Need ability to represent producer-asserted maturity status of any domain object

[Bradichus]

Background

UCO currently lacks any mechanism for a producer to explicitly assert the maturity status of a UcoObject to help manage status of maturation of the object and to provide context to any consumers on how they should view and treat the object. A mechanism is needed to assert such status on any UcoObject to at a minimum convey if the object is "Draft"(the object is asserted by the producer to be in an incomplete or evolving state that should not be treated as operationally valid), "Final"(the object is asserted by the producer to be in a state that is complete and correct enough to be treated as operationally valid), or "Deprecated"(the object is asserted by the producer to have no current or future significance while not invalidating any past significance).

Requirements

Requirement 1

UcoObject MUST be able to express a object producer asserted maturity status of 'draft' for the object.

Requirement 2

UcoObject MUST be able to express a object producer asserted maturity status of 'final' for the object.

Requirement 3

UcoObject MUST be able to express a object producer asserted maturity status of 'deprecated' for the object.

Requirement 4

A single UcoObject MUST be able to have different asserted maturity status at different times.

Requirement 5

UcoObject MUST have at most a single maturity status asserted at any given time.

Risk / Benefit analysis

Benefits

Improved context for consumers

Consumers of UCO will have a clearer understanding of the maturity level of each UcoObject. The maturity status directly communicates whether an object is considered operationally valid. This aids consumers in deciding whether to rely on specific UcoObjects for their cybersecurity operations.

Simplified Object Lifecycle Management

With a maturity status mechanism, producers can explicitly declare the state of their objects, helping them and other stakeholders track the progress and evolution of cyber information. Objects can be marked as "Deprecated" when they are no longer significant, streamlining the process of identifying and handling outdated information without invalidating historical references.

Risks

• Introducing a maturity status mechanism may add complexity to the UCO framework, leading to increased management overhead.

Competencies demonstrated

Competency 1

Ability to query graph of CDO content to identify "Draft" state object, "Final" state objects and any derivation-based relationships between them.

Competency Question 1.1

What are all objects in this CASE investigation's chain of custody that are designated as "Final," but derived from some "Draft" object?

Result 1.1

Solution suggestion

Implementation of the proposed solution is available in #549

Within the core namespace:

• Add new vocabulary:ObjectStatusVocab vocabulary
• Add new core:objectStatus property as xsd:string
• Add new associated property shapes on core:UcoObject for core:objectStatus with cardinality max=1

Solution discussion

The proposed new core:objectStatus provides a simple mechanism for expressing object maturity (Requirement 1).

core:objectStatus a owl:DatatypeProperty ;
    rdfs:comment "The current state of formality and acceptance for a UCO object."@en-US ;
    rdfs:label "Object Status"@en-US ;
    rdfs:range [
        a rdfs:Datatype ;
        owl:unionOf (
            xsd:string
            vocabulary:ObjectStatusVocab
        ) ;
    ] ;
.

The proposed new vocabulary:ObjectStatus provides capability to support Requirement 1.

vocabulary:ObjectStatusVocab
    a rdfs:Datatype ;
    rdfs:label "Object Status Vocabulary"@en-US ;
    owl:equivalentClass [
        a rdfs:Datatype ;
        owl:onDatatype xsd:string ;
        owl:oneOf (
            "Draft"^^vocabulary:ObjectStatusVocab
            "Final"^^vocabulary:ObjectStatusVocab
            "Deprecated"^^vocabulary:ObjectStatusVocab
        ) ;
    ] ;
.

The proposed new associated property shapes on core:UcoObject for core:objectStatus

[
                sh:datatype vocabulary:ObjectStatusVocab ;
                sh:message "Value is outside the default vocabulary ObjectStatusVocab." ;
                sh:path core:objectStatus ;
                sh:severity sh:Info ;
        ] ,
        [
                sh:maxCount "1"^^xsd:integer ;
                sh:nodeKind sh:Literal ;
                sh:or (
                    [
                        sh:datatype vocabulary:ObjectStatusVocab ;
                    ]
                    [
                        sh:datatype xsd:string ;
                    ]
                ) ;
                sh:path core:objectStatus ;
        ] ,
        [
                sh:message "Value is not member of the vocabulary ObjectStatusVocab." ;
                sh:or (
                    [
                        sh:datatype vocabulary:ObjectStatusVocab ;
                        sh:in (
                            "Draft"^^vocabulary:ObjectStatusVocab
                            "Final"^^vocabulary:ObjectStatusVocab
                            "Deprecated"^^vocabulary:ObjectStatusVocab
                        ) ;
                    ]
                    [
                        sh:datatype xsd:string ;
                    ]
                ) ;
                sh:path core:objectStatus ;
        ]

Coordination

• Tracking in Jira ticket OCUCO-307
• [x] Administrative review completed, proposal announced to Ontology Committees (OCs) on 2024-06-04
• [x] Requirements to be discussed in OC meeting, 2024-05-30
• [x] Requirements to be discussed in OC meeting, 2024-06-25
• [x] Requirements Review vote occurred, passing, on 2024-06-25
• [x] Requirements development phase completed.
• [ ] Address the question of "rejected" objects
• [ ] Solution announced to OCs on TODO-date
• [ ] Solutions Approval to be discussed in OC meeting, date TBD
• [ ] Solutions Approval vote has not occurred