-
Notifications
You must be signed in to change notification settings - Fork 0
ADR 007 Scope as First Class RDF Resource
Status: Accepted Date: 2026-05-16 Deciders: Michael Zargham Related: ADR-004 Quantitative Certification Outcome; ADR-016 Composable SHACL Profiles; Analysis Layer Scope Algebra; Design Spec
Certification is rarely "the whole project" — it is a named institutional commitment to a specific slice: "the safety-critical subsystem as of milestone M3," "the compliance scope for regulatory submission R-17," "the FY26-Q3 cert run." Each named scope has its own coverage matrix, its own attestation requirements, its own audit consumers. If scope is left as an oracle-config flag (passed at run time, not stored), then named scopes cannot be referenced from attestations, cannot be queried historically, and cannot compose into derived scopes (e.g., "the union of safety-critical and security-critical scopes"). The question is whether scope is a first-class RDF resource with its own composition algebra, or an external parameter. See Design Spec §5.3 and Analysis Layer Scope Algebra.
flexo-rtm v0.1 models Scope as a first-class RDF resource: rtm:Scope instances are stored in the canonical graph, carry IRIs, are referenced from attestations and audit reports, and compose via an explicit scope algebra (union, intersection, difference, named-membership). Coverage metrics (see ADR-004 Quantitative Certification Outcome) and cert reports are always produced per scope.
- Scopes are nameable, queryable, attestable, historically referenceable — the institutional unit of accountability becomes a first-class concept
- Scope algebra (union, intersection, difference) gives institutions a principled way to combine certification commitments (e.g., "the cert artifact for the union of safety and security scopes") without ad-hoc scripting
- Attestations can reference the scope they apply to —
rtm:AdequacyAttestationagainstrtm:Scopebecomes a queryable fact - SHACL profiles (see ADR-016 Composable SHACL Profiles) can be scope-conditional — "for scope S, require the
signed-commitsprofile" — without baking scope into the profile vocabulary itself
- Scope as RDF means scope definitions have to be authored and maintained as institutional records, not just passed at run time — more governance surface
- Scope algebra is an additional concept adopters must learn; "what scope are we asking about?" becomes a question every audit-time interaction has to answer
- Coverage metrics are always per-scope, never global — institutions wanting a single global number have to define the global scope explicitly
- Scope-as-RDF maps cleanly onto the three-layer architecture (see ADR-006 Three-Layer Architecture): scope definitions live in storage; analysis queries are parameterized by scope; operational UX surfaces scope as a context for every interaction
- Scope as oracle config flag (not stored): Pass scope as a CLI/API parameter at run time; do not store scope definitions in the graph. Rejected: scope is the institutional unit of accountability — every cert artifact, every audit report, every attestation is about a scope. If scope is not in the graph, then those facts cannot reference it, cannot be queried historically, and cannot be composed. The institutional adoption story collapses without queryable named scopes.
- Scope per cert run only: Define scopes ephemerally per cert run; do not persist them. Rejected: cert runs need to be reproducible (see ADR-025 Reproducibility is Structural and Local), and reproduction requires the scope definition to be available at audit time, not just at the original run time. Ephemeral scopes break reproducibility.
rtm:Scope is defined in the v0.1 ontology with properties for named-membership (rtm:scopeIncludes, rtm:scopeExcludes) and algebra composition (rtm:scopeUnion, rtm:scopeIntersection, rtm:scopeDifference). The analysis layer (oracle/src/oracle/analysis/) parameterizes all coverage queries by rtm:Scope IRI. Attestations carry a rtm:appliesToScope property where applicable. See Analysis Layer Scope Algebra for the SPARQL recipes that implement scope composition.
- Design Spec §5.3 (Scope Algebra), §7.4 (Scope-Parameterized Coverage)
- Analysis Layer Scope Algebra — the canonical scope-algebra documentation
- ADR-004 Quantitative Certification Outcome — coverage metrics are scope-parameterized
- ADR-016 Composable SHACL Profiles — profile selection can be scope-conditional
- Flexo Git Coexistence
- ADCS Prototype Lessons
- MVC Pattern from RIME TRL ANT
- Human-AI Accountability
- Multi-Agent Discourse Graph Precedent
- OSLC RM and QM Review
- INCOSE V2 Review
- OMG SysMLv2
- PROV EARL GSN P-PLAN
- Dragon Architecture and Mission Enterprise
- Traditional Forward and Backward Analysis
- Attestation Infrastructure in v0.1
- Identity Boundaries and Policy Projections
- External URI References
- Signed Envelopes and Established Standards
- Aspect Coverage with Adequacy and Sufficiency
- Federated Audit and Composition
- Certification Predicate
- Gap Taxonomy
- Quantitative Outcomes
- Engineering Lifecycle Stages (v0.2)
- Topological Framework Future Work (research phase)
- Vertices Edges Faces (research phase)
- Three-Layer Architecture
- Operational Layer UX Discipline
- Storage Layer Flexo Conventions
- Analysis Layer Scope Algebra
- OSLC Roundtrip Acceptance
- Identity Adapter Contract
- Flexo REST Binding
- SysMLv2 Ingestion Contract
- External URI Rules
- Signed Envelope Shapes
- Parsimony Manifest
- Lossless Roundtrip Definition
- Vendor Extension Carry-Through
- OSLC RM Adapter Contract
- OSLC QM Adapter Contract
- ADR Template
- ADR-001 Foundations First Approach
- ADR-002 SysMLv2 Anchoring
- ADR-003 Topological Framework Documented as Future Work
- ADR-003a v0.1 Ships Traditional Analysis Only
- ADR-004 Quantitative Certification Outcome
- ADR-005 Adequacy and Sufficiency as Guidance Subtypes
- ADR-006 Three-Layer Architecture
- ADR-007 Scope as First-Class RDF Resource
- ADR-008 Repo Name and Org Transfer Plan
- ADR-009 Two-Repo Strategy
- ADR-010 OSLC-RM and OSLC-QM in v0.1
- ADR-011 Lossless Criterion A plus C
- ADR-012 Direct RDF Properties over Reified Edges
- ADR-013 Simplicial Complex as Derived View When Built
- ADR-014 Parsimony Layer Build-Time Extraction
- ADR-015 GSN Adoption for Adequacy and Sufficiency
- ADR-016 Composable SHACL Profiles
- ADR-017 knowledgecomplex as Optional Extras
- ADR-018 V minus F Invariant Deferred with Topological Framework
- ADR-019 Derived Binary View from Quantitative Metrics
- ADR-020 Vocabulary Alignment with Zargham 2026
- ADR-021 Three Attestation Subclasses Ship in v0.1
- ADR-022 External URI References as Open-Source Foundation
- ADR-023 Cryptography by Composition of Battle-Tested Standards
- ADR-024 Identity by Thin Projection of External Sources
- ADR-025 Reproducibility is Structural and Local
- ADR-026 Cryptographic Agility via Algorithm Profiles
- ADR-027 Bit-Exactness vs Numerical Tolerances Are Both First-Class
- ADR-028 Scope-Level Adequacy and Sufficiency for Federated Audit
- ADR-029 Engineering Lifecycle Stages as Scope Metadata
- ADR-030 Polycentric ASOT Authority Model
- ADR-031 Attestation Status Pass Fail Deferred Deprecated
- ADR-032 Methodology Agnosticism as Foundational Axiom
- ADR-033 Generalized ASOT Principle for All Identified Things