https://creativecommons.org/licenses/by/4.0/ Barbara Gallina, Dian Balta, Ingmar Kessler Standard: The Assurance Case Working Group (ACWG) Tomas Bueno Momčilović OntoGSN is an ontology for managing assurance cases in the Goal Structuring Notation (GSN). The goal of the ontology is to help users in linking the elements of their cases - claims and evidence - with the internationalized resource identifiers (IRIs) of represented concepts, events and data, and in evaluating the validity of their argument. SCSC-141C 2025-02-24 2025-06-19T00:00:00Z https://www.fortiss.org/ The Assurance Case Working Group (ACWG). (2021 May). Goal Structuring Notation Community Standard Version 3. URL: http://scsc.uk/SCSC-141C OntoGSN Bueno Momcilovic, T., Kessler, I., Gallina, B., & Balta, D. (2025). OntoGSN: An Ontology for Dynamic Management of Assurance Cases. 20th February 2025 gsn [Disclaimer from the GSN Community Standard v3.0]: While the authors and the publishers have used reasonable endeavours to ensure that the information and guidance given in this work is correct, all parties must rely on their own skill and judgement when making use of this work and obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content of this work. Neither the authors nor the publishers make any representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to such information and guidance for any purpose, and they will not be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever (including as a result of negligence) arising out of, or in connection with, the use of this work. The views and opinions expressed in this publication are those of the authors and do not necessarily reflect those of their employers, the SCSC1 or other organisations. https://w3id.org/OntoGSN/ 3.0 1.2 GSN is a graphical argument notation which can be used to document explicitly the elements and structure of an argument and the argument’s relationship to evidence. applicability The applicability section should state under what circumstances the pattern can be applied, making clear the assumptions and principles underlying the pattern to avoid inappropriate application in a mismatched context. This section should record what contextual information is required in order to apply the pattern. Argument Pattern Extension collaboration The collaboration section should describe how elements of the pattern work together to achieve the desired effect, particularly where there are links that are not readily apparent from the argument structure. Argument Pattern Extension consequences The consequences section should make clear what work remains after the pattern has been applied. This should highlight where further support to the argument is required, and assumptions that need to be discharged. Argument Pattern Extension core or extension Indicator of the sourcing section in the GSN Community Standard v3. examples It may be useful to provide example illustrations of the application of the pattern, particularly for more abstract patterns. Illustrations should include a typical case and can be supplemented with atypical cases where more than one example is provided. Argument Pattern Extension implementation The implementation section should communicate how the application of the pattern is carried out e.g. the order in which elements should be developed; communicate hints or techniques that may ease successful application; highlight common or recognised pitfalls with the application of the pattern; and record potential misinterpretation of the terms or concepts in the pattern. Argument Pattern Extension intent The intent statement should state clearly what the pattern aims to achieve. Argument Pattern Extension known uses It may be useful to provide references to known applications of the pattern. These can serve as additional examples. Argument Pattern Extension motivation The motivation statement can be used to state why the pattern was created. It could be expressed in terms of previous experiences e.g. as the abstraction of a successfully presented argument, or challenges addressed e.g. argument topics that are often incompletely or poorly addressed. Argument Pattern Extension participants The participants section augments the structure by providing a description of each element. This can provide more complete descriptions, clarify the role of the element in the overall argument and emphasise the aspects that require development or instantiation. Argument Pattern Extension rendered as Core GSN structure The structure uses the structural and element abstraction notations to present the pattern, clearly indicating where the argument needs to be further developed or populated with details to instantiate the pattern for a specific case. Argument Pattern Extension associated with Confidence Argument Extension attached to Argument Pattern Extension dotted line challenges Allows a Challenge to any GSN entity to be documented. A goal, (core element) can be used in a dialectic context to assert a challenge to part of the argument. A solution, (core element) can be used to present a reference to an evidence item that asserts a challenge to part of the argument. A challenge must be levied against the appropriate aspect of the goal structure. Dialectic Extension dashed line with an open arrowhead consistent with By making the relationship to the away goal the author is asserting not only the inference of support for the parent goal, but also that the context in which the away goal is declared is consistent with the context and assumptions in scope for the parent goal. Modular Extension contains Core GSN in context of InContextOf, rendered as a line with a hollow arrowhead, declares a contextual relationship. Core GSN line with a hollow arrowhead instantiation of Argument Pattern Extension refers to Core GSN related to This section can be used to reference patterns that are related e.g. addressing the same intent in a different context. Argument Pattern Extension true substituted by There may be occasions when a goal or strategy requires fuller justification than can be provided within the confines of a GSN justification element. In