diff --git a/ChangeLog b/ChangeLog
index d98ad26..43c39c3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,9 +1,27 @@
2022-08-31
+ * ONT-295: Release CASE 1.0.0, with release notes at https://caseontology.org/releases/1.0.0/
+ * (761b058): Adopt UCO 1.0.0
+ * (40c4ba1): UCO Issue 430: Require non-blank nodes in graph data
+ * (33a0c3e): UCO Issue 437: Adopt priorVersion practice prepared for UCO 1.0.0
* ONT-410: Release CASE 0.7.1, with release notes at https://caseontology.org/releases/0.7.1/
* (5b8c03f): UCO Issue 437: Adopt UCO 0.9.1
* (e673017): UCO OC-217, CP-107: Revise ontology IRI to be slash-based and drop IRI base
* (0e7337e): UCO Issue 437: Adopt versionIRI practice prepared for UCO 0.9.1
+2022-08-30
+ * (d9db048): CASE Issue 106: Removed legacy requirements.txt
+
+2022-08-23
+ * (25bc31e): CASE Issue 98: Change minCount from 1 to 0 on multiple properties on Investigation object
+ * (8c4322c): ONT-467: Vocabulary datatypes are OWL-syntactically incomplete (Fix OWL syntax of CASE datatype)
+
+2022-08-22
+ * (52834ea): UCO Issue 406: UCO should perform OWL 2 DL review with SHACL-SPARQL
+ * (cd82078): UCO OC-217, CP-107: Revise ontology IRI to be slash-based and drop IRI base
+ * (4f4731f): UCO Issue 387: Adapt for UCO files being under different directories
+ * (a495369): UCO CP-100: Apply semi-open vocabulary patterns
+ * (2a5af00): UCO Issue 424: Replace UCO glom_graph.py reference with rdfpipe
+
2022-06-17
* ONT-476: Release CASE 0.7.0, with release notes at https://caseontology.org/releases/0.7.0/
diff --git a/dependencies/UCO b/dependencies/UCO
index 7cd1b56..1ffc719 160000
--- a/dependencies/UCO
+++ b/dependencies/UCO
@@ -1 +1 @@
-Subproject commit 7cd1b561804a0bec552e10397f8442b07a8f51b7
+Subproject commit 1ffc719e06b81a5d521366f11bd247d390fcad6f
diff --git a/ontology/investigation/investigation.ttl b/ontology/investigation/investigation.ttl
index 63165cb..4ea2d26 100644
--- a/ontology/investigation/investigation.ttl
+++ b/ontology/investigation/investigation.ttl
@@ -1,6 +1,6 @@
-# imports: https://ontology.caseontology.org/case/vocabulary/0.7.1
-# imports: https://ontology.unifiedcyberontology.org/uco/action/0.9.1
-# imports: https://ontology.unifiedcyberontology.org/uco/role/0.9.1
+# imports: https://ontology.caseontology.org/case/vocabulary/1.0.0
+# imports: https://ontology.unifiedcyberontology.org/uco/action/1.0.0
+# imports: https://ontology.unifiedcyberontology.org/uco/role/1.0.0
@prefix investigation: .
@prefix owl: .
@@ -18,12 +18,14 @@
rdfs:label "investigation"@en ;
rdfs:comment "This ontology defines key concepts, and their associated properties and relationships, for characterizing cyber-investigations in the broadest range of contexts, including security incidents, criminal investigations, civil and regulatory matters, intelligence operations, international disputes, accident inquiries, policy violations, and others." ;
owl:imports
- vocabulary:0.7.1 ,
- uco-action:0.9.1 ,
- uco-role:0.9.1
+ vocabulary:1.0.0 ,
+ uco-action:1.0.0 ,
+ uco-role:1.0.0
;
+ owl:incompatibleWith investigation:0.7.1 ;
owl:ontologyIRI ;
- owl:versionIRI investigation:0.7.1 ;
+ owl:priorVersion investigation:0.7.1 ;
+ owl:versionIRI investigation:1.0.0 ;
.
