Subject: Re: [sarif] project editor's meeting
The simpler, the better. The conformance clause for the entire C programming language standard is only eight paragraphs long, and they are short paragraphs.
First, think about who or what must conform. Depending on how you want to approach it, it may be sufficient to specify conformance for a file in SARIF format.
If you decide to specify conformance for a SARIF producer and consumer as well, these can just depend on the conformance clause for a file in SARIF format. A conforming producer would have to produce conforming SARIF files, and a conforming consumer would have to consume any valid SARIF file even if it includes optional features that the consumer does not use.
Second, think about what it means to conform. A conforming SARIF file could just be a file that satisfies the requirements in the other normative clauses of the standard.
Now that you see how simple it can be, the OASIS guidelines are a good source of advice on the details and should not scare you away.