such cases, an away goal can be substituted for the justification. Modular Extension supported by SupportedBy, rendered as a line with a solid arrowhead, allows support relationships between elements to be documented. Core GSN line with a solid arrowhead confidence dialectic risk argument type Confidence Argument Extension assurance claim point An Assurance Claim Point (ACP) can be used in GSN to indicate that a confidence argument is associated with an assertion in a risk argument. Confidence Argument Extension solid square An away assumption repeats an assumption presented in another argument module and is typically used only in Contract Modules. An away context repeats a reference to context presented in another argument module. An away goal reference repeats a claim presented in another argument module. An away justification repeats a justification presented in another argument module and is typically used only in Contract Modules. An away solution repeats a reference to evidence items presented in another argument module. away An away element reference repeats a claim or evidence presented in another argument module. Modular Extension bisecting line in the lower half choice A GSN choice can be used to denote possible alternatives in satisfying a relationship. Argument Pattern Extension solid diamond contract A contract module is a special type of module that controls the relationship between argument module interfaces using arguments to define how a goal in one module is supported by one or more goals in one or more other modules. A contract may be described in textual form (e.g. as a table) or for more complex relationships may be described within a contract module using GSN. Contract modules can be used in the support relationship between modules to aid decoupling. The de-coupling by use of a contract permits argument module construction in cases where the eventual source of support for an argument is unknown at the time of authoring or can be changed for example through re-use or planned product improvement or reconfiguration. Modular Extension a rectangle with two smaller rectangles (of equal size to each other) adjoining at the top left and bottom right Defeated Relationship indicates that the relationship is defeated. The Defeated decorator can be applied to any of the GSN relationships. defeated This decorator symbol indicates that the element is defeated. The Defeated decorator can be applied to any of the GSN elements. Dialectic Extension cross (‘X’) superimposed on a GSN element or relationship final Argument Pattern Extension in doubt The dialectic challenge within this structure asserts that if the claim presented in Goal CG1 is true then this is sufficient to establish that the claim in Goal G1 in the original structure is in doubt. Dialectic Extension maximum cardinality Argument Pattern Extension text minimum cardinality Argument Pattern Extension text multiple Argument Pattern Extension solid ball off-diagram Core GSN optional Optional instantiation means that the relationship and the argument below may or may not be instantiated. Argument Pattern Extension hollow ball public This indicates that the element is publicly visible in one or more interfaces of the module and can be referenced as an away element. Modular Extension miniature module symbol superimposed on an element at the top right published Argument Pattern Extension contextual evidential inferential relationship type An evidential relationship is a declared relationship between a claim and an evidence item by which the claim is substantiated. An inferential relationship is a declared inference between claims in the argument. A contextual relationship draws attention to explanatory contextual information. SupportedBy relationships – represented by lines with solid arrowheads – indicate inferential or evidential relationships between elements. InContextOf relationships – represented as lines with hollow arrowheads – declare contextual relationships. Core GSN statement Core GSN structured A particular kind of argument where the relationships between the asserted claims, and from the evidence to the claims, are explicitly represented. Core GSN to be supported by contract Modular Extension attached centrally immediately below the goal to which it relates top (goal) A GSN Goal that presents the pinnacle claim in an argument. It is ‘top’ in terms of the argument hierarchy, rather than necessarily its physical layout. There may be more than one top goal in a GSN structure. The top goal presents the overall claim asserted by the author and it is up to the reader to determine their belief that it is adequately supported. Core GSN true Core GSN undeveloped Undeveloped element decorator, rendered as a hollow diamond applied to the bottom centre of an element, indicates that a line of argument has not been developed. Argument Pattern Extension hollow diamond uninstantiated Argument Pattern Extension hollow triangle valid Core GSN architecture argument view type Modular Extension 1 Argument A body of information presented with the intention to establish one or more claims through the presentation of related supporting claims, evidence and contextual information. A connected series of claims intended to establish an overall claim. Core GSN The corresponding argument could be located in a paragraph of accompanying text, a goal in the local argument, or a goal in a separate module. Confidence Argument Extension Artefact Evidence Core GSN Artefact Reference Core GSN Assumption An assumption, rendered as an oval with the letter 'A' at the top- or bottom-right, presents an intentionally unsubstantiated statement. Core GSN oval GSN assumptions provide additional information necessary for the correct understanding of the argument. This information is stated as fully as necessary, using complete sentences in the form noun phrase + verb phrase. Assurance Case A reasoned and compelling argument, supported by a body of evidence, that a system, service or organisation will operate as intended for a defined application in a defined environment. Arguments and evidence intended to demonstrate that a