owasp-amass
diff --git a/‎docs/open_asset_model/assets/account.md‎
Lines changed: 60 additions & 185 deletions b/‎docs/open_asset_model/assets/account.md‎
Lines changed: 60 additions & 185 deletions
diff --git a/‎docs/open_asset_model/assets/autonomous_system.md‎
Lines changed: 4 additions & 0 deletions b/‎docs/open_asset_model/assets/autonomous_system.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎docs/open_asset_model/assets/contact_record.md‎
Lines changed: 4 additions & 0 deletions b/‎docs/open_asset_model/assets/contact_record.md‎
Lines changed: 4 additions & 0 deletions
@@ -1,211 +1,86 @@
-# :simple-owasp: `Account`
+# :simple-owasp: Account
 
-The [`account.go`](https://github.com/owasp-amass/open-asset-model/blob/master/account/account.go) file defines the **Account asset** within the **Open Asset Model**. An **Account** represents a financial or entity-managed asset, such as a **bank account, online payment account, or corporate account**. The model allows accounts to establish structured relationships with **entities (individuals or organizations), funds transfers, and financial identifiers** such as **IBAN and SWIFT** codes.  
+The `Account` asset type in the [OWASP](https://owasp.org) [Open Asset Model](https://github.com/owasp-amass/open-asset-model) (OAM) represents a digital or financial account associated with an organization, user, or service. This may include cloud service accounts, financial accounts, email or user login handles, and other forms of identity-linked accounts that hold operational, monetary, or access significance.
 
-## Table of Contents
+Each `Account` asset includes structured metadata describing its identity and lifecycle:
 
-- [Overview](#overview)
-- [Account Structure](#account-structure)
-- [Attributes](#attributes)
-- [Implemented Interfaces and Methods](#implemented-interfaces-and-methods)
-- [Key()](#key)
-- [AssetType()](#assettype)
-- [JSON()](#json)
-- [Relationship with the Open Asset Model](#relationship-with-the-open-asset-model)
-- [Usage](#usage)
+- **ID** – A globally unique identifier for the account within the graph.
+- **Type** – The kind of account represented (e.g., `email`, `bank`, `cloud`, `user`, `subscription`).
+- **Username** – The login handle, screen name, or identifier tied to the account (e.g., `admin@corp.com`, `acme-billing`).
+- **Account Number** – An optional unique number assigned to the account (e.g., bank account or customer ID).
+- **Balance** – Optional numeric value representing a monetary balance or credit (used primarily for financial contexts).
+- **Active** – A boolean indicating whether the account is currently in use or retired.
 
----
-
-## **//** Overview
-
-The **Account asset** is an integral part of the **Open Asset Model**, designed to support:
-
-- **Financial & entity-managed accounts** (e.g., bank, corporate, or payment accounts).
-
-- **Multiple relationships** such as **entity ownership (Person/Organization)** and **fund transfers**.
-
-- **Standardized data structure** for integration with external financial and asset-tracking systems.
-
-The **`Account`** struct is designed with **JSON tags for serialization**, ensuring seamless integration with **APIs and structured storage systems**.
-
----
-
-## **//** Account Structure
-
-The **`Account`** struct defines key attributes necessary for financial asset representation.
-
-```go
-// Account represents an account managed by an organization.
-type Account struct {
-    ID       string  `json:"unique_id"`         // Unique identifier
-    Type     string  `json:"account_type"`      // Type of account (e.g., savings, checking)
-    Username string  `json:"username,omitempty"` // Optional username
-    Number   string  `json:"account_number,omitempty"` // Account number
-    Balance  float64 `json:"balance,omitempty"`  // Account balance
-    Active   bool    `json:"active,omitempty"`  // Status of the account
-}
-```
-
----
-
-**Attribute Breakdown**
-
-| **Field Name** | **Type**  | **JSON Tag**                 | **Description**                                                          |
-|----------------|-----------|------------------------------|--------------------------------------------------------------------------|
-| **`ID`**       | `string`  | `"unique_id"`                | **Unique identifier** for the account (used as the **asset key**)        |
-| **`Type`**     | `string`  | `"account_type"`             | Represents the **type of account** (e.g., savings, checking)             |
-| **`Username`** | `string`  | `"username,omitempty"`       | Optional **username** associated with the account                        |
-| **`Number`**   | `string`  | `"account_number,omitempty"` | Optional **account number** used as a secondary identifier               |
-| **`Balance`**  | `float64` | `"balance,omitempty"`        | Represents the **current balance** of the account                        |
-| **`Active`**   | `bool`    | `"active,omitempty"`         | Indicates whether the **account is active**                              |
-
----
-
-!!! info " omitempty "
-    The `omitempty` option in the JSON tags ensures that if a field is empty or its default value, it will be omitted from JSON serialization. This helps keep the data streamlined.
-
----
-
-## **//** Implemented Interfaces and Methods
-
-The **`Account` struct** implements the **Asset interface**, ensuring consistency across the **Open Asset Model**.
-
-### `Key()`
-
-- **Purpose:**  
-  Returns a unique key (identifier) for the asset. This key is fundamental for distinguishing between different assets.
-
-- **Implementation:**
-
-  ```go
-  // Key implements the Asset interface.
-  func (a Account) Key() string { 
-      return a.ID 
-  }
-  ```
-  **Usage:** 
-
-  -  Used to **uniquely identify** the account.
+- **Definition:** *An identity-linked asset that represents a digital, user, or financial account used to access or control resources across infrastructure or service environments.*
 
