Canonicalisation Committee

From SPDX Wiki
Jump to: navigation, search

The Canonicalisation Committee is a group within SPDX dedicated to creating a canonical serialisation format for the upcoming SPDX 3.0 specification, enabling SPDX data to be shared and combined whilst ensuring data integrity.

There are several key opportunities for SPDX 3.0: the ability to verify the integrity of individual Elements independent of a containing document, multiple equivalent serialisation formats capable of round-trip conversion, and a clearly demarcated split between SPDX's information model and data models.

All of these opportunities hinge on having a canonical serialisation format: a representation of SPDX data that is never ambiguous and is unaffected by stylistic or platform-specific concerns. As such, the SPDX Canonicalisation Committee will be dedicated to:

  • Writing a specification for a canonical serialisation format for SPDX 3.0 data.
  • Determining processes for Element-level integrity and signing.
  • Making recommendations to the SPDX Tech Team about potential ambiguities found in the information model that might inhibit canonicalisation.

The Canonicalisation Committee's discussions are currently held on the SPDX Tech Team mailing list (send an email to to subscribe).