Constraints for `responsible-role` should only check for optional `@party-uuid` when present

[aj-stein-gsa]

Describe the bug

With the current version of OSCAL models (v1.1.3 at the time of this writing), there are constraints that should and do check that there are no dangling UUIDs in responsible-role/@party-uuid so references are correct. However, responsible-role has an optional @party-uuid definition, so the constraint should be checked only when it is set, not for all responsible-role even when it is not set.

OSCAL/src/metaschema/oscal_ssp_metaschema.xml

Lines 732 to 734 in b123c11

	<index-has-key name="index-metadata-party-uuid" target="responsible-role|statement/responsible-role|.//by-component//responsible-role">
	<key-field target="party-uuid"/>
	</index-has-key>

https://github.com/usnistgov/OSCAL/blob/v1.1.3/src/metaschema/oscal_ssp_metaschema.xml#L732-L734

The constraint below currently does the latter, which leads to errors such as those reported in GSA/fedramp-automation#1173.

Who is the bug affecting

Developers using OSCAL-based tooling that process constraints to data cross-reference data integrity checking, specifically in SSPs.

What is affected by this bug

Metaschema

How do we replicate this issue

See GSA/fedramp-automation#1173 for more details.

Expected behavior (i.e. solution)

The constraint only fails to identify responsible-role/@party-uuids that are dangling references when @party-uuid is set, not when it is undefined optionally as expected.

Other comments

No response

Revisions

No response