, then the answer is yes. Specifying a datatype details how the
less than operation should be performed. Another way of thinking of
things is that the datatype attribute specifies how the data should be
cast before performing the operation. In the previous example, if the
datatype is set to int, then '123' and '98' should be cast as integers.
If a cast can not be made, (trying to cast 'abc' to an integer) then an
error should be thrown. Another example is applying the 'equal'
operation to '1.0.0.0' and '1.0'. With datatype 'string' they are not
equal, with datatype 'version' they are."

Having read through this description I can see that the 'data' is never
really defined. We can clarify this in the next update to the
documentation. 'data' is intended to mean the value of the
EntityBaseType element or the values retrieved through any variable
referenced by the var_ref attribute on the element.

Basically the datatype you are asking about refers to the id of a
variable. Variables have a defined id format that is based on a string.
The Schematron rules in the schema restrict the allowed datatype
attribute value to string. This datatype is not at all related to the
datatype of the data that the variable being referenced actually
identifies.

Does that help, or simply further the confusion?

Jon

============================================
Jonathan O. Baker
The MITRE Corporation
Email: bakerj@...



>-----Original Message-----
>From: Harrison, Timothy [USA] [mailto:harrison_timothy@...]
>Sent: Friday, July 11, 2008 3:09 PM
>To: oval-discussion-list OVAL Discussion List/Closed Public Discussi
>Subject: Re: [OVAL-DISCUSSION-LIST] Schema Change request
>
>It all depends on whether the datatype attribute on var_ref is
intended <local_variable
>id="oval:gov.nist.fdcc.xp:var:1" version="1"
>comment="Windows system32 directory" datatype="string">
>
>
>-----Original Message-----
>From: Thomas R. Jones [mailto:thomas.jones@...]
>
>> -----------------------
>> May I suggest that either the datatype be changed to be "string"
ONLY,
>
>> or the attribute datatype removed as obsolete.
>
>However, I can think of numerous instances where a var_ref element may
>reference an integer. Take for example the variable reference of a
port
>definition within the /etc/services file of a *nix system. This file
>specifies IANA defined ports and custom port configurations for the
TOE.
To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message.  If you have
difficulties, write to OVAL-DISCUSSION-LIST-request@....

To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to
OVAL-DISCUSSION-LIST-request@....

To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DISCUSSION-LIST-request@....

I believe that we are referring to the var_ref element in the
variable_object. This is defined in the independent schema. Last Friday
I walked through the trace from the definition of the var_ref element
up to the datatype attribute and tried to explain what the datatype
attribute means. If you are referring to an issue or question related
to external variables let's explore that on a separate thread. I would
like to avoid further confusion on this issue.

Thanks

Jon

============================================
Jonathan O. Baker
The MITRE Corporation
Email: bakerj@...


by
>the
>individual(s) or entity(ies) to whom it was addressed.  Any
unauthorized this chain
>of the schema up to the schema type that defiens the datatype
attribute. integers.
>If a cast can not be made, (trying to cast 'abc' to an integer) then
an
>error should be thrown. Another example is applying the 'equal'
>operation to '1.0.0.0' and '1.0'. With datatype 'string' they are not
>equal, with datatype 'version' they are."
>
>Having read through this description I can see that the 'data' is
never
>really defined. We can clarify this in the next update to the
>documentation. 'data' is intended to mean the value of the
>EntityBaseType element or the values retrieved through any variable
>referenced by the var_ref attribute on the element.
>
>Basically the datatype you are asking about refers to the id of a
>variable. Variables have a defined id format that is based on a
string. may
>>reference an integer. Take for example the variable reference of a
>port
>>definition within the /etc/services file of a *nix system. This file
>>specifies IANA defined ports and custom port configurations for the
>TOE.
>>It is trivial to imagine utilizing variable reference in this context
>>during a configuration or compliance evaluation.
>>
>>To unsubscribe, send an email message to LISTSERV@...
with
>>SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message.  If you have
>>difficulties, write to OVAL-DISCUSSION-LIST-request@....
>>
>>To unsubscribe, send an email message to LISTSERV@...
with
To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DISCUSSION-LIST-request@....

If you trace back the thread, the schema change request was on the
<external_variable element.

-----Original Message-----
From: Baker, Jon [mailto:bakerj@...]
Sent: Friday, July 18, 2008 9:14 AM
To: OVAL-DISCUSSION-LIST@...
Subject: Re: [OVAL-DISCUSSION-LIST] Schema Change request

I believe that we are referring to the var_ref element in the
variable_object. This is defined in the independent schema. Last Friday
I walked through the trace from the definition of the var_ref element
up to the datatype attribute and tried to explain what the datatype
attribute means. If you are referring to an issue or question related
to external variables let's explore that on a separate thread. I would
like to avoid further confusion on this issue.

Thanks

Jon

============================================
Jonathan O. Baker
The MITRE Corporation
Email: bakerj@...

To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DISCUSSION-LIST-request@....

Ken,

I guess I am confused. I traced the thread back to your original
message (sent Wed 7/9/2008 12:28 PM). In that message you pasted in a
<variable_object> and its child <var_ref> element. I assumed you were
talking about the datatype attribute present on that <var_ref> element.
Can you clarify your question for me so that I can help?

Here is the original message:
---------------------------------------
At present datatype for var_ref allows multiple types--- in reality
there is only one possible type, "string"

<var_ref datatype="string">oval:gov.nist.fdcc.xp:var:29</var_ref>

This can result in bad content that is NOT caught by a schema check.

<variable_object xmlns="..." id="oval:gov.nist.fdcc.xp:obj:66725"
version="1">
  <var_ref datatype="int">oval:gov.nist.fdcc.xp:var:6672</var_ref>
</variable_object>

Clearly, oval:gov.nist.fdcc.xp:var:6672 is NOT an int.
-----------------------
May I suggest that either the datatype be changed to be "string" ONLY,
or the attribute datatype removed as obsolete.

============================================
Jonathan O. Baker
The MITRE Corporation
Email: bakerj@...


Friday
To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DISCUSSION-LIST-request@....