SCIMI website maintained by

Welcome to the Semantic Cyber Information Modeling Initiative (SCIMI), a community effort to crowdsource open source semantic information models (incl. ontologies and Domain Specific Languages) that facilitates a sharing, integrating, and processing of information about security, privacy, compliance, and other utility concepts.

For now, the initiative is initially founded by ObjectSecurity, a leader in semantic modeling of cyber security. We hope to make this a broader community initiative. Please contact us to join. We provide a community mailing list and online tools to collectively edit the ontology. We are not restricted to OWL, or even traditional ontologies, but will pick the most suitable standards and tools for each purpose.

All contributions will be attributed to their authors.

Want to get involved? JOIN THE EMAIL DISCUSSION LIST (MAILMAN) JOIN THE WIKI (WIKIDOT)

Browse an exemplary draft of a Privacy Domain Specific Language below (the initiative is not at all limited to privacy, or metamodeling!):

Contact Form

More contact Information

CHANGELOG

6/4/15: Set up Wikidot wiki page

6/1/2015: Set up mailman mailing list for discusssions.

4/7/2015: The current draft of the privacy DSL is now documented. You can browse the documentation here. Known issues:
-Need to support policy combiners for policy sets
-Termination conditions need to be modeled better
-lowLevelAttributeType will need to be made specifiable for each attribute to support PBAC
-lowLevelInformationFlow in LowLevelPolicyRuleElementAttribute - clarify what does this attribute would technically look like?
-Info flows across partitions are not easy to specify - maybe express info flows indendent of partitions.
-UseForPurpose duration is just an integer. Time duration needs to be modeled better, incl. time windows

3/31/2015: Finally got a documentation tool for the privacy DSL working. You can browse the documentation here (note: not much there, we will start documenting now)

3/26/2015: The privacy DSL is shaping up quite nicely, with several subpackages that will allow groups to focus on specific areas later. Right now we can capture a funtional system description, (low-level) machine-enforceable privacy requirements (using approximately an OASIS XACML like rule structure with their privacy profile - and more). We also captured numerous privacy concepts such as consent, usage, purpose, processing, further processing, retention, privacy protection mechanisms etc. We are currently still struggling with the (high-level) privacy requirements at this point because the laws/regulations are so broad and fuzzy that it is hard to figure out what the relationship between e.g. "further processing should be appropriate and unsurprising" and a concrete technical privacy rule is. Any help would be appreciated (esp. from people who can bridge privacy law and technology). We are also looking for people who could take a DSL and turn it into OWL, and figure out what the benefits of that would be. And just about anyone else who wwoiuld be interested in contributing (thanks for everyone who signed up so far - we will be in touch once we have developed a basis).

3/18/2015: We started working on a EMF/Ecore based privacy domain specific language (DSL) to capture privacy concepts and privacy requirements policies.