investigation:Attorney
@@ -61,13 +63,11 @@ investigation:Authorization
[
sh:datatype xsd:string ;
sh:maxCount "1"^^xsd:integer ;
- sh:minCount "1"^^xsd:integer ;
sh:nodeKind sh:Literal ;
sh:path investigation:authorizationType ;
] ,
[
sh:datatype xsd:string ;
- sh:minCount "1"^^xsd:integer ;
sh:nodeKind sh:Literal ;
sh:path investigation:authorizationIdentifier ;
]
@@ -136,9 +136,38 @@ investigation:Investigation
] ,
[
sh:datatype vocabulary:InvestigationFormVocab ;
+ sh:message "Value is outside the default vocabulary InvestigationFormVocab." ;
+ sh:path investigation:investigationForm ;
+ sh:severity sh:Info ;
+ ] ,
+ [
sh:maxCount "1"^^xsd:integer ;
- sh:minCount "1"^^xsd:integer ;
sh:nodeKind sh:Literal ;
+ sh:or (
+ [
+ sh:datatype vocabulary:InvestigationFormVocab ;
+ ]
+ [
+ sh:datatype xsd:string ;
+ ]
+ ) ;
+ sh:path investigation:investigationForm ;
+ ] ,
+ [
+ sh:message "Value is not member of the vocabulary InvestigationFormVocab." ;
+ sh:or (
+ [
+ sh:datatype vocabulary:InvestigationFormVocab ;
+ sh:in (
+ "case"^^vocabulary:InvestigationFormVocab
+ "incident"^^vocabulary:InvestigationFormVocab
+ "suspicious-activity"^^vocabulary:InvestigationFormVocab
+ ) ;
+ ]
+ [
+ sh:datatype xsd:string ;
+ ]
+ ) ;
sh:path investigation:investigationForm ;
]
;
@@ -262,7 +291,13 @@ investigation:investigationForm
a owl:DatatypeProperty ;
rdfs:label "investigationForm"@en ;
rdfs:comment "A label categorizing a type of investigation (case, incident, suspicious-activity, etc.)"@en ;
- rdfs:range vocabulary:InvestigationFormVocab ;
+ rdfs:range [
+ a rdfs:Datatype ;
+ owl:unionOf (
+ vocabulary:InvestigationFormVocab
+ xsd:string
+ ) ;
+ ] ;
.
investigation:investigationStatus
diff --git a/ontology/master/case.ttl b/ontology/master/case.ttl
index 7a9f141..b44dbb5 100644
--- a/ontology/master/case.ttl
+++ b/ontology/master/case.ttl
@@ -1,6 +1,6 @@
-# imports: https://ontology.caseontology.org/case/investigation/0.7.1
-# imports: https://ontology.caseontology.org/case/vocabulary/0.7.1
-# imports: https://ontology.unifiedcyberontology.org/uco/uco/0.9.1
+# imports: https://ontology.caseontology.org/case/investigation/1.0.0
+# imports: https://ontology.caseontology.org/case/vocabulary/1.0.0
+# imports: https://ontology.unifiedcyberontology.org/uco/uco/1.0.0
@prefix dct: .
@prefix owl: .
@@ -17,12 +17,14 @@
rdfs:comment "The Cyber-investigation Analysis Standard Expression (CASE) ontology is a community-developed standard that defines concepts used in a broad range of cyber-investigation domains, including digital forensic science, incident response, counter-terrorism, criminal justice, forensic intelligence, and situational awareness. CASE includes all aspects of the digital forensic process, from evidence-gathering and chain of custody, to generating a final report. The goal is to increase sharing and interoperability of cyber-investigation information among organizations and between forensic analytic tools. CASE aligns with and extends the Unified Cyber Ontology (UCO). The preferred namespace abbreviation for this ontology is: case-master."@en ;
dct:title "Cyber-investigation Analysis Standard Expression (CASE)"@en ;
owl:imports
- ,
- ,
-
+ ,
+ ,
+
;
+ owl:incompatibleWith ;
owl:ontologyIRI ;
- owl:versionIRI ;
- owl:versionInfo "0.7.1" ;
+ owl:priorVersion ;
+ owl:versionIRI ;
+ owl:versionInfo "1.0.0" ;
.
