Subject: Defining a "result management system" conformance profile
The fingerprint-related issues #122 and #126 impose normative requirements on how a result management system computes fingerprints (for example, it SHALL NOT include a non-deterministic absolute URI in its computation). Therefore we need a result management system conformance profile to say that a conformant result management system is one that satisfies those requirements.
I don’t think this is controversial, but just for tracking purposes I filed the CSD.1 issue #154, “Define a ‘result management system’ conformance profile.” I’ll include it in the same change draft as the fingerprint issues.
It’s as easy as this:
Conformance Clause 10: Result management system
A result management system satisfies the “result management system” conformance profile if:
· It satisfies the “SARIF consumer” conformance profile.
· It additionally satisfies the normative requirements in §3 and Appendix B (“Use of fingerprints by result management systems”) that are designated as applying to result management systems.
Appendix B will now be Normative instead of Informative because it contains the fingerprint computation requirements.