1. OMG Mailing List
  2. Risk Analysis and Assessment Modeling Language (RAAML) Revision Task Force

Open Issues

  • Issues not resolved
  • Name: raaml-rtf
  • Issues Count: 10

Issues Descriptions

STPA is not properly implemented

  • Key: RAAML11-15
  • Status: open  
  • Source: Blue Origin LLC ( Charles F Radley)
  • Summary:

    RAAML claims to implement STPA, but some important elements are missing.

    For example,

    In Step-1 of the STPA process (in the 2018 Leveson/Thomas STPA Handbook – Figure 2.3) it calls out the need to derive “Safety Constraints” from the Losses. I can find no reference to Safety Constraints in the RAAML.

    Furthermore the RAAML does not provide any linkage from Losses to Hazards, which is expected in the Handbook.

  • Reported: RAAML 1.0b2 — Thu, 3 Nov 2022 13:46 GMT
  • Updated: Thu, 3 Nov 2022 17:37 GMT

Elements Should Have Unique Names to Improve Clarity and Implementation

  • Key: RAAML11-1
  • Status: open  
  • Source: Gaphor Project ( Dan Yeaw)
  • Summary:

    Many parts of RAAML are broken in to a Library and Profile. The Profile contains the Stereotypes, for example the definition of the <<AND>> stereotype for an AND gate. The Library contains a definition, for example that an AND Block with the <<AND>> stereotype is a type of Gate. In other words, RAAML often has two elements in the model in different namespaces but with the same name.

    In the Gaphor tool, we autocode the model in to a Python datamodel. So far while implementing UML and SysML, we didn't have to name each Python class with the full namespace because the element names were always unique. With RAAML this is no longer the case, there are often two elements with the same name.

    I think this can also cause confusion for users by duplicating names. For example, if someone is talking about the AND element, are they referring to the the stereotype or the block?

    SysML v2 is starting to use two similar names for the definition and the usage, but the definition includes "def" in the name. For example, the definition of a part is a "part def" and the usage is a "part". I would recommend we use something similar for RAAML. the definition of the AND gate could be "AND_Def", and the stereotype could be "AND".

    The duplicated names include:
    Gate, AND, BasicEvent, Cause, ConditionalEvent, DormantEvent, Early, FMEAItem, FailureMode, HouseEvent, INHIBIT, Late, MAJORITY_VOTE, NOT, OR, SEQ, TopEvent, UnsafeControlAction, XOR, ZeroEvent.

  • Reported: RAAML 1.0b1 — Sun, 28 Feb 2021 17:30 GMT
  • Updated: Thu, 27 Oct 2022 18:13 GMT

Unclear whether a part of a composite can be reused in another composite

  • Key: RAAML11-14
  • Status: open  
  • Source: oose Innovative Informatik eG ( Axel Scheithauer)
  • Summary:

    An instance of a part can be part of exactly one composite instance, but there could be many options for the composite. For example the same ScenarioStep could be part of many Scenarios. Of course, each instance of the ScenarioStep will occur only in one Scenario instance.

    In order to allow this, the multiplicity on the whole side of the composite relationship in figure 9.22 must be 0..1.

    In this figure this multiplicity is not shown. This leads to two possible interpretations. According to UML the default is 1, but according to SysML the default is 0..1. Now, the General Concepts Library is a SysML model, hence we could assume that it is 0..1.

    However, this default is just a notational thing: "SysML: These multiplicities may be assumed if not shown on a diagram.". In order to make it into the xmi-file the multiplicities must be set explicitely. And in the current xmi-file the multiplicity is not defined. When it is opened by Cameo, it sets the value explicitely to 1. You might consider this a bug in Cameo, but I guess this behavior is within the specification.

    So my question is: What was the intention? Should a scenario step only be part of one scenario? Then the multiplicity must be 1 and this should be made clear in the diagrams. Or can it be part of many scenarios? Then the multiplicity must be 0..1 and this should also be shown in the diagrams. And it should be defined in the xmi-file.

    The same question needs to be answered for all composite associations in the libraries, e.g. Risk to Effect, Event and HarmPotential. ScenarioStep is just one example for the issue.

