[FEATURE]: Add support for perspectives

[stevespringett]

Feature Request: Perspectives: Domain-Specific Views into CycloneDX Data

Summary

Introduce a perspectives construct that enables domain-specific audiences to define curated views into CycloneDX BOMs or API responses. Each perspective identifies relevant data types using JSONPath expressions and provides domain-specific terminology mappings, allowing diverse stakeholders to interpret CycloneDX data through their own conceptual lens.

Background and Motivation

This proposal originates from discussions within the Threat Modeling Working Group, where the concept of "perspectives" emerged as a means to provide different views into a blueprint or model. Different audiences have distinct concerns and use different terminology to describe the same underlying concepts. For example:

Audience	Sample Concerns
Application Security (AppSec)	Vulnerabilities, dependencies, code provenance, threat models
Operational Security (OpSec)	Runtime configurations, deployment topology, secrets management
Physical Security	Hardware components, device locations, tamper evidence
Cyber Security	Cryptographic assets, attack surfaces, threat models
AI/ML Engineers	Model lineage, training data, foundation models, bias considerations
Legal/Compliance	Patents, licensing, export controls, intellectual property

Furthermore, different domains use different terminology for equivalent CycloneDX concepts:

CycloneDX Concept	AI/ML Terminology	Security Terminology
pedigree.ancestors	Foundation model, Base model	Upstream source
modelCard	Model transparency report	—
formulation	Training pipeline	Build provenance

The perspectives feature proposes to address these challenges by:

1. Enabling domain experts to define which parts of a CycloneDX data are relevant to their discipline
2. Providing a mechanism to map CycloneDX terminology to domain-specific nomenclature
3. Supporting tooling that can present filtered, contextualised views of BOM data