-  - Serves as the **primary key** for asset indexing and retrieval.
+- **Purpose:** The Account asset plays a vital role in representing non-infrastructure access points—especially those tied to identity, privilege, and control.
 
----
-
-### `AssetType()`
-
-- **Purpose:**  
-  Returns the specific type of the asset within the **Open Asset Model**.
-
-- **Implementation:**
+Key use cases include:
 
-  ```go
-  // AssetType implements the Asset interface.
-  func (a Account) AssetType() model.AssetType { 
-      return model.Account 
-  }
-  ```
-  **Usage:** 
+- **Credential Discovery** – Modeling usernames or accounts found in source code, breach data, or service responses.
+- **Privilege Mapping** – Associating accounts with specific services or roles in cloud or SaaS environments.
+- **Exposure Attribution** – Tracing exposed keys, billing accounts, or cloud identities back to organizations.
+- **Operational Monitoring** – Tracking stale or inactive accounts that may indicate shadow IT or abandoned assets.
+- **Financial Context** – Enriching infrastructure or access graphs with business-relevant metadata like balances or customer IDs.
 
-  - Allows systems to **categorize the asset** as an **`Account`**.  
+As modern infrastructure increasingly relies on cloud identities, tokens, and user-managed accounts, this asset type ensures these components are treated with the same rigor and visibility as traditional network assets.
 
-  - Ensures **type consistency** when processing different asset categories.
+- **Design Choice:** The design of the Account asset type is intentionally minimal, yet extensible:
 
----
-
-### `JSON()`
+- **Type-Driven Classification** – The account_type field enables generalized modeling (e.g., cloud, user, bank) while allowing tooling to define additional specificity as needed.
+- **Dual-Use Fields** – By including both username and account_number, the model supports both identity-driven and numerically indexed account types (e.g., login-based vs. customer-ID-based).
+- **Support for Financial Metadata** – The balance field anticipates modeling of assets where monetary value or usage limits play a role (e.g., billing accounts or quota-based services).
+- **Lifecycle Awareness** – The active boolean enables visibility into the operational state of the account, useful for spotting dormant, disabled, or legacy identities.
 
-- **Purpose:**  
-  Serializes the **`Account`** struct into **JSON format** for **data exchange and storage**. 
+This flexible schema supports ingestion from diverse data sources including cloud control planes, threat intelligence feeds, credential scanning tools, and financial systems, making the Account a powerful linking node between people, services, and infrastructure.
 
-- **Implementation:**
+Modeling accounts as first-class assets enables reasoning about identity exposure, credential misuse, service abuse, and privilege relationships. Whether discovered via configuration files, leaked credentials, service enumeration, or third-party intelligence, `Account` assets play a key role in mapping the operational footprint and associated risks of an organization.
 
-  ```go
-  // JSON implements the Asset interface.
-  func (a Account) JSON() ([]byte, error) { 
-      return json.Marshal(a) 
-  }
-  ```
+Account assets can be linked to services, users, or organizations through relations, enabling workflows such as credential exposure detection, service-to-user mapping, or analysis of abandoned or inactive accounts across cloud providers or infrastructure environments.
 
-  **Usage:** 
+## :material-account: Account Attributes
 
-  - Converts the asset into **JSON format** for **APIs, databases, and logging**.
+| Attributes            | Type        | Required.    | Description.   |
+| :-------------------: | :---------: | :----------: | :------------- |
+| `unique_id`           | string      | :material-check-decagram: | Unique identifier for the account within the model |
+| `account_type`        | string      | :material-check-decagram: | Classification of the account (e.g., `cloud`, `bank`, `user`) |
+| `username`            | string      | :material-checkbox-blank-circle-outline: | Login name, email, or screen name associated with the account |
+| `account_number`      | string      | :material-checkbox-blank-circle-outline: | Optional numeric or alphanumeric account ID (e.g., `acct-1234`) |
+| `balance`             | float       | :material-checkbox-blank-circle-outline: | Optional financial or credit balance |
+| `active`              | boolean     | :material-checkbox-blank-circle-outline: | Whether the account is currently active |
 
