Review Comment:
This manuscript was submitted as 'Ontology Description' and should be reviewed along the following dimensions: (1) Quality and relevance of the described ontology (convincing evidence must be provided). (2) Illustration, clarity and readability of the describing paper, which shall convey to the reader the key aspects of the described ontology.
The paper describes a hazard risk ontology that could help in analyzing accidents and modeling control loop failures. The ontology is modeled according to the System-Theoretic Accident Model and Processes (STAMP). The paper was submitted as an ontology description, a category of submissions in the SWJ that has its unique requirements that allow an ontology to gain impact in the community. One of these requirements is that the that the ontology is free, open, and accessible on the Web. For me this is a hurdle requirement. While the ontology is free, it is unfortunately not fully available on the Web. While the profile itself is available at http://onto.fel.cvut.cz/ontologies/stamp-hazard-profile/0.0.1 one of its constituents, https://onto.fel.cvut.cz/ontologies/page/stamp-hazard-and-risk is returning a 404. Also, the profile, while accessible on the Web, is not accessible through the OWL API (i.e. through Protege) as it uses special characters that can't be processed. Both files that are accessible are named ontology.ttl (or the chosen filetype extension), which is neither best practice nor useful when trying to load the ontology in an editor. The URI's used for the ontology are not persistent (e.g. no web3id is used), nor are they stored in a location that is likely to be available in perpetuity. While this could be a ground for rejection by itself, I continued to give the paper the benefit of a doubt. However, there are a plethora of further issues that unfortunately prevent the paper to be published at this stage. Some of the major one's are mentioned below:
- The profile ontology itself consists of classes the like of "appropriate control actions were provided but not followed". This is not a class, this is use case that includes at the very least the following classes, "Control", "Action", "Protocol" and an object property "notFollowed" or "neglected". This profile ontology consists only of classes of this nature, some of which are defined as equivalent to each other. There are no properties in this Profile. It is unclear to me what the purpose of this ontology profile is, but in its current state it has no purpose and it is wrong. There are even typos in some of the classes such as "actuator relatd factors". Also, in STAMP, everything is time-bound, even in the requirements and use cases mentioned in the paper, but time is not modelled in the ontology. This would invalidate any use case.
- The stamp control structure ontology at http://onto.fel.cvut.cz/ontologies/stamp-control-structure/0.0.1 suffers also from too many modelling errors to mention all of them here, but some examples:
-- None of the classes or properties include any rdfs:comments, i.e. they are essentially not useable to someone who wants to reuse the ontology.
-- There is a mixing of capitalization in classes, i.e. Person is capitalized, while other classes are largely small caps. While the recommendation is to use large camel case, whatever you chose, it has to be consistently applied.
-- There are many qualified classes that have no unqualified variants to inherit from or to be related to, e.g. "controller process model change" could be a ProcessModelChange that is a subclass of a ChangeEvent that is related to an agent controller.
-- There are classes named "type" in the ontology, e.g. hazard state type. While there can be a need for a class that also has a type of the same name, it is often a clear indicator of a UML understanding of ontologies. However, here it is unclear what the semantics of these classes are as there is no description. One thing is clear, though, a class "type" which itself is a subclass of "type" is certainly wrong.
-- There are many classes that are equivalent to each other, but have different labels and different positions in the sub-class hierarchy. It is unclear what the purpose is and they are most likely to be wrong. "stamp-object", for example, is a sublcass as well as equivalent class of control-structure-component.
-- The ontology does not import any established ontology, nor is there any mapping to existing ontologies. Mappings to PROV-O for properties like derivedFrom, Event, Action etc., to FOAF for Agent, Person etc., to the Time Ontology for the missing time relations, to SOSA/SSN for Sensor, Actuator, Process., to QUDT or another measurement ontology for Units of Measure and measurements.
-- there are no datatype properties in the ontology, which makes one wonder how values can be assigned for use cases. This in combination with the missing time and measurement aspects of the ontology explains instances such as "two u. s. a helicopters shut down" in the example instance at http://onto.fel.cvut.cz/ontologies/stamp-friendly-fire-example/current/d...
-- the ontology does not include any metadata nor does it define its own namespace prefix. There is no ontology description either.
-- the ontology is not registered in prefix.cc nor in the LOV ontology vocabulary.
-- The authors claim that the ontology is modularized, but neither of the modules can be used by themselves as they all import each other.
Apart from the plethora of modelling errors and issues in the ontology there are many major issues in the paper too, briefly, they are:
- There is no related work to related ontologies. Nor is there any related work of ontologies that overlap with certain aspects of the modelled ontology.
- The title and the paper in general assumes that the reader is familar with STAMP. That may not be the case for someone who just wants to use this specific ontology. Using the abbreviation only in the abstract and title is therefore problematic.
- There is no justification why the authors use an upper level ontology. And then, why chosing UFL and not more prevalent ontologies such as DULCE, SUMO, GFO or BFO. UFL seems to be only available anymore in a version that is published by the authors under their own namespace: http://onto.fel.cvut.cz/ontologies/ufo/current/index-en.html
- Why did the authors chose the SABiO ontology engineering methodology and not those that are widely used and established, Guarino/Welty's, Gruninger's or Gómez-Pérez methdologies.
- While claiming to follow the SABiO methodology, the authors did not define use cases. The requirements mentioned in the paper seem to be not grounded in use cases. There is essentially only one use case, which is the instance that is modelled.
- The authors claim that the ontology was validated by a successful instantiation of SHRO in a real world situation. There is only one instantiation, which is the helicopter shot down accident example instance which suffers from a plethora of problems (one was mentioned above), plenty of others exist such as "26 people dead" as an instance or "two f 15 fighter aircraft". If these are instances in a use case, no instance of this ontology can ever be compared to each other, rendering the ontology ineffective. These could be quantified, i.e. a FighterAircraft instance with two named indivduals for each of the involved aircrafts and 26 named individuals of Deceased.
- The validation of that one use case was done by two domain experts. How was the use case validated? Why only one use case that only covers a small fraction of the ontology. There should at least one instantiation of a class/property in the total of all uses cases.
- There is no evidence how this ontology is in use or how it can be used. Are there STAMP model instantiations in a different language, e.g. XML, UML or database instances? Can you provide a mapping from instances of those to the ontology? Can there be an extension to schema.org so that existing health and safety applications that publish hazardous events on the Web could use this proposed extension?
- The authors are encouraged to investigate the ontology design pattern initiative to see if some of the modelling choices could not have used established patterns.
- Figure 5 describes an ontology that actually makes a lot of sense, but none of the classes in that diagram that are yellow, i.e. Accident, Requirement etc. (and supposed to be part of SHRO) are actually included in any of the ontology files that are available.
- The references are messy, e.g. N. Leveson's "Engineering a Safer World: Systems Thinking Applied to Safety" book is cited at least 10 times.
Overall, unfortunately, the ontology in its current version is not suitable for publication in the SWJ.
|
Comments
ontology documentation and downloading pge
Hello,
I would like to inform you that, our ontology is available at:
http://onto.fel.cvut.cz/ontologies/stamp-hazard-profile.
Also, the abstract has a link to the example accessible at:
http://onto.fel.cvut.cz/ontologies/stamp-friendly-fire-example.
thanks.
Jana