First D3FEND-CCO mappings #296
Conversation
added some more low hanging fruit
addressing comments from Giacomo
Update d3fend-cco.ttl
src/ontology/mappings/d3fend-cco.ttl
Outdated
| # An example cco gives of a representational ICE is a transcript, which seems similar to a log. But it might also | ||
| # be considered a descriptive ICE, so for this can be a subclass of ICE. | ||
|
|
||
| d3f:Sensor owl:equivalentClass cco:Sensor . |
There was a problem hiding this comment.
@giacomodecolle , last CCO version I checked a cco:Sensor IS A transducer versus a functional sensor, this is a big problem in my view @giacomodecolle @mark-jensen @johnbeve
Here is how we have the taxonomy in D3FEND, this would be a proposal to refactor CCO:
There was a problem hiding this comment.
Will bring this discussion to Mark and John eventually, I am taking the equivalence out for the moment
src/ontology/mappings/d3fend-cco.ttl
Outdated
| #in order to decide about this mapping, we have to decide whether d3f:DefensiveTechnique and | ||
| # d3f:OffensiveTechnique are acts or more similar to plans. | ||
|
|
||
| d3f:DigitalEvent rdfs:subClassOf <http://purl.obolibrary.org/obo/BFO_0000035> . |
There was a problem hiding this comment.
After discussion, tentatively:
New d3f:Event class equiv to bfo:Process .
New d3f:Action ~ cco:Act
src/ontology/mappings/d3fend-cco.ttl
Outdated
| # Most if not all events in d3fend look like punctual events to me, and thus like BFO_0000035, aka process boundaries. In | ||
| # case that some of them are not, we could map specific subclasses to process or process boundary. | ||
|
|
||
| d3f:Activity rdfs:subClassOf <http://purl.obolibrary.org/obo/BFO_0000015> . |
There was a problem hiding this comment.
OBE, we've deleted d3f:Activity in 0.17.0 , we can delete this.
src/ontology/mappings/d3fend-cco.ttl
Outdated
|
|
||
| # d3fend seems to only refer to human beings with "person", just as CCO does. | ||
|
|
||
| d3f:PhysicalObject rdfs:subClassOf <http://purl.obolibrary.org/obo/BFO_0000030>. |
There was a problem hiding this comment.
We now only have d3f:PhysicalArtifact d3f:PhysicalObject was deleted in 0.17.0
src/ontology/mappings/d3fend-cco.ttl
Outdated
| # other classes in d3fend which are not subclasses of PhysicalObject that fall under | ||
| # BFO:0000030 | ||
|
|
||
| d3f:Technique rdfs:subClassOf cco:DirectiveInformationContentEntity. |
There was a problem hiding this comment.
we can now map d3f:Plan to cco:DirectiveInformationContentEntity or cco:Plan
We do not consider a Technique an Action.
src/ontology/mappings/d3fend-cco.ttl
Outdated
| # Another way to look at this is to see whether d3f:technique are time indexed or not (e.g. my message | ||
| # analysis technique started today at 8 pm) | ||
|
|
||
| d3f:DefensiveTechnique rdfs:subClassOf cco:DirectiveInformationContentEntity. |
src/ontology/mappings/d3fend-cco.ttl
Outdated
|
|
||
| #see d3f:Technique | ||
|
|
||
| d3f:OffensiveTechnique rdfs:subClassOf cco:DirectiveInformationContentEntity. |
src/ontology/mappings/d3fend-cco.ttl
Outdated
| # will become subclasses of cco:InformatioContentEntity, and thus of the d3f:InformationContentEntity class | ||
| # as well. For example, if | ||
|
|
||
| d3f:Log rdfs:subClassOf cco:InformationContentEntity . |
There was a problem hiding this comment.
we have modeled log as a bearing entity.
We have also modeled record as a bearing entity but this is debatable.
There was a problem hiding this comment.
I have been thinking about some of the content/bearing entity distinctions. Despite what some classes in CCO and C3O do, if something doesn't have properties like weight and spatial extension, I think it should go under the content entity part of the hierarchy. Perhaps a discussion for a future meeting.
src/ontology/mappings/d3fend-cco.ttl
Outdated
| # A subclass of sensor they include is cyber sensor, which might be referring to programs which are ICEs. | ||
| # If this is the case, this class is not equivalent to cco:Sensor, which is only about physical entities. | ||
|
|
||
| d3f:Artifact rdfs:subClassOf <http://purl.obolibrary.org/obo/BFO_0000002> . |
src/ontology/mappings/d3fend-cco.ttl
Outdated
| # which can have capabilities. If this is the case, we should use a broader capability class from some neighboring | ||
| # BFO ontology. | ||
|
|
||
| d3f:DigitalObject rdfs:subClassOf <http://purl.obolibrary.org/obo/BFO_0000002> . |
src/ontology/mappings/d3fend-cco.ttl
Outdated
|
|
||
| #obo:BFO_0000002 aka "continuant". What is the difference between d3f:DigitablObject and d3f:Information Content Entity? | ||
|
|
||
| d3f:Monitoring rdfs:subClassOf cco:ActOfObservation . |
src/ontology/mappings/d3fend-cco.ttl
Outdated
| # cco:ActOfObservation mentions "senses" which might or might not be the case for | ||
| # d3f:monitoring, which on the other hand might involve information processing monitoring procedures which are not tied to senses. | ||
|
|
||
| d3f:AnalysisOfAlternatives rdfs:subClassOf cco:Act . |
There was a problem hiding this comment.
