A New SCAP Information Model and Data Model for Content Authors
The Security Content Automation Protocol (SCAP) data model for source data stream collections standardizes the packaging of security content into self-contained bundles for easy deployment. But no single data model can satisfy all requirements. The source data stream collection data model is not intended to meet the needs of SCAP content authors, and its implementation- specific syntax lacks the ability to express packaging subtleties critical to software developers and content authors alike. This paper defines a new implementation-neutral information model that is both easier to understand and does a better job expressing relationships between objects comprising a source data stream collection. A new authoring data model, derived from the information model, for facilitating implementation of SCAP content development software applications is also defined. Additionally, the paper discusses an application implementing the authoring data model that enables SCAP content developers to create source data stream collections using a friendly and intuitive syntax, which is then transformed into SCAP standard-conforming content.