Today, we have object types:

• Element
• Server
• Client
• Process
• Asset
• Lambda

It seems that a Server, Client, and Lambda are all specializations of Process or Asset, and really represent the "role" of each; role is really determined by the specific use - a server is the sink for a dataflow, the source is a client. But when describing an object, until the dataflows are determined, why force users to know ahead of time which one they need? Also, a client or server may be a server or a client, based on other data flows...

An alternative suggestion: create a generic "node" (Asset may be the right object already available), and allow assignment of properties that are generic. If roles are needed, assigning a role may add attributes specific to the role(s) added at runtime.
This approach helps with constructing models based on less-than-perfect knowledge of the system.

Fully agree! I still have a hard time telling how Process and Server are different...

I still have a hard time telling how Process and Server are different...

Same. I have a collection of microservice applications where the element is both a Server and a Process. I created ServerProcess class in the model py file to get both annotation sets/threat eval.

I agree. I have an excel document with sheets for each object type and its annotations. I started going thru all annotations and capturing notes for things I'd like to move, rename, or need clarification on. I have work I would like to do on the threat lib but I want to get a handle on the model first.