diff --git a/ontology/vocabulary/vocabulary.ttl b/ontology/vocabulary/vocabulary.ttl
index ab690c4..9a6a19a 100644
--- a/ontology/vocabulary/vocabulary.ttl
+++ b/ontology/vocabulary/vocabulary.ttl
@@ -7,19 +7,24 @@
a owl:Ontology ;
rdfs:label "vocabularies"@en ;
+ owl:incompatibleWith vocab:0.7.1 ;
owl:ontologyIRI ;
- owl:versionIRI vocab:0.7.1 ;
+ owl:priorVersion vocab:0.7.1 ;
+ owl:versionIRI vocab:1.0.0 ;
.
vocab:InvestigationFormVocab
a rdfs:Datatype ;
- rdfs:subClassOf rdfs:Resource ;
rdfs:label "Investigation Form Vocabulary"@en-US ;
rdfs:comment "Defines an open-vocabulary of investigation forms."@en-US ;
- owl:oneOf (
- "case"^^vocab:InvestigationFormVocab
- "incident"^^vocab:InvestigationFormVocab
- "suspicious-activity"^^vocab:InvestigationFormVocab
- ) ;
+ owl:equivalentClass [
+ a rdfs:Datatype ;
+ owl:onDatatype xsd:string ;
+ owl:oneOf (
+ "case"^^vocab:InvestigationFormVocab
+ "incident"^^vocab:InvestigationFormVocab
+ "suspicious-activity"^^vocab:InvestigationFormVocab
+ ) ;
+ ] ;
.
diff --git a/requirements.txt b/requirements.txt
deleted file mode 100644
index 5f3c02f..0000000
--- a/requirements.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-html5lib==0.999999999
-isodate==0.5.4
-keepalive==0.5
-pyparsing==2.1.10
-rdflib==4.2.1
-six==1.10.0
-SPARQLWrapper==1.7.6
-webencodings==0.5
diff --git a/tests/Makefile b/tests/Makefile
index 3e13eb4..e7d0760 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -18,7 +18,11 @@ top_srcdir := $(shell cd .. ; pwd)
PYTHON3 ?= $(shell which python3.9 2>/dev/null || which python3.8 2>/dev/null || which python3.7 2>/dev/null || which python3.6 2>/dev/null || which python3)
case_turtle_files := $(shell /bin/ls $(top_srcdir)/ontology/*/*.ttl)
-uco_turtle_files := $(shell /bin/ls $(top_srcdir)/dependencies/UCO/ontology/*/*.ttl)
+uco_turtle_files := $(shell /bin/ls $(top_srcdir)/dependencies/UCO/ontology/*/*.ttl $(top_srcdir)/dependencies/UCO/ontology/*/*/*.ttl)
+
+uco_imported_ontology_files := \
+ $(top_srcdir)/dependencies/UCO/dependencies/collections-ontology/collections.owl \
+ $(top_srcdir)/dependencies/UCO/dependencies/error/docs/current/error.owl
all:
@@ -56,30 +60,38 @@ all:
case_monolithic.ttl: \
$(top_srcdir)/.lib.done.log \
- $(top_srcdir)/dependencies/UCO/tests/src/glom_graph.py \
$(case_turtle_files) \
$(uco_turtle_files) \
.shapes.done.log
source venv/bin/activate \
- && python3 $(top_srcdir)/dependencies/UCO/tests/src/glom_graph.py \
- __$@ \
+ && rdfpipe \
+ --output-format turtle \
$(case_turtle_files) \
- $(uco_turtle_files)
- # Review CASE for OWL 2 DL versioning conformance.
