Following the content guidance from the various Authority Documents1, contribution through a centralized API roughly follows the data model shown below:
Breaking the data model down
For clarity, we will break the data model into its constituent parts, describing how a contribution would take place.
A Person who is
part of an Organization is
assigned a Role of contributor (Author, Mapper, etc.)
as part of a Project that contains an
Authority Document (or as NIST OSCAL calls it a catalog) that has various
Citations (or SWID entries, or catalog entries, or reference elements) that have identified
Dictionary Terms (such as product names, tagged nouns or verbs) and a possible match to a
Reference Control (or focus control or Common Control).
We will call this continuous process an entry.
A catalog of the following will be queryable via API:
Authority Documents and entries,
contributors (and associated persons)
Furthermore, the API will allow disambiguated persons from disambiguated organizations to create entries.
In order to build out this data model and ensure that it works through a publicly published API, five steps need to be completed for each schema in the data model:
A schema will be proposed for comment.
The schema will be publicly distributed and discussion will be requested.
When the discussion has reached its logical conclusion, the schema will be voted on and locked.
Once the schema is locked, API building and testing will be undertaken, with alpha and beta versions of the API made available for testing and discussion.
When the discussion has reached its logical conclusion, the API’s possible versions will be voted on and locked. Once locked it will be made publicly available.
This can be accomplished in a stair-step manner wherein we build out the schema and APIs from their logical progression as listed in the contribution scenario above. Once a schema has been voted on and locked, the next schema in the logical progression can be proposed.