SPDX crypto algorithms list group charter

[toscalix]

SPDX Crypto Algorithms List Charter

Introduction

The SPDX Crypto Algorithms List working group was formed to create and maintain a standardized, community-curated list of cryptographic algorithms, following the successful model of the SPDX License List. This list provides a shared, unambiguous vocabulary for identifying and referencing cryptographic algorithms in Software Bill of Materials (SBOMs), SPDX documents, and related tooling.

Vision

To enable greater software transparency, auditability, and compliance by establishing a trusted, openly governed standardized registry of cryptographic algorithms for global reuse.

Mission

The SPDX Cryptographic Algorithms List working group develops and maintains a high-quality, comprehensive, machine-readable, and SPDX-aligned registry of cryptographic algorithms that can be reliably referenced across tooling, SBOMs, policies, and standards. We provide the software community with standardized identifiers and metadata essential for cryptographic declaration, inventory, compliance, and security analysis.

Strategic Goal

The SPDX Crypto Algorithms List group aims to build and maintain a canonical list of cryptographic algorithms using widely accepted identifiers and metadata. The group supports the SPDX project by aligning the list’s format and structure with current and future SPDX specifications; fostering collaboration and interoperability with existing standards bodies and open source communities; and promoting adoption of the list and its identifiers across the software ecosystem.

Get Involved

The SPDX Crypto Algorithms List working group operates under the SPDX project's open governance and contribution principles, encouraging broad participation. We welcome all contributors, especially individuals and organizations with interest or expertise in cryptography, software transparency, SBOM tooling, licensing, and open standards.

Join our regular meetings, contribute to our GitHub repository at https://github.com/spdx/crypto-algorithms, or connect with us through the SPDX community channels. Whether you bring deep cryptographic expertise, practical implementation experience, or user perspective, your contribution helps build the foundation for higher levels of transparency in software supply chains.

[toscalix]

Approved during the meeting on 2025-07-02. Next step is to consolidate it as readme

[toscalix]

After careful review, I changed Working Group by Team, given that this team is not formally a Working Group, as far as I know.

"

SPDX Cryptographic Algorithms List (Criptography) Team Charter

Introduction

The SPDX Cryptographic (Crypto) Algorithms List Team was formed to create and maintain a standardized, community-curated list of cryptographic algorithms, following the successful model of the SPDX License List. This list provides a shared, unambiguous vocabulary for identifying and referencing cryptographic algorithms in Software Bill of Materials (SBOMs), SPDX documents, and related tooling.

Vision

To enable greater software transparency, auditability, and compliance by establishing a trusted, openly governed, standardized registry of cryptographic algorithms for global reuse.

Mission

The SPDX Cryptographic Algorithms List Team develops and maintains a high-quality, comprehensive, machine-readable, and SPDX-aligned registry of cryptographic algorithms that can be reliably referenced across tooling, SBOMs, policies, and standards. We provide the software and cryptography communities with standardized identifiers and metadata, essential for cryptographic declaration, inventory, compliance, and security analysis.

Strategic Goal

The SPDX Crypto Algorithms List Team aims to build and maintain a canonical list of cryptographic algorithms using widely accepted identifiers and metadata. The team supports the SPDX project by aligning the list’s format and structure with current and future SPDX specifications; fostering collaboration and interoperability with existing standards bodies and open source communities; and promoting adoption of the list and its identifiers across the software ecosystem.

Get Involved

The SPDX Crypto Algorithms List Team operates under the SPDX project's open governance and contribution principles, encouraging broad participation. We welcome all contributors, especially individuals and organizations with interest or expertise in cryptography, software transparency, SBOM tooling, licensing, and open standards.

Join our regular meetings, contribute to our GitHub repository at https://github.com/spdx/crypto-algorithms, or connect with us through the SPDX community channels. Whether you bring deep cryptographic expertise, practical implementation experience, or user perspective, your contribution helps build the foundation for higher levels of transparency in software supply chains."

[zvr]

@toscalix I'm not sure what this is about and where this is going to be available, but a couple of comments:

• SPDX works with "Groups". "Teams" is special, as there are only three (Tech, Legal, Outreach), defined in the Governance documents.
• In general, there are no such "Charters" published for any of the Groups -- probably because people have not seen the need and names like "Hardware Group" are enough to convey the meaning.
• Finally big-picture things like "Mission" and "Strategic Goals" are defined in the Governance documents and decided by the SPDX Project Steering Committee.

[toscalix]

SPDX works with "Groups". "Teams" is special, as there are only three (Tech, Legal, Outreach), defined in the Governance documents.

Changed "team" by "Group"

In general, there are no such "Charters" published for any of the Groups -- probably because people have not seen the need and names like "Hardware Group" are enough to convey the meaning.

The need we detected is that we need to attract professionals with cryptography background and a charter would clarify the scope of the Group for those unfamiliar with SPDX and the license list. The intention is to check if it works during OSS EU 2025.

The idea of the charter was brought up as response to a request from Victor Lu during the meeting 2025-06-25

Finally big-picture things like "Mission" and "Strategic Goals" are defined in the Governance documents and decided by the SPDX Project Steering Committee.

• Removed the mission and vision section.
• Changed "Strategic Goal" by "Goal"
• Added link to SPDX License List for context
• Added link to SPDX Overview web page for context
• Added link to general mailing list

The idea is to add this charter as .md file at the repo before OSS EU

SPDX Cryptographic Algorithms List (Cryptography) Group Charter

Introduction

The SPDX Cryptographic (Crypto) Algorithms List Group was formed to create and maintain a standardized, community-curated list of cryptographic algorithms, following the successful model of the SPDX License List. This list provides a shared, unambiguous vocabulary for identifying and referencing cryptographic algorithms in Software Bill of Materials (SBOMs), SPDX documents, and related tooling.

Goal

The SPDX Crypto Algorithms List Group aims to build and maintain a canonical list of cryptographic algorithms using widely accepted identifiers and metadata. The Group supports the SPDX project by aligning the list’s format and structure with current and future SPDX specifications; fostering collaboration and interoperability with existing standards bodies and open source communities; and promoting adoption of the list and its identifiers across the software ecosystem.

Get Involved

The SPDX Crypto Algorithms List Group operates under the SPDX project's open governance and contribution principles, encouraging broad participation. We welcome all contributors, especially individuals and organizations with interest or expertise in cryptography, software transparency, SBOM tooling, licensing, and open standards.

Join our regular meetings, contribute to our GitHub repository at https://github.com/spdx/crypto-algorithms, or connect with us through the SPDX community channels. Whether you bring deep cryptographic expertise, practical implementation experience, or user perspective, your contribution helps build the foundation for higher levels of transparency in software supply chains."

[toscalix]

We added some of this text to the README.md file