+ $(uco_turtle_files) \
+ > __$@
+ # Review CASE closure for versioning consistency.
+ source venv/bin/activate \
+ && rdfpipe \
+ __$@ \
+ $(imported_ontology_files) \
+ > ___$@
source venv/bin/activate \
&& pyshacl \
--data-file-format turtle \
--format turtle \
--inference none \
- --shacl $(top_srcdir)/dependencies/UCO/tests/shapes/uco-owl.ttl \
+ --shacl $(top_srcdir)/dependencies/UCO/tests/shapes/uco-closure-qc.ttl \
--shacl-file-format turtle \
- __$@
+ ___$@
+ # Test has passed; remove closure file.
+ rm ___$@
+ # Review CASE for practice conformance.
source venv/bin/activate \
&& pyshacl \
--data-file-format turtle \
--format turtle \
--inference none \
- --shacl $(top_srcdir)/dependencies/UCO/tests/shapes/uco-closure-qc.ttl \
+ --shacl $(top_srcdir)/dependencies/UCO/tests/shapes/uco-qc.ttl \
--shacl-file-format turtle \
__$@
source venv/bin/activate \
@@ -87,15 +99,16 @@ case_monolithic.ttl: \
--data-file-format turtle \
--format turtle \
--inference none \
- --shacl $(top_srcdir)/dependencies/UCO/tests/shapes/uco-qc.ttl \
+ --shacl shapes/case-qc.ttl \
--shacl-file-format turtle \
__$@
+ # Review CASE for OWL 2 DL conformance.
source venv/bin/activate \
&& pyshacl \
--data-file-format turtle \
--format turtle \
--inference none \
- --shacl shapes/case-qc.ttl \
+ --shacl $(top_srcdir)/dependencies/UCO/ontology/owl/owl.ttl \
--shacl-file-format turtle \
__$@
java -jar $(top_srcdir)/dependencies/UCO/lib/rdf-toolkit.jar \
diff --git a/tests/examples/investigative_action_PASS.json b/tests/examples/investigative_action_PASS.json
index 522fc64..3ba6263 100644
--- a/tests/examples/investigative_action_PASS.json
+++ b/tests/examples/investigative_action_PASS.json
@@ -9,7 +9,7 @@
},
"@graph": [
{
- "@id": "kb:file-1",
+ "@id": "kb:file-1ef24857-e713-40ec-b325-b2561a4fcb3a",
"@type": [
"uco-observable:File",
"uco-observable:RasterPicture"
@@ -17,11 +17,13 @@
"uco-core:description": "Screenshot of webpage",
"uco-core:hasFacet": [
{
+ "@id": "kb:file-facet-0e21a61a-3a68-490c-9e93-d456c227d14b",
"@type": "uco-observable:FileFacet",
"uco-observable:fileName": "screenshot-1.png",
"uco-observable:sizeInBytes": 1234567
},
{
+ "@id": "kb:raster-picture-facet-166f8489-cff6-4405-b977-be46dc4a1a88",
"@type": "uco-observable:RasterPictureFacet",
"uco-observable:pictureHeight": 1024,
"uco-observable:pictureWidth": 768
@@ -29,25 +31,25 @@
]
},
{
- "@id": "kb:investigative-action-1",
+ "@id": "kb:investigative-action-45a85ed1-acd5-45be-aa78-891170bbd9b6",
"@type": "case-investigation:InvestigativeAction",
"uco-action:result": [
{
- "@id": "kb:file-1"
+ "@id": "kb:file-1ef24857-e713-40ec-b325-b2561a4fcb3a"
},
{
- "@id": "kb:provenance-record-1"
+ "@id": "kb:provenance-record-9e807c8c-ad7e-41aa-bd60-1dc98cae25c7"
}
],
"uco-core:name": "Submit reference graphic"
},
{
- "@id": "kb:provenance-record-1",
