Add AI 2025-01-22

ai/2025/2025-01-22.md

@@ -0,0 +1,42 @@
+# SPDX AI Team Meeting 2025-01-22
+
+## Attendees
+
+- Ambarish Gurjar
+- Arthit Suriyawongkul
+- Elyas Rashno
+- Gopi Krishnan Rajbahadur
+- Mihai Maruseac
+- Victor Lu
+
+## Agenda
+
+- Approve minutes: <https://github.com/spdx/meetings/pulls?q=is%3Apr+is%3Aopen+label%3AAI>
+- Victor: Standardization options: Flexibility (add whatever you want) vs interoperability
+  (less fields, more constraints that guarantee something will work together)
+- MLCommons Croissant dataset metadata <https://mlcommons.org/croissant/1.0>
+  - Intro <https://research.google/blog/croissant-a-metadata-format-for-ml-ready-datasets/>
+- Discussion about common elements between SLSA and SPDX,
+  and how we can bring useful things to SPDX 3.1
+  (in a way that can still keep the interoperability)
+- SLSA Provenance <https://slsa.dev/spec/v1.0/provenance#schema>
+- PROV-O <https://www.w3.org/TR/prov-o/>
+- <https://github.com/mlcommons/croissant/tree/main/python/mlcroissant>
+- Possibility to join MLCommons working group?
+- Mihai: SLSA has a link between input, build, and output and has more optional fields.
+  SLSA doesn't care about most of the mandatory fields in other profiles like SPDX
+- Gopi: How we can find a starting point for SLSA and AIBOM.
+- SLSA has not the dependencies like SPDX.
+  Three fields are mandatory in SLSA including release time, build time, and version.
+- Is there any way to find out the verification of the fields in SPDX based on SLSA?
+  (In the relation dependency field, the verification should borrow from the SLSA verification)
+- Should find the overlap between SPDX and SLSA fields.
+- Croissant is a high-level format for machine learning datasets that brings
+  together four rich layers.
+  <https://github.com/mlcommons/croissant>
+- Find the overlap between croissant and SPDX, come up with some mapping
+
+## Action Items
+
+- Link SLSA Provenance to SPDX (Mihai)
+- Summarize Croissant, how it aligns with SPDX, and present to the group (Art)