Update on the OCA Ontology project



Excellent summary. Thank you.


Would it be possible for you to include links to the items you mentioned (eg the use case and the sample graphs)? I know we had them presented to us but it helps to always include the links to save trying to find stuff.


Would it also be possible to add looking at NIEM as a future work item. As NIEM has now moved into OASIS as a parallel project to OCA, they are working on “NIEM6” which includes direct output to Ontology (eg the pic at the bottom of https://www.niem.gov/strategic-initiatives/niem-metamodel-and-common-model-format). I think aligning the cyber domain in NIEM and the ontology work in the OCA would be a good outcome (or at least better than them contradicting each other). Since both are in development now, it’s an opportunity to get the two communities to work together. The benefit to OCA would then be leveraging the OCA work into the other NIEM domains (eg courts, justice, law enforcement, ….) where digital transformation will bring a greater interaction with cyber.



Isn’t Ontology an OCA Subproject? Looking at the subprojects section of https://opencybersecurityalliance.org/, it doesn’t show Ontology. Instead it shows Ontology under “Working Groups”. Wasn’t Ontology one of the two original subprojects along with stixshifter? I believe it’s an important distinction because of the intellectual property and process rules, particularly if Ontology is producing documents (which it is) which might go standards track (which is a possibility Forrest brings up below).



Duncan Sparrell

sFractal Consulting

iPhone, iTypo, iApologize

I welcome VSRE emails. Learn more at http://vsre.info/




From: oca-architecture-wg@... <oca-architecture-wg@...> on behalf of Forrest Hare via lists.oasis-open-projects.org <forrest=sks.ai@...>
Date: Wednesday, January 11, 2023 at 9:01 AM
To: oca-ontology@... <oca-ontology@...>, 'oca-pgb@...' <oca-pgb@...>, oca-architecture-wg@... <oca-architecture-wg@...>
Cc: Featherstone, Ian <Ian.Featherstone@...>, Nelson, Alexander J. (Fed) <alexander.nelson@...>, Ryan Hohimer <ryan.hohimer@...>, ryan.hohimer@... <ryan.hohimer@...>
Subject: [oca-architecture-wg] Update on the OCA Ontology project

OCA PGB and esteemed members,


We seem to have reach some kind of culmination of the work we have been doing for the Ontology sub-group.  I have not been successful at aligning our schedules for a formal update and I will now be unable to make any additional attempts until mid-March.  Therefore, I will provide this summary for consideration.  Ian Featherstone at SAIC remains available for any questions you may have on the work.


So far we have achieved the following:

  1. Developed a use case demonstration to show how an ontology could be employed to integrate data for cyber security and facilitate analytics. 
  2. Constructed a sample knowledge graph of the use case following Basic Formal Ontology principles
  3. Worked with the UCO team to develop a sample graph of the same use case following UCO principles


Way Ahead

  1. Present the two sample graphs to compare expressivity and interoperability
  2. Endorse one (or both?) approaches as an open standard to further cybersecurity integration and collaboration


While I am focused on other things the next few months, the BFO/CCO based cyber ontology development team will continue to press forward with their work under the leadership of Casey Rock at Army I2WD.  DHS has now become an active participant in that effort, along with USCYBERCOM.  I assume Sean Barnum, Alex Nelson, and others will continue their work on the UCO and CASE.  The fundamental difference between the two approaches is that the BFO/CCO work is specifically designed to be interoperable with ontologies developed for related fields like business operations and physical security but has a long way to go to be ready for usage.  On the other hand, the UCO/CASE work is already fully developed but it is only applicable for cybersecurity and forensic analysis.


Have a great new year and I hope to be able to pop up on the net with some regularity starting mid to late March.


Best Regards,



Forrest B. Hare, PhD


Summit Knowledge Solutions, LLC, SDVOSB




The information contained in this e-mail and any attachments from Summit Knowledge Solutions ("SKS") may contain sensitive and/or proprietary information, and is intended only for the named recipient to whom it was originally addressed. If you are not the intended recipient, any disclosure, distribution, or copying of this e-mail or its attachments is strictly prohibited.   If you have received this e-mail in error, please notify the sender immediately by return e-mail and permanently delete the e-mail and any attachments.