+ "@id": "kb:provenance-record-9e807c8c-ad7e-41aa-bd60-1dc98cae25c7",
"@type": "case-investigation:ProvenanceRecord",
"case-investigation:exhibitNumber": "1",
"case-investigation:rootExhibitNumber": "1",
"uco-core:object": {
- "@id": "kb:file-1"
+ "@id": "kb:file-1ef24857-e713-40ec-b325-b2561a4fcb3a"
}
}
]
diff --git a/tests/examples/investigative_action_XFAIL.json b/tests/examples/investigative_action_XFAIL.json
index b65f21e..a40675d 100644
--- a/tests/examples/investigative_action_XFAIL.json
+++ b/tests/examples/investigative_action_XFAIL.json
@@ -9,7 +9,7 @@
},
"@graph": [
{
- "@id": "kb:file-1",
+ "@id": "kb:file-9c9e20f9-e545-490f-bd3d-1fe230c18c0b",
"@type": [
"uco-observable:File",
"uco-observable:RasterPicture"
@@ -17,10 +17,12 @@
"uco-core:description": "Screenshot of webpage",
"uco-core:hasFacet": [
{
+ "@id": "kb:file-facet-da204016-29ff-4d5e-a36f-ff75a9d3169b",
"@type": "uco-observable:FileFacet",
"uco-observable:fileName": "screenshot-1.png"
},
{
+ "@id": "kb:raster-picture-facet-022af595-c417-47bf-b5f3-9a19ed3554bc",
"@type": "uco-observable:RasterPictureFacet",
"rdfs:comment": "The sizeInBytes property does not belong on this Facet.",
"uco-observable:pictureHeight": 1024,
@@ -30,26 +32,26 @@
]
},
{
- "@id": "kb:investigative-action-1",
+ "@id": "kb:investigative-action-a6b22845-2d81-4d24-ac22-dec5139d027a",
"@type": "case-investigation:InvestigativeAction",
"uco-action:result": [
{
- "@id": "kb:file-1"
+ "@id": "kb:file-9c9e20f9-e545-490f-bd3d-1fe230c18c0b"
},
{
- "@id": "kb:provenance-record-1"
+ "@id": "kb:provenance-record-f54f88ad-2659-4fba-8c3e-d96efa560fdf"
}
],
"uco-core:name": "Submit reference graphic"
},
{
- "@id": "kb:provenance-record-1",
+ "@id": "kb:provenance-record-f54f88ad-2659-4fba-8c3e-d96efa560fdf",
"@type": "case-investigation:ProvenanceRecord",
"rdfs:comment": "The exhibitNumber and rootExhibitNumber properties are errantly integers here, instead of strings.",
"case-investigation:exhibitNumber": 1,
"case-investigation:rootExhibitNumber": 1,
"uco-core:object": {
- "@id": "kb:file-1"
+ "@id": "kb:file-9c9e20f9-e545-490f-bd3d-1fe230c18c0b"
}
}
]
diff --git a/tests/examples/investigative_action_XFAIL_validation.ttl b/tests/examples/investigative_action_XFAIL_validation.ttl
index d930ffa..fd27e06 100644
--- a/tests/examples/investigative_action_XFAIL_validation.ttl
+++ b/tests/examples/investigative_action_XFAIL_validation.ttl
@@ -11,7 +11,7 @@
sh:result
[
a sh:ValidationResult ;
- sh:focusNode ;
+ sh:focusNode ;
sh:resultMessage "Value is not Literal with datatype xsd:string" ;
sh:resultPath investigation:exhibitNumber ;
sh:resultSeverity sh:Violation ;
@@ -26,7 +26,7 @@
] ,
[
a sh:ValidationResult ;
- sh:focusNode ;
+ sh:focusNode ;
sh:resultMessage "Value is not Literal with datatype xsd:string" ;
sh:resultPath investigation:rootExhibitNumber ;
sh:resultSeverity sh:Violation ;