system meets its assurance requirements. Core GSN Catalogue A pattern catalogue may be created to collate a series of patterns; where such a catalogue is created the structure and format of the definition should be consistent and each pattern’s definition should have a unique {pattern identifier}. Argument Pattern Extension Context A context, rendered as shown left, presents a contextual artefact. This can be a reference to contextual information, or a statement. Core GSN rounded rectangle Two kinds of GSN context statement exist. Where a context statement draws attention to explanatory contextual information (such as the definition of some term), this information shall be stated briefly using complete sentences of a noun-phrase + verb-phrase structure. Where a context statement is a reference to an artefact of some kind, which informs the reasoning step, the context statement shall be expressed as a noun phrase. Defeater Dialectic Element The source of challenge being applied; can be directed at any part of an argument. A defeater (goal or solution) can challenge any element in a goal structure, e.g. goal, solution, strategy, context, assumption, justification. Membership of this class is only meant to be inferred, not asserted! Please do not add individuals to this class manually (i.e., assertions). The goal and solution statements should be clearly expressed such that the crux of the challenge is unequivocally communicated. Thus, the link between the part of the argument that is being challenged (target) and the dialectic element (source) is self-evident. Dialectic Extension 1 GSN Element Core GSN Goal Claim (Claim is) A proposition being asserted by the author that is a true or false statement. A goal, rendered as a rectangle, presents a claim forming part of the argument. Core GSN rectangle GSN goals document the claims made in the argument (i.e. premises and conclusions). Each goal shall contain a single goal statement, expressed as a proposition in the form of a noun phrase + verb-phrase sentence. Instantiation Data Reference This symbol indicates that the GSN argument below the attached element is to be instantiated as a template argument. It provides a reference to the information used to instantiate the template argument. Argument Pattern Extension hollow triangle Justification A justification, rendered as an oval with the letter 'J' at the top- or bottom-right, presents a statement of rationale. Core GSN oval GSN justifications provide additional information necessary for the correct understanding of the argument. This information is stated as fully as necessary, using complete sentences in the form noun phrase + verb phrase. 1 Module Goal structures can be partitioned into separate, but interrelated, modules. This can allow the division of an overall goal structure into separate goal structures focusing on particular aspects of the overall argument. A module may contain one or more arguments and may contain other modules. Modular Extension a rectangle with a second smaller rectangle adjoining at the top left Pattern Argument Pattern Extension Relationship Core GSN confidence 1 Relationship with Confidence The corresponding argument could be located in a paragraph of accompanying text, a goal in the local argument, or a goal in a separate module. Confidence Argument Extension Solution A solution, rendered as a circle, presents a reference to an evidence item. Core GSN circle GSN solutions make no claim, but are simply references to evidence items that provide support for a particular claim. They shall therefore be stated as noun-phrases. Strategy A strategy, rendered as a parallelogram, describes the inference that exists between a goal and its supporting goal(s). Core GSN parallelogram GSN strategy statements describe the reasoning that connects parent goals and their supporting goals, but the core claims and the structure connecting those claims remain unchanged. Strategy statements contain a brief description of the argument approach. Template A template argument is a special case of a pattern argument. It uses the core GSN and argument pattern extension to construct an argument structure which requires no further development. Argument Pattern Extension View The argument view depicts the argument inside an individual module. Modular Extension true true S40 Confidence Argument Extension true true S16 Core GSN false false true S1 Core GSN false false true S17 Core GSN true S32 Modular Extension true true S9 Core GSN true true true false true S6 Core GSN false true S8 Core GSN false true false true S5 Core GSN inferential true S45 Confidence Argument Extension true true S44 Confidence Argument Extension true true S49 Dialectic Extension false true true true S48 Dialectic Extension true true true S38 Modular Extension true true true S51 Dialectic Extension false false false true S43 Confidence Argument Extension true true S42 Confidence Argument Extension true true S29 Modular Extension true false true S33 Modular Extension false true S24 Modular Extension true true S23 Modular Extension true true S31 Modular Extension true false true S25 Modular Extension false false true S28 Modular Extension true true false true S37 Modular Extension false false false true S27 Modular Extension true false true S26 Modular Extension true false true S30 Modular Extension true true true true S35 Modular Extension true S34 Modular Extension true S36 Modular Extension true S20 Argument Pattern Extension true false true S14 Core GSN false false true S13 Core GSN false true false true S11 Core GSN false false true S10 Core GSN true true true S3 Core GSN evidential true S46 Dialectic Extension true true true S4 Core GSN inferential true S21 Argument Pattern Extension true true false false true S22 Argument Pattern Extension true true false false true S2 Core GSN contextual true S7 Core GSN false false false true S52 Dialectic Extension true S50 Dialectic Extension true S39 Modular Extension true true false true S19 Core GSN true S18 Core GSN true S12 Core GSN false true false true S41 Confidence Argument Extension false false true S47 Dialectic Extension true false