Skip to content

Provide an optional JSON-LD @context profile for RDX to enable semantic linking #69

Description

@github-actions

Motivation

Interoperation with external taxonomies (CWE, ATT&CK, CVE), Semantic Web tooling and cross-repository queries is easier when RDX documents optionally express a JSON-LD context. CycloneDX already has a property taxonomy and many consumers adopt name/value properties; a lightweight RDX JSON-LD profile allows unambiguous URIs for core terms, makes mapping to schema.org and ATT&CK explicit, and improves discoverability for graph-based tools without breaking existing validators.

Proposed change

  1. JSON-LD context
  • Add an optional top-level field in JSON encoding: @context (object or URL) that points to spec/json/rdx.context.json by default. The context will map common RDX properties to stable IRIs, e.g., "cveId": "https://cve.mitre.org/data-definitions#CVE", "attackPath": "https://asrg.org/rdx#attackPath", or reuse established vocabularies like schema:SoftwareApplication for item definitions where applicable.

  • Provide spec/json/rdx.context.json with mappings for: itemDefinition.id/title, assets, threatScenarios.targetedAssetIds, attackPaths, attackSteps, controls, calAssessments, tafAssessments, cvss/cve fields and other high-value keys.

  1. Backwards compatibility and validation
  • The presence of @context MUST be optional. Existing tooling that does not process JSON-LD will ignore @context by spec. The JSON Schema MUST accept an @context field (string | object) without failing validation.
  1. Examples & tooling
  • Add an example examples/rdx-jsonld-example.json showing use of @context and a small query example (e.g., JQ or SPARQL snippet) in methodology docs that demonstrates extracting all CVE IDs.

  • Update tools/validate.sh to accept @context in examples (no semantic validation required).

  1. Use-cases
  • Enable simple semantic queries across RDX documents (e.g., find all RDX docs that reference ATT&CK technique T1210).
  1. New requirement: RDX-118 (new requirement): "Support optional JSON-LD @context to enable semantic linking to external vocabularies and taxonomies (CWE, ATT&CK, CVE, schema.org)." Add to REQUIREMENTS.md.

References

Acceptance criteria

  • Add spec/json/rdx.context.json defining a minimal recommended context mapping for high-value RDX keys.
  • Update spec/json/rdx.schema.json to allow an optional @context (string|object) top-level property without failing validation.
  • Example: examples/rdx-jsonld-example.json containing @context and demonstrating mapping to ATT&CK/CVE IRIs.
  • Documentation: methodology/Methodology.md updated with examples showing how to use the context and a short SPARQL/JQ query demonstrating interoperability.
  • CI: validate script accepts the new example; tests ensure @context presence is allowed and that the canonical context file exists in spec/json/.

Generated by tools/ai_idea_scout.py via the AI Idea Scout workflow.
Review the proposal, refine the title/body/labels, and close if not desired.

Metadata

Metadata

Assignees

No one assigned

    Labels

    ai-proposalProposed by the AI idea scout; needs human reviewenhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions