Add Decision Point Value Selection schema with an example (#599)

Adding a value selection schema to describe a list of downselected decision points.

data/schema/current/Decision_Point.schema.json

@@ -0,0 +1 @@
+../v1/Decision_Point-1-0-1.schema.json

data/schema/current/Decision_Point_Group.schema.json

@@ -0,0 +1 @@
+../v1/Decision_Point_Group-1-0-1.json

data/schema/current/Decision_Point_Value_Selection.schema.json

@@ -0,0 +1 @@
+../v1/Decision_Point_Value_Selection-1-0-1.schema.json

data/schema/v1/Decision_Point-1-0-1.schema.json

@@ -0,0 +1,79 @@
+{
+    "$schema": "https://json-schema.org/draft/2020-12/schema",
+    "title": "Decision Point schema definition",
+    "$id": "https://certcc.github.io/data/schema/v1/Decision_Point.schema-1-0-1.json",
+    "description": "Decision points are the basic building blocks of SSVC decision functions. Individual decision points describe a single aspect of the input to a decision function.",
+    "definitions":     {
+	"schemaVersion": {
+            "description": "Schema version used to represent this Decision Point",
+            "type": "string",
+            "enum": ["1-0-1"]
+        },
+	"decision_point_value": {
+            "type": "object",
+	    "additionalProperties": false,	    
+            "properties": {
+                "key": {
+                    "type": "string",
+                    "description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way"
+                },
+                "name": {
+                    "type": "string",
+                    "description": "A short label that captures the description of the Decision Point or the Group of Decision Points."
+                },
+                "description": {
+                    "type": "string",
+                    "description": "Description of the Decision Point Value"
+                }
+            },
+	    "required" : [
+		"key",
+		"name",
+		"description"
+	    ]
+	},
+	"decision_point": {
+	    "type": "object",
+	    "additionalProperties": false,
+	    "properties": {
+            "namespace": {
+		"type": "string",
+		"description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point"
+            },
+            "version": {
+		"type": "string",
+		"description": "Version (a semantic version string) that identifies this object"
+            },
+            "key": {
+		"type": "string",
+		"description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way"
+            },
+            "name": {
+		"type": "string",
+		"description": "A short label that captures the description of the Decision Point or the Group of Decision Points."
+            },
+            "description": {
+		"type": "string",
+		"description": "q Description of the Decision Point or the Group of Decision Points as defined."
+            },
+            "values": {
+		"description": "Decision Point Values are valid results from a Decision Point",
+		"uniqueItems": true,
+		"type": "array",
+		"items": {
+		    "$ref": "#/definitions/decision_point_value"
+		}
+            }
+	    },
+	    "required": [
+		"namespace",
+		"version",
+		"key",
+		"name",
+		"description",
+		"values"
+	    ]
+	}
+    },
+    "$ref": "#/definitions/decision_point"
+}

data/schema/v1/Decision_Point_Group-1-0-1.json

@@ -0,0 +1,44 @@
+{
+    "$schema": "https://json-schema.org/draft/2020-12/schema",
+    "title": "Decision Points Group schema definition",
+    "$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Group-1-0-1.schema.json",
+    "definitions": {
+	"schemaVersion": {
+            "description": "Schema version used to represent Decision Point Group",
+            "type": "string",
+            "enum": ["1-0-1"]
+        },
+	"decision_point_group": {
+	    "type": "object",
+	    "additionalProperties": false,
+	    "properties": {
+		"version": {
+		    "type": "string",
+		    "description": "Version (a semantic version string) that identifies this object"
+		},
+		"name": {
+		    "type": "string",
+		    "description": "A short label that captures the description of the Decision Point or the Group of Decision Points."
+		},
+		"description": {
+		    "type": "string",
+		    "description": "Description of the Decision Point or the Group of Decision Points."
+		},
+		"decision_points": {
+		    "type": "array",
+		    "items": {
+			"$ref": "https://certcc.github.io/SSVC/data/schema/Decision_Point.schema.json"
+		    }
+		}
+	    },
+	    "required": [
+		"version",
+		"name",
+		"description",
+		"decision_points"
+	    ]
+	}
+    },
+    "$ref": "#/definitions/decision_point_group"
+
+}

data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json

@@ -0,0 +1,99 @@
+{
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Group_Selection-1-0-1.schema.json",
+    "definitions": {
+	"id": {
+            "type": "string",
+            "description": "Identifier for a vulnerability could be CVE, CERT/CC VU#, OSV id, Bugtraq, GHSA etc.",
+            "examples": ["CVE-2024-101010","VU#11111","GHSA-11a1-22b2-33c3"]
+	},	
+	"role": {
+            "type": "string",
+            "description": "Roles to define SSVC Stakeholders https://certcc.github.io/SSVC/topics/enumerating_stakeholders/",
+            "examples": ["Supplier","Deployer","Coordinator"]
+        },
+	"timestamp" : {
+            "description": "Date and time in ISO format  ISO 8601 format",
+            "type": "string",
+            "format": "date-time"
+	},
+        "schemaVersion": {
+            "description": "Schema version used to represent this evaluation",
+            "type": "string",
+            "enum": ["1-0-1"]
+        },
+	"SsvcdecisionpointselectionSchema": {
+	    "description": "A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability",
+	    "properties": {
+		"name": {
+		    "description": "Name of the Decision Point that were evaluated", 
+		    "title": "name",
+		    "type": "string",
+		    "examples": ["Automatable", "Exploitation"]
+		},
+		"namespace": {
+		    "description": "SSVC Namespace that were used for defining the evaluated Decision Points",
+		    "title": "namespace",
+		    "type": "string",
+		    "examples": ["ssvc","cvvsv4"]
+		},
+		"values": {
+		    "description": "Evaluated values of the Decision Point",
+		    "title": "values",
+		    "type": "array",
+		    "items": {
+			"description": "Each value that were down-selected for a Decision Point",
+			"title": "values",
+			"type": "string"
+		    }
+		},
+		"version": {
+		    "description": "Version of the Decision Points that were evaluated",
+		    "title": "version",
+		    "type": "string"
+		}
+	    },
+	    "type": "object",
+	    "required": [
+		"name",
+		"namespace",
+		"values",
+		"version"
+	    ],
+	    "additionalProperties": false
+	},
+	"SsvcdecisionpointgroupselectionSchema": {
+	    "properties": {
+		"id": {
+		    "$ref": "#/definitions/id"
+		},
+		"role": {
+		    "$ref": "#/definitions/role"
+		},
+		"schemaVersion": {
+		    "$ref": "#/definitions/schemaVersion"
+		},
+		"timestamp": {
+		    "$ref": "#/definitions/timestamp"
+		},
+		"selections": {
+		    "description" : "An array of Decision Points and their Values that were down-selected or evaluated ",
+		    "title": "selections",
+		    "type": "array",
+		    "items": {
+			"$ref": "#/definitions/SsvcdecisionpointselectionSchema"
+		    }
+		}
+	    },
+	    "type": "object",
+	    "required": [
+		"selections",
+		"id",
+		"timestamp",
+		"schemaVersion"
+	    ],
+	    "additionalProperties": false
+	}
+    },
+    "$ref": "#/definitions/SsvcdecisionpointgroupselectionSchema"
+}