diff --git a/README.md b/README.md index 4841e272..462885f6 100644 --- a/README.md +++ b/README.md @@ -75,6 +75,7 @@ The following Technical Initiatives have been approved by the TAC. You may learn | gittuf | https://github.com/gittuf/gittuf | TBD | Supply Chain Integrity WG | [Sandbox](process/project-lifecycle-documents/gittuf_sandbox_stage.md) | | OpenVEX | https://github.com/openvex | [Meeting Notes](https://docs.google.com/document/d/1C-L0JDx5O35TjXb6dcyL6ioc5xWUCkdR5kEbZ1uVQto/edit) | Vulnerability Disclosures WG | [Sandbox](process/project-lifecycle-documents/openvex_for_sandbox_stage.md) | | OSV Schema | https://github.com/ossf/osv-schema | [Meeting Notes](https://docs.google.com/document/d/1jzqhW9SK9QRA39fQz0RiAkvpRWB0xztt1TAFJEseTlA/edit?usp=sharing) | Vulnerability Disclosures WG | TBD | +| Model signing | TBD (to be created) | [Meeting Notes](https://docs.google.com/document/d/18oAsfhfKJurH-YTUFe520CAZS3lkORX1WnZmBv4Llkc/edit) | AI/ML Security WG | [Sandbox](process/project-lifecycle-documents/model_signing_sandbox_stage.md) | | Package Analysis | https://github.com/ossf/package-analysis | [Meeting Notes](https://docs.google.com/document/d/1GFslP6elYCx27TUitdigDr1gsOItYkL0Vq7hTB9y4Lo/edit) | Securing Critical Projects WG | TBD | | Package Feeds | https://github.com/ossf/package-feeds | [Meeting Notes](https://docs.google.com/document/d/1GFslP6elYCx27TUitdigDr1gsOItYkL0Vq7hTB9y4Lo/edit) | Securing Critical Projects WG | TBD | | Protobom | http://github.com/bom-squad/protobom | [Meeting Notes](https://docs.google.com/document/d/1bz2BBImzSnLRiBLrA5GehQ0ckW3Vs7Gmtt8R-Olm0QY/edit) | Security Tooling WG | [Sandbox](process/project-lifecycle-documents/protobom_sandbox_stage.md) | diff --git a/process/project-lifecycle-documents/model_signing_sandbox_stage.md b/process/project-lifecycle-documents/model_signing_sandbox_stage.md new file mode 100644 index 00000000..b7b560b7 --- /dev/null +++ b/process/project-lifecycle-documents/model_signing_sandbox_stage.md @@ -0,0 +1,97 @@ +## Application for creating a new project at Sandbox stage + +### List of project maintainers + +The project has 4 maintainers from 3 different organizations: + +* Laurent Simon, Google, @laurentsimon +* Daniel Major, NVidia, +* Eoin Wickens, HiddenLayer, @EWickens +* Mihai Maruseac, Google, @mihaimaruseac + +### Mission of the project + +The project must be aligned with the OpenSSF mission and either be a novel +approach for existing areas, address an unfulfilled need, or be initial code +needed for OpenSSF WG work. It is preferred that extensions of existing OpenSSF +projects collaborate with the existing project rather than seek a new project. + +> Create a cryptographic signing specification for artificial intelligence and +> machine learning models, addressing challenges such as very large models that +> can be used separately, and the signing of multiple disparate file formats +> held within a directory. This specification may have wider applicability to +> signing directories of multiple arbitrary file formats. This specification may +> later be proposed as a formal standard. + +#### Specific Goals Include: + +* Develop standards for efficient hashing of large models +* Develop standards for efficient verification of models that contain multiple + formats in the same place +* Develop standards for efficient verification of models at inference time. + +To achieve these goals, we work on developing +https://github.com/sigstore/model-transparency library as an OSS standard for ML +models signing and verification. The aim of this project is to guide the +`model-transparency` development and help in standardizing hashing, +verification, and deployment (e.g., model signature format). + +#### Non-Goals Include: + +* Developing a new model format +* Handling security of ML outputs + +### OpenSSF Mission Alignment + +We believe our mission aligns with the OpenSSF mission in the following ways: + +> make it easier to sustainably secure the development, maintenance, and +> consumption of the open source software + +The model signing project aims to reduce the complexity of signing and verifying +the integrity of models, making it easier to be adopted by the industry at +large. + +> fostering collaboration + +The library is developed by a cohort of independent companies working together +to solve common problems. The goal is to integrate the library with most tools +that ML practitioners use, to uplift the entire ecosystem. + +> establishing best practices + +The model signing library must be strongly tested. It should define standards +for efficiently hashing and verifying integrity of models. + +### AI/ML Security WG Alignment + +This project started in parallel with the AI/ML Security WG. During one meeting +of the WG, it was decided to spin up a SIG for model signing +(https://github.com/ossf/ai-ml-security/issues/10). Since the output of this SIG +is in code for this library and associated standards and specs, we need to make +this a project. + +### IP policy and licensing due diligence + +When contributing an existing Project to the OpenSSF, the contribution must +undergo license and IP due diligence by the Linux Foundation (LF). + +* Yes: + * Library code under + [`model_transparency`](https://github.com/sigstore/model-transparency) is + part of Sigstore, which is already an OpenSSF (thus, LF) member + * Standardization work, etc. will occur under a new repository to be created + under OpenSSF + +### Project References + +The project should provide a list of existing resources with links to the repository, and if available, website, a roadmap, contributing guide, demos and walkthroughs, and any other material to showcase the existing breadth, maturity, and direction of the project. + +| Reference | URL | +|--------------------|-----| +| Main Repository | TODO | +| Contributing guide | TODO | +| Security.md | TODO | +| Roadmap | TODO | +| Demos | TODO | +| Other | TODO |