Clarify guidance issue280

[domguinard]

No description provided.

[jcollomosse]

Agreed, I think this should refer to a non-conformant entry i.e. to the SBAL schema, and malicious in the context of spam or harmful entries to the list rather than an algorithm and its function

…

On Fri, 28 Nov 2025, 12:30 alexandersolonskycastlabs, < ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In README.md <#36 (comment)> : > @@ -1,9 +1,25 @@ # Soft Binding Algorithm List -C2PA specifies a mechanism for recovering a C2PA Manifest for an asset, for example when the metadata containing the C2PA Manifest has been stripped. This mechanism is a [soft binding](https://c2pa.org/specifications/specifications/2.0/specs/C2PA_Specification.html#_soft_binding) (for example an invisible watermark or content fingerprint). The soft binding is used to look-up the C2PA Manifest within a Manifest Repository. The soft binding is described by the [soft binding assertion](https://c2pa.org/specifications/specifications/2.0/specs/C2PA_Specification.html#_soft_bindings). +C2PA specifies a mechanism for recovering a C2PA Manifest for an asset, for example when the metadata containing the C2PA Manifest has been stripped. This mechanism is a [soft binding](https://c2pa.org/specifications/specifications/2.0/specs/C2PA_Specification.html#_soft_binding), for example an invisible watermark or content fingerprint. The soft binding is used to look-up the C2PA Manifest within a Manifest Repository. The soft binding is described by the [soft binding assertion](https://c2pa.org/specifications/specifications/2.0/specs/C2PA_Specification.html#_soft_bindings). + +The soft binding assertion contains a field `alg` uniquely identifies the algorithm used to compute the soft binding. The Soft Binding Algorithm List is an authoritative list of soft binding algorithm names that may be used as identifiers within the `alg` field. Entries in the list also contain additional information on the algorithms. + +## Guidelines for submitting a new entry + +### Pull request +Developers of soft binding algorithms may request these be added as new entries in the soft binding algorithm list. Developers may also request amendments to their entries. These requests may be made by submitting a Pull Request (PR) adding to or editing the [softbinding-algorithm-list JSON array](softbinding-algorithm-list.json) in this repository and following the [schema](softbinding-algorithm-list-schema.json). + +### Selection rules + +The C2PA Technical Working Group may approve and merge PRs in accordance with its prevailing processes for approving technical contributions to the C2PA specification. + +C2PA's Technical Working Group may also decide to remove malicious or non-conformant algorithms from the list of approved soft binding algorithms. how it is going to be determined if an algorithm is malicious or non-conformant? — Reply to this email directly, view it on GitHub <#36 (review)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABYLIHAUY6SSRWZBEB73GL337A56LAVCNFSM6AAAAACNO25F52VHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZTKMJYHAYDEOJZG4> . You are receiving this because your review was requested.Message ID: ***@***.***>

[jcollomosse]

LGTM and I support it but I feel like this is policy position that ought to be run past TWG and/or @lrosenthol before merging.

[domguinard]

LGTM and I support it but I feel like this is policy position that ought to be run past TWG and/or @lrosenthol before merging.

I agree. @lrosenthol over to you to review.

[domguinard]

Approved for merging during the TWG meeting on Jan 29.