14 References
This chapter lists normative and informative references used in the OSIRIS specification.
14.1 Normative references
The following documents are referenced normatively in this specification. Implementers MUST consult these references to fully understand OSIRIS requirements.
RFC2119
Key words for use in RFCs to indicate requirement levels https://www.rfc-editor.org/rfc/rfc2119 Defines the normative keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY and OPTIONAL used throughout this specification.
RFC8259
The JavaScript Object Notation (JSON) data interchange format https://www.rfc-editor.org/rfc/rfc8259 Defines the JSON data format used as the foundation for OSIRIS documents.
RFC3339
Date and time on the internet: Timestamps
https://www.rfc-editor.org/rfc/rfc3339
Defines the timestamp format used in the metadata.timestamp field.
JSON-SCHEMA
JSON Schema: A Media Type for Describing JSON Documents https://json-schema.org/draft/2020-12/json-schema-core Defines the JSON Schema format used for structural validation of OSIRIS documents. The OSIRIS JSON Schema is defined in Appendix A.
SEMVER
Semantic versioning 2.0.0 https://semver.org/spec/v2.0.0.html Defines the versioning scheme used for OSIRIS specification versions (see Chapter 12).
14.2 Informative references
The following documents are referenced informatively for context, comparison or additional guidance. They are not required for implementing OSIRIS but may provide useful background.
OPENAPI
OpenAPI specification v3.1.0 https://spec.openapis.org/oas/v3.1.0 OpenAPI defines API specifications using JSON/YAML. OSIRIS shares similar goals of standardizing data exchange for interoperability.
TOSCA OASIS
OASIS Topology and Orchestration Specification for Cloud Applications (TOSCA) version 2.0 https://docs.oasis-open.org/tosca/TOSCA/v2.0/TOSCA-v2.0.html TOSCA is an OASIS standard for cloud application topology and orchestration. While TOSCA focuses on application orchestration and lifecycle management, OSIRIS focuses on topology description and interchange.
CNCF GLOSSARY
Cloud native glossary https://glossary.cncf.io/ Defines terminology for cloud-native technologies referenced in OSIRIS examples and type taxonomy.
NETCONF
Network configuration protocol (NETCONF) https://www.rfc-editor.org/rfc/rfc6241 NETCONF is a network management protocol. OSIRIS may be used to represent network topologies exported from NETCONF-capable devices.
YANG
The YANG 1.1 data modeling language https://www.rfc-editor.org/rfc/rfc7950 YANG is a data modeling language used with NETCONF. OSIRIS differs by providing a simpler, JSON-based interchange format rather than a modeling language.
BACNET
BACnet data communication protocol for building automation and control networks
https://www.ashrae.org/technical-resources/bookstore/standard-135
BACnet is a protocol for building automation. OSIRIS examples includes OT resource types (e.g. ot.hvac, ot.sensor.environmental) to represent BACnet-controlled devices.
IEC-62443
Security for industrial automation and control systems
https://webstore.iec.ch/publication/7030
IEC 62443 defines security standards for OT/ICS environments. OSIRIS security considerations (Chapter 13) align with defense-in-depth principles from IEC 62443.
GDPR
General Data Protection Regulation (EU) 2016/679
https://gdpr-info.eu/
GDPR governs data protection and privacy in the EU. OSIRIS documents containing infrastructure topology may be subject to GDPR if they include personal data or locations that could identify individuals.
SOC2
Service Organization Control 2 https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/serviceorganizationmanagement.html SOC 2 is a compliance framework for service organizations. OSIRIS documents may serve as audit evidence for infrastructure topology documentation audit.