Ray Gauss II

One could imagine the evolution of a [REST API](https://github.com/EasyDynamics/oscal-rest) to include things like adding a new control to a group, i.e.: ``` POST /catalogs/{catalogId}/groups/{groupId}/controls ``` and that existing group could...

At a high level I think we want the REST API `GET` endpoints (which I think is what you mean above) to directly align with the OSCAL data models as...

> You described this better than I did. I know this is kludgey, but until 2.0 time frame, what would stop the API specification and developers from allowing `{groupId}` to...

Hi @flickerfly, thanks for raising the issue. Are you envisioning things like: ``` GET /catalogs/{catalogId}/controls/{controlId} GET /catalogs/{catalogId}/groups/{groupId}/controls/{controlId} ``` which would probably require related: ``` GET /catalogs/{catalogId}/controls GET /catalogs/{catalogId}/groups GET /catalogs/{catalogId}/groups/{groupId}/controls...

> I'm thinking more about looking up controls by something like NIST 800-53 name like ia-3 or the like. Yes, in the proposed endpoints above, for 800-53 rev 4 that...

> My use would often have catalogs that are derivatives of 800-53r4 for a specific situation Ah, OK, that's typically represented as an [OSCAL Profile](https://pages.nist.gov/OSCAL/concepts/layer/control/profile/) which is then used by...

Hi @flickerfly, we have something similar around this coming soon. Once that's released let's see if it fits your needs and revisit this issue.

Hi @flickerfly, we'd love to flesh out some of the use cases there, particularly those references/relationships that may not be clearly defined enough with the existing OSCAL model. Can you...

Migrated from Jira

> I actually started a discussion at NIST OSCAL's repo on this as I was trying to figure out what was going on. usnistgov/OSCAL#1057 Thanks @flickerfly, just added another comment...