From 803e00d59273d3e27320ab0566f695a3bf19bc73 Mon Sep 17 00:00:00 2001
From: Mihai Maruseac <mihaimaruseac@google.com>
Date: Thu, 20 Jun 2024 13:52:34 -0700
Subject: [PATCH] Create sandbox project for the model signing work

We have a working group that meets for model signing work, as part of
https://github.com/ossf/ai-ml-security/issues/10. Since this working
group helps in developing https://github.com/sigstore/model-transparency
and building standards around it, it needs to be officially a project,
not a WG.

We add the project at a sandbox stage.

Please note that there are 2 repos invovled here:

- https://github.com/sigstore/model-transparency which will be owned by
  Sigstore and is just the implementation work for the library for model
  signing
- a new repository to be created under https://github.com/ossf to
  represent standard documents, as outputs of this project

These two repositories should work in unison to achieve a common goal.

Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
---
 README.md                                     |  1 +
 .../model_signing_sandbox_stage.md            | 97 +++++++++++++++++++
 2 files changed, 98 insertions(+)
 create mode 100644 process/project-lifecycle-documents/model_signing_sandbox_stage.md

diff --git a/README.md b/README.md
index 4841e272..462885f6 100644
--- a/README.md
+++ b/README.md
@@ -75,6 +75,7 @@ The following Technical Initiatives have been approved by the TAC. You may learn
 | gittuf | https://github.com/gittuf/gittuf | TBD | Supply Chain Integrity WG | [Sandbox](process/project-lifecycle-documents/gittuf_sandbox_stage.md) |
 | OpenVEX | https://github.com/openvex | [Meeting Notes](https://docs.google.com/document/d/1C-L0JDx5O35TjXb6dcyL6ioc5xWUCkdR5kEbZ1uVQto/edit) | Vulnerability Disclosures WG | [Sandbox](process/project-lifecycle-documents/openvex_for_sandbox_stage.md) |
 | OSV Schema             | https://github.com/ossf/osv-schema               | [Meeting Notes](https://docs.google.com/document/d/1jzqhW9SK9QRA39fQz0RiAkvpRWB0xztt1TAFJEseTlA/edit?usp=sharing) | Vulnerability Disclosures WG   | TBD        |
+| Model signing          | TBD (to be created) | [Meeting Notes](https://docs.google.com/document/d/18oAsfhfKJurH-YTUFe520CAZS3lkORX1WnZmBv4Llkc/edit)  | AI/ML Security WG | [Sandbox](process/project-lifecycle-documents/model_signing_sandbox_stage.md) |
 | Package Analysis       | https://github.com/ossf/package-analysis         | [Meeting Notes](https://docs.google.com/document/d/1GFslP6elYCx27TUitdigDr1gsOItYkL0Vq7hTB9y4Lo/edit) | Securing Critical Projects WG   | TBD        |
 | Package Feeds          | https://github.com/ossf/package-feeds            | [Meeting Notes](https://docs.google.com/document/d/1GFslP6elYCx27TUitdigDr1gsOItYkL0Vq7hTB9y4Lo/edit) | Securing Critical Projects WG   | TBD        |
 | Protobom | http://github.com/bom-squad/protobom | [Meeting Notes](https://docs.google.com/document/d/1bz2BBImzSnLRiBLrA5GehQ0ckW3Vs7Gmtt8R-Olm0QY/edit)  | Security Tooling WG | [Sandbox](process/project-lifecycle-documents/protobom_sandbox_stage.md) |
diff --git a/process/project-lifecycle-documents/model_signing_sandbox_stage.md b/process/project-lifecycle-documents/model_signing_sandbox_stage.md
new file mode 100644
index 00000000..b7b560b7
--- /dev/null
+++ b/process/project-lifecycle-documents/model_signing_sandbox_stage.md
@@ -0,0 +1,97 @@
+## Application for creating a new project at Sandbox stage
+
+### List of project maintainers
+
+The project has 4 maintainers from 3 different organizations:
+
+*  Laurent Simon, Google, @laurentsimon
+*  Daniel Major, NVidia,
+*  Eoin Wickens, HiddenLayer, @EWickens
+*  Mihai Maruseac, Google, @mihaimaruseac
+
+### Mission of the project
+
+The project must be aligned with the OpenSSF mission and either be a novel
+approach for existing areas, address an unfulfilled need, or be initial code
+needed for OpenSSF WG work. It is preferred that extensions of existing OpenSSF
+projects collaborate with the existing project rather than seek a new project.
+
+> Create a cryptographic signing specification for artificial intelligence and
+> machine learning models, addressing challenges such as very large models that
+> can be used separately, and the signing of multiple disparate file formats
+> held within a directory. This specification may have wider applicability to
+> signing directories of multiple arbitrary file formats. This specification may
+> later be proposed as a formal standard.
+
+#### Specific Goals Include:
+
+* Develop standards for efficient hashing of large models
+* Develop standards for efficient verification of models that contain multiple
+  formats in the same place
+* Develop standards for efficient verification of models at inference time.
+
+To achieve these goals, we work on developing
+https://github.com/sigstore/model-transparency library as an OSS standard for ML
+models signing and verification. The aim of this project is to guide the
+`model-transparency` development and help in standardizing hashing,
+verification, and deployment (e.g., model signature format).
+
+#### Non-Goals Include:
+
+* Developing a new model format
+* Handling security of ML outputs
+
+### OpenSSF Mission Alignment
+
+We believe our mission aligns with the OpenSSF mission in the following ways:
+
+> make it easier to sustainably secure the development, maintenance, and
+> consumption of the open source software
+
+The model signing project aims to reduce the complexity of signing and verifying
+the integrity of models, making it easier to be adopted by the industry at
+large.
+
+> fostering collaboration
+
+The library is developed by a cohort of independent companies working together
+to solve common problems. The goal is to integrate the library with most tools
+that ML practitioners use, to uplift the entire ecosystem.
+
+> establishing best practices
+
+The model signing library must be strongly tested. It should define standards
+for efficiently hashing and verifying integrity of models.
+
+### AI/ML Security WG Alignment
+
+This project started in parallel with the AI/ML Security WG. During one meeting
+of the WG, it was decided to spin up a SIG for model signing
+(https://github.com/ossf/ai-ml-security/issues/10). Since the output of this SIG
+is in code for this library and associated standards and specs, we need to make
+this a project.
+
+### IP policy and licensing due diligence
+
+When contributing an existing Project to the OpenSSF, the contribution must
+undergo license and IP due diligence by the Linux Foundation (LF).
+
+* Yes:
+  * Library code under
+    [`model_transparency`](https://github.com/sigstore/model-transparency) is
+    part of Sigstore, which is already an OpenSSF (thus, LF) member
+  * Standardization work, etc. will occur under a new repository to be created
+    under OpenSSF
+
+### Project References
+
+The project should provide a list of existing resources with links to the repository, and if available, website, a roadmap, contributing guide, demos and walkthroughs, and any other material to showcase the existing breadth, maturity, and direction of the project.
+
+| Reference          | URL |
+|--------------------|-----|
+| Main Repository    | TODO |
+| Contributing guide | TODO |
+| Security.md        | TODO |
+| Roadmap            | TODO |
+| Demos              | TODO |
+| Other              | TODO |