  • Reported: RAAML 1.0 — Tue, 30 Aug 2022 13:03 GMT
  • Updated: Wed, 5 Oct 2022 15:07 GMT

ISO 26262 is Reference is Outdated

  • Key: RAAML11-8
  • Status: open  
  • Source: Gaphor Project ( Dan Yeaw)
  • Summary:

    The current version of ISO 26262 is version 2018, the RAAML specification is referencing version 2011.

  • Reported: RAAML 1.0 — Sat, 23 Apr 2022 19:13 GMT
  • Updated: Mon, 25 Apr 2022 13:31 GMT

Use Action Priority Number instead of Risk Priority Number for the FMEA analysis

  • Key: RAAML11-6
  • Status: open  
  • Source: Method Park ( Hendrik Dahmke)
  • Summary:

    The Automotive Industry Action Group and the "Verband der deutschen Automobilindustrie" published a FMEA handbook in 2019 where they discourage the use of the Risk Priority Number (RPN) and instead suggest the use of an Action Priority to determine order and importance of identified failure modes and their effects.

  • Reported: RAAML 1.0b1 — Tue, 28 Sep 2021 05:54 GMT
  • Updated: Wed, 15 Dec 2021 21:35 GMT

Explanation of what previousRPNValues attribute means

  • Key: RAAML11-7
  • Status: open  
  • Source: Dassault Systemes ( Andrius Armonas)
  • Summary:

    There should be an explanation of what the previousRPNValues attribute means.

  • Reported: RAAML 1.0b1 — Thu, 30 Sep 2021 13:06 GMT
  • Updated: Wed, 15 Dec 2021 21:35 GMT
  • Attachments:

Lack of consideration of Cut Sets

  • Key: RAAML11-5
  • Status: open  
  • Source: Engineer for Safety Limited ( Phil Williams)
  • Summary:

    The section focusses on probability as an attribute from FTA elements.
    This is arguably the least important attribute from FTA, particularly in system modeling and given the simplistic treatment of probability in this section.
    A far more valuable attribute from FTA is the cut set, or minimal cut set at any gate within the FTA hierarchy.
    This is a major shortfall that I believes renders the use of these profiles within system modeling very limited, particularly in early system work before the base event probabilities can be known. Even in later lifecycle phases, the simplistic treatment of probabilities that ignores real world interdependence renders the results from such modeling misleading at best.

  • Reported: RAAML 1.0b1 — Fri, 30 Apr 2021 10:41 GMT
  • Updated: Wed, 15 Dec 2021 21:35 GMT

Support for Risk Matrices

  • Key: RAAML11-2
  • Status: open  
  • Source: KnowGravity Inc. ( Markus Schacher)
  • Summary:

    How are risk matrices supported that visually relate risks to the probability and severity of their occurrence as well as to the defined risk acceptance criteria levels (e.g. acceptable/tolerable/intolerable)?

  • Reported: RAAML 1.0b1 — Sun, 25 Apr 2021 08:59 GMT
  • Updated: Wed, 15 Dec 2021 21:35 GMT

The treatment of GSN in RAAML

  • Key: RAAML11-4
  • Status: open  
  • Source: MITRE ( Bob Martin)
  • Summary:

    The GSN Community standard and metamodel, as of version 2 of GSN, are based on extending OMG’s Structured Assurance Case Metamodel (SACM) version 2. In a sense, all GSN elements are sub-classes of elements defined in SACM so that tools supporting GSN can leverage the SACM metamodel for exchanging GSN content. The material in RAAML that discusses GSN and define RAAML GSN constructs does not reflect this approach and appears at odds to the GSN community standard and its use and leveraging of OMG’s SACM standard.

  • Reported: RAAML 1.0b1 — Thu, 29 Apr 2021 21:40 GMT
  • Updated: Wed, 15 Dec 2021 21:35 GMT

Issue/task tracking

  • Key: RAAML11-3
  • Status: open  
  • Source: KnowGravity Inc. ( Markus Schacher)
  • Summary:

    How is issue/task/responsibility tracking supported for an (unsatisfied) ISO 26262 safety case?

  • Reported: RAAML 1.0b1 — Sun, 25 Apr 2021 09:08 GMT
  • Updated: Wed, 15 Dec 2021 21:35 GMT