Revisit CALM Node Types

[jpgough-ms]

Feature Request

Description of Problem:

With the introduction of interfaces and controls, we have started to challenge the node-type-definition that exists in CALM. The current list is:

"node-type-definition": {
      "enum": [
        "actor",
        "system",
        "service",
        "database",
        "network",
        "ldap",
        "webclient"
      ]
    },

We should revisit this to set what the types would be

[jpgough-ms]

@ojeb2 please share some of the definitions/types from your work with OMG

[rocketstack-matt]

My view is we can remove database;replace with service in the logical representation, more detailed data knowledge to be proposed by @ojeb2, ldap; isn't this just another service or system (depending on level you're looking at); webclient would be replaced by the interface definitions on nodes which could represent both systematic (e.g. API) type interfaces as well as describe user interfaces, unless we think we would want to capture details around implementation choices (which I don' think we do).

[ojeb2]

Some references for node types:

LeanIX

LeanIX, an enterprise architecture tool, supports 12 different types:
https://docs-eam.leanix.net/docs/meta-model#fact-sheet-types
We are most interested in:

• LeanIX Application (CALM system node)
• LeanIX Interface (CALM interface)
• LeanIX Data Object (new to CALM)
• LeanIX IT Component (new to CLAM but probably just another CALM System or Service depending on the hosting situation)

OMG DPROD (Data Product)

The Data Product (DPROD) specification is a profile of the Data Catalog (DCAT) Vocabulary, designed to describe Data Products. DPROD extends DCAT to enable publishers to describe Data Products and data services in a decentralized way.
https://ekgf.github.io/dprod/#data-product-dprod-model
DPROD has 4 main entity definitions but 2 are most useful to CALM:

• DataProduct (new to CALM)
• DataService (CALM interface)

CDMC Cloud Data Management Capabilities

CDMC is a standard created by the EDMCouncil for describing what good data management looks like for cloud hosted data. It was developed by 150 organisations in 2020-2021 and automated controls were written and implemented for the 3 major CSPs.
CDMC defines Data Assets as part of the CDMC Information Model:
https://github.com/edmcouncil/cdmc/blob/main/ontology/Core.ttl
An example of the Data Asset properties for the implementation of CDMC controls for Google BigQuery is here: https://github.com/GoogleCloudPlatform/cdmc/blob/main/tagging/tag_templates/cdmc_controls.yaml
CDMC terms:

• CDMC DataAsset (new to CALM)

FinOS CCC Common Cloud Controls

A FinOS project defining common service definitions for cloud services, common threats against those services, and common controls to mitigate the risks of those threats.
https://github.com/finos/common-cloud-controls
CCC Services are organised into families (https://github.com/finos/common-cloud-controls/blob/main/services/service-families.yaml):

• CCC Service (CALM service node)
  By providing a mapping of CLAM Service or CLAM System to a CCC Service we would be able to bring in CCC Controls to provide a vocabulary for CALM Controls.