100 likes | 307 Views
Schematron. Roger L. Costello 18 July 2007. Schema Language. rule-based (data relationships). grammar-based (structure, form, syntax). DTD. XML Schema. Relax NG. Schematron. Purpose. Two Types of Schema Languages http://www.xfront.com/schematron/Two-types-of-XML-Schema-Language.html.
E N D
Schematron Roger L. Costello 18 July 2007
Schema Language rule-based (data relationships) grammar-based (structure, form, syntax) DTD XML Schema Relax NG Schematron Purpose • Two Types of Schema Languages • http://www.xfront.com/schematron/Two-types-of-XML-Schema-Language.html
Purpose • Schematron Usage and Features • http://www.xfront.com/schematron/Schematron-Usage-and-Features.html Schematron Co-constraints Algorithmic Cardinality
How it Works • Overview • http://www.xfront.com/schematron/overview.html
Use Cases • Validating Co-constraints • http://www.xfront.com/schematron/co-constraints.html • Validating Cardinality • http://www.xfront.com/schematron/cardinality.html • Algorithmic Constraint Checking • http://www.xfront.com/schematron/algorithms.html
Who's Using It • Open Vulnerability and Assessment Language (OVAL™): the standard for determining vulnerability and configuration issues on computer systems • "OVAL is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community. The language standardizes the three main steps of the assessment process: representing configuration information of systems for testing; analyzing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.); and reporting the results of this assessment. The repositories are collections of publicly available and open content that utilize the language." • "There are many things that cannot be validated with W3C Schema. Maybe the most pertinent example is trying to validate that a particular element exists based on the value of an attribute. To validate these types of conditions, ISO Schematron rules have been included with the OVAL Schema." • Homepage: http://oval.mitre.org/ • Schematron Schemas: • http://oval.mitre.org/language/download/schema/version5.1/ovaldefinition/schematron/oval-definitions-schematron.zip
Who's Using It (cont.) • Schematron validation is being integrated into Cross-Domain XML Guards • Radiant Mercury (RM) • http://ftp.fas.org/irp/program/disseminate/radiant_mercury.pdf • Information Support Server Environment (ISSE) • http://www.globalsecurity.org/intell/systems/isse-guard.htm • DataSync Guard (DSG) • BAE Systems • Schematron validation can be used by the XML Guards to perform • co-constraint checking (e.g. classification label checking) • cardinality checking (e.g. dirty word checking) • algorithmic constraint checking (e.g. checksum validation)
Lessons Learned • Validation time can be enhanced 4x by setting the optimize parameter in the ISO Schematron stylesheet. • http://eccnet.eccnet.com/pipermail/schematron-love-in/2007-January/000363.html
Recommendations • Use ISO Schematron to express these data constraints: • Co-constraints • Cardinality checking • Algorithmic checking