Governance
SignedReceipt is maintained by an independent GitHub organisation. No single vendor controls the specification.
Structure
The signedreceipt GitHub organisation holds all specification repositories. Initial maintainers are two engineers acting in personal capacity plus one external auditor from a GRC platform. Maintainer status is merit-based, not vendor-based.
Licences
| Artefact | Licence | Why |
|---|---|---|
| Specification | CC-BY-4.0 | Attribution required; no sharealike friction for adopters. |
| JSON Schemas | CC0 | Maximum reuse without attribution overhead. |
| Reference implementations | Apache-2.0 | Patent grant; permissive. |
| Badge mark | CC-BY-ND | Prevents modification that dilutes the conformance signal. |
Contribution process
- Open a GitHub issue to discuss the change before writing a PR.
- Fork the repository, write the change, add conformance fixtures where applicable.
- Open a pull request; two maintainer approvals required for normative changes.
- Breaking format changes require a version bump to v2.
IETF Internet-Draft
Submitted as draft-cloakapi-signedreceipt-00 to SECDISPATCH. Mirrored at signedreceipt/draft-ietf.