Address Licensing/ToS

[brian-comply0]

Description

As an adopter of the OSCAL REST OpenAPI Specification I need some assurance that this specification will remain open sourced following my adoption of it, so that I can invest in creating an implementation without losing the right to continue using the standard in the future.

Acceptance Criteria

• [ ] An appropriate license has been selected.
• [ ] Terms of Service has been discussed
• [ ] The OpenAPI specification file includes license information in the info section
• [ ] If a ToS is needed, the OpenAPI specification file includes TOS information in the info section

Additional Notes

The following key considerations should also be addressed:

• we need to assure adopters that the spec will remain free and open after they invest time/resources in adopting (perpetual?)
• adopters should have to follow the spec strictly to claim compliance (not typically covered in licensing terms, but would be great if we found a way to ensure this)
• orgs who modify the spec on their own shouldn't be able to claim its a new version of the spec (companies should be able to create a variation that gives them a competitive advantage, and then push it on others)
• adopters shouldn't have to worry about copyright attribution