-  - Enables **data transmission** across services.
-
----
+## :material-account: Account Properties
 
-## **//** Relationship with the Open Asset Model
-
-The **Open Asset Model** provides a standardized approach to handling digital and physical assets. The **`Account`** asset is a critical component and supports:
-
-- **User Entities**: Representing **Persons or Organizations** that own the account.
-
-- **Funds Transfers**: Tracking **financial transactions** between accounts.
-
-- **Banking Identifiers**: Supporting **IBAN and SWIFT codes** for financial integration.
-
-By adhering to these relationships, the **`Account model`** ensures structured data exchange between **security, financial, and asset management systems**.
-
----
+| Property Type       | Property Name       | Description   |
+| :-----------------: | :-----------------: | :------------ |
+| [`SimpleProperty`](../properties/simple_property.md) | `last_monitored` | Tracks when a data source was last queried regarding this Account |
+| [`SourceProperty`](../properties/source_property.md) | Source Plugin Name | Indicates that the specified data source discovered this Account |
 
-## **//** Usage
+## :material-account: Account Outgoing Relations
 
-The **Open Asset Model** provides structured asset management for accounts. 
+```mermaid
+graph TD
+acct["Account"]
+ident["Identifier"]
+idRel@{ shape: braces, label: "id"}
+acct --o idRel
+idRel --> ident
 
-Below is an example demonstrating how to:
-
-- **Retrieve account details**.
-
-- **Serialize an account to JSON**.
-
-```go
-package main
-
-import (
-    "encoding/json"
-    "fmt"
-    "github.com/owasp-amass/open-asset-model/account"
-)
-
-func main() {
-    // Define an example account asset
-    acc := account.Account{
-        ID:       "acc-12345",
-        Type:     "Savings",
-        Username: "johndoe",
-        Number:   "987654321",
-        Balance:  1500.75,
-        Active:   true,
-    }
-
-    // Serialize the account to JSON
-    jsonData, err := acc.JSON()
-    if err != nil {
-        fmt.Println("Error serializing account to JSON:", err)
-        return
-    }
-
-    fmt.Printf("Account Type: %s\n", acc.Type)
-    fmt.Printf("Serialized JSON: %s\n", string(jsonData))
-}
+org["Organization"]
+person["Person]
+user@{ shape: braces, label: "user"}
+acct --o user
+user --> org
+user --> persom
 ```
 
 ---
 
-## **//** Summary
+| Relation Type       | Relation Label     | Target Assets     | Description   |
+| :-----------------: | :----------------: | :---------------: | :------------ |
+| [`SimpleRelation`](../relations/simple_relation.md) | `id`   | [`Identifier`](./identifier.md) | Links the account to other discovered identifiers |
+| [`SimpleRelation`](../relations/simple_relation.md) | `user` | [`Organization`](./organization.md), [`Person`](./person.md) | Links the account to known users that have access |
 
-The **`account.go`** file is a fundamental part of the **Open Asset Model**, ensuring structured and standardized management of **financial and user-managed accounts**. 
-
-Key takeaways:
-
-- **Defines an `Account` struct** that represents various financial accounts.
-
-- **Implements the Asset interface** to ensure consistency.
-
-- Supports relationships with **user entities, financial transactions, and banking identifiers**.
-
-- Provides **JSON serialization** for easy data exchange.
-
-By following this structured approach, **contributors** can extend account functionality, while **users** can efficiently manage financial assets in their security and asset intelligence workflows.
+---
 
----
+*© 2025 Jeff Foley — Licensed under Apache 2.0.*
@@ -45,3 +45,7 @@ regrel --> autnum
 | :-----------------: | :----------------: | :--------------: | :------------ |
 | [`SimpleRelation`](../relations/simple_relation.md) | `announces` | [`Netblock`](./netblock.md) | Links an IPAddress to its DNS name used in PTR records |
 | [`SimpleRelation`](../relations/simple_relation.md) | `registration` | [`AutnumRecord`](./autnum_record.md) | Links a ASN to its associated registration data |
+
+---
+
+*© 2025 Jeff Foley — Licensed under Apache 2.0.*
@@ -62,3 +62,7 @@ simple6 --> url
 | [`SimpleRelation`](../relations/simple_relation.md) | `person` | [`Person`](#person) | Represents a person's name discovered with the contact information |
 | [`SimpleRelation`](../relations/simple_relation.md) | `phone` | [`Phone`](#phone) | Represents a phone number in the contact information |
 | [`SimpleRelation`](../relations/simple_relation.md) | `url` | [`URL`](#url) | Represents an URL discovered in the contact information |
+
+---
+
+*© 2025 Jeff Foley — Licensed under Apache 2.0.*