I wonder if we need to define an Individual CreationInfo and an Individual Organization (to be used in the required creator field of CreationInfo to be referenced in the Individuals which are of types subclassed from Element.

We could. Maybe something along this line?, with mandatory properties.

SpdxCreationInfoV3_0

• created: 2024-09-13T00:00:00Z
• createdBy: https://spdx.dev
• specVersion: 3.0.1

SpdxOrganization

• spdxId: https://spdx.dev

Not sure if we need to keep the name of SpdxCreationInfo individual unique across different versions; but as we have the specVersion inside it, we may need something in the name to differentiate it? This is not my area of expertise.

This issue will also appear on every predefined Individual -- namely, all licenses and exceptions defined in the License List.

I am OK with defining an Individual Organization for SPDX (with spdxId https://spdx.org) and re-using it for creator in all of these.

But I don't think we should define (in the model, I mean) a special CreationInfo instance. It's not even an Element. Of course the generated serialization of the Individuals will use something, but there is no need to have it specified anywhere (as long as there is one).

I have tested pyshacl with this hand-edited spdx-model.ttl.txt and looks like it works (tested with spdx-spec/examples/jsonld/package_sbom.json).

SpdxOrganization is defined and used in creationInfo of those four individuals.

spdx-c:SpdxOrganization a owl:NamedIndividual,
        spdx-c:Organization ;
    spdx-c:spdxId "https://spdx.dev/" ;
    rdfs:comment "(notes saying that this is for internal use)"@en ;
    spdx-c:creationInfo [
        rdf:type spdx-c:CreationInfo ;
        spdx-c:created "2024-09-13T00:00:00Z"^^xsd:dateTimeStamp ;
        spdx-c:createdBy spdx-c:SpdxOrganization ;
        spdx-c:specVersion "3.0.1"^^xsd:string ;
    ] .

spdx-c:NoneElement a owl:NamedIndividual,
        spdx-c:Element ;
    rdfs:comment """An Individual Value for Element representing a set of
Elements with cardinality (number/count) of zero."""@en ;
    spdx-c:name: "NONE" ;
    spdx-c:creationInfo [
        rdf:type spdx-c:CreationInfo ;
        spdx-c:created "2024-09-13T00:00:00Z"^^xsd:dateTimeStamp ;
        spdx-c:createdBy spdx-c:SpdxOrganization ;
        spdx-c:specVersion "3.0.1"^^xsd:string ;
    ] .

Schema generated (by shacl2code) from that ttl: schema.json.txt

PR #154 proposes to add the above information to RDF.

I have tested pyshacl with this hand-edited spdx-model.ttl.txt and looks like it works (tested with spdx-spec/examples/jsonld/package_sbom.json).

SpdxOrganization is defined and used in creationInfo of those four individuals.

spdx-c:SpdxOrganization a owl:NamedIndividual,
        spdx-c:Organization ;
    spdx-c:spdxId "https://spdx.dev/" ;
    rdfs:comment "(notes saying that this is for internal use)"@en ;
    spdx-c:creationInfo [
        rdf:type spdx-c:CreationInfo ;
        spdx-c:created "2024-09-13T00:00:00Z"^^xsd:dateTimeStamp ;
        spdx-c:createdBy spdx-c:SpdxOrganization ;
        spdx-c:specVersion "3.0.1"^^xsd:string ;
    ] .

spdx-c:NoneElement a owl:NamedIndividual,
        spdx-c:Element ;
    rdfs:comment """An Individual Value for Element representing a set of
Elements with cardinality (number/count) of zero."""@en ;
    spdx-c:name: "NONE" ;
    spdx-c:creationInfo [
        rdf:type spdx-c:CreationInfo ;
        spdx-c:created "2024-09-13T00:00:00Z"^^xsd:dateTimeStamp ;
        spdx-c:createdBy spdx-c:SpdxOrganization ;
        spdx-c:specVersion "3.0.1"^^xsd:string ;
    ] .

Schema generated (by shacl2code) from that ttl: schema.json.txt

This solution approach makes sense.

Defining an SPDXOrganization individual (of type Organization) to be used as the 'createdBy' for all predefined named individuals in the SPDX spec/ontology makes sense.
Each predefined named individual will need to have a creationInfo property and associated object structure. ALL such predefined named individuals specified in SPDX now and going forward would consistently use the new SPDXOrganization individual for 'createdBy' and the 'created' and 'specVersion' properties would need to be asserted as appropriate at the time of specification publication. In other words, the content for NoneElement above would work for that individual in SDPX 3.0.1 but if it was modified in a future SPDX release its 'created' and 'specVersion' properties values would need updated. Similarly, if any new predefined named individuals are added in future versions they would need 'created' and 'specVersion' properties values appropriate to the release version and date of publication for that release.

Note: SpdxOrganization will be created by spdx/spdx-3-model#880