Correct but i think cco has something more specific
src/ontology/mappings/d3fend-cco.ttl
Outdated
| #The definition of Identifier says it's a name, but Designative ICEs include non-name identifiers. | ||
| #I therefore made identifier a subclass rather than equivalent to Designative ICE. | ||
|
|
||
| d3f:JobSchedule rdfs:subClassOf cco:Plan . |
There was a problem hiding this comment.
This isn't going to make a problem, but its hard to imagine a reasonable use case for this.
|
Solved some of the issues discussed in comments, and updated identifiers to the new opaque identifiers adopted by CCO 2.0
Solving issues discussed in the last call and updating to opaque identifier in CCO 2.0
Solving issues discussed in the last call and updating to the opaque identifiers from CCO 2.0.
|
I went through comments from last meeting and updated to new CCO identifiers. Apologies for the three commits, there was something messed up on my end of things. By next meeting, I will work on some new mappings for the remaining core classes. |
src/ontology/mappings/d3fend-cco.ttl
Outdated
|
|
||
|
|
||
| d3f:Technique rdfs:subClassOf <https://www.commoncoreontologies.org/ont00000974> . | ||
| #cco org/ont00000974 is cco Plan. |
There was a problem hiding this comment.
In the new version of D3FEND Core we have Plan. It may make sense to just map d3f:Plan to cco:Plan.
We make a distinction between technique and procedure, both we've categorized as plans. Technique is a less defined type of plan than procedure. Like a meta-plan if that makes sense.
We're trying to disambiguate some terminology which has military roots: Tactics, Techniques, and Procedures.
Deleting technique mapping, adding CCO 2.0
Updating according to last comments on PR
Adding mappings
src/ontology/mappings/d3fend-cco.ttl
Outdated
| @@ -35,13 +46,43 @@ d3f:DigitalArtifact rdfs:subClassOf <http://purl.obolibrary.org/obo/BFO_0000002> | |||
| # subclass of "information bearing artifact" which is "independent | |||
| # continuant" in BFO. | |||
|
|
|||
| d3f:Action rdfs:subClassOf cco:Act . | |||
| d3f:System owl:equivalentClass [ owl:intersectionOf ( <http://purl.obolibrary.org/obo/BFO_0000027> | |||
There was a problem hiding this comment.
convert to sublcass of rather than equiv...
src/ontology/mappings/d3fend-cco.ttl
Outdated
| d3f:Event owl:equivalentClass <http://purl.obolibrary.org/obo/BFO_0000015> . | ||
| # Equivalent to BFO_0000015 aka process. | ||
|
|
||
| d3f:DigitalEvent rdfs:subClassOf [ owl:intersectionOf ( <http://purl.obolibrary.org/obo/BFO_0000015> |
There was a problem hiding this comment.
add we mean both ICE and IBA
src/ontology/mappings/d3fend-cco.ttl
Outdated
|
|
||
| # This might be made more precise depending on the children classes. See some examples in the comments below. | ||
|
|
||
| # d3f:Execution rdfs:subClassOf <http://purl.obolibrary.org/obo/BFO_0000015> . |
src/ontology/mappings/d3fend-cco.ttl
Outdated
| # d3f:Execution rdfs:subClassOf <http://purl.obolibrary.org/obo/BFO_0000015> . | ||
| # where BFO 0000015 is process. Although, wouldn't this just make d3f:Execution better suited as a digital event? | ||
|
|
||
| d3f:InformationContentEntity owl:equivalentClass <https://www.commoncoreontologies.org/ont00000958> . |
There was a problem hiding this comment.
d3f:InformationContentEntity will be deprecated, please remove this line.
src/ontology/mappings/d3fend-cco.ttl
Outdated
| # will become subclasses of cco:InformationContentEntity, and thus of the d3f:InformationContentEntity class | ||
| # as well if we keep the equivalence relation. | ||
|
|
||
| d3f:Log rdfs:subClassOf <https://www.commoncoreontologies.org/ont00000958> . |
src/ontology/mappings/d3fend-cco.ttl
Outdated
| #d3f:Sensor owl:equivalentClass cco:Sensor . | ||
| #waiting to discuss this given discussion on transducers | ||
|
|
||
| d3f:Capability owl:equivalentClass <https://www.commoncoreontologies.org/ont00001379> . |
There was a problem hiding this comment.
Lets remove this for now. Catalog things are going to be deprecated.
src/ontology/mappings/d3fend-cco.ttl
Outdated
| d3f:PhysicalLocation rdfs:subClassOf <http://purl.obolibrary.org/obo/BFO_0000029> . | ||
| # BFO 0000029 is site | ||
|
|
||
| d3f:AnalysisOfAlternatives rdfs:subClassOf <https://www.commoncoreontologies.org/ont00000228> . |
There was a problem hiding this comment.
Lets remove this for now. Catalog things are going to be deprecated.
src/ontology/mappings/d3fend-cco.ttl
Outdated
|
|
||
| #This also seems to be an act, or a planned act. | ||
|
|
||
| d3f:Assessment rdfs:subClassOf <https://www.commoncoreontologies.org/ont00000636> . |
There was a problem hiding this comment.
Lets remove this for now. Catalog things are going to be deprecated.
Fixing after discussion for 1.0
First mappings between D3FEND and CCO, developed with @johnbeve and @Finn1928.