Create submission process

[dturnerx]

Define the process for submissions from internal and external parties. Including legal agreement(s), review, and approval.

[GeofCooper]

Here is my idea, based on our discussions:

• Submissions are performed by creating a pull request
• Pull requests are publicly visible
• Submissions from FIDO itself (fdo.*) might be discussed privately before they are put into a pull request, on a case-by-case basis
• Submissions from everyone else are stored in a space for the submitter's organization (e.g., org.xyz.*). Domain name ownership is used to determine who gets to edit these submissions
• All submissions are published as owned by FIDO. A FIDO copyright permits using them with attribute and copying them in whole or part. However, a given submission may only be edited by the organization that submitted it.

Submissions from all organizations are vetted to ensure the correct syntax and lack of malicious intent (e.g., creating a vulnerability in the FDO protocol). This is intended to be a "fast path" process. If they are intended for the company URL, they are then published. We need a legend that causes submissions to allow FIDO to publish using this fast path.

FDO.* submissions are FIDO output, and are published by the IOT TWG. The intent is that these are a carefully chosen base subset of FSIM's for general use.

A FIDO.* space might exist for less formal submissions.