The fingerprint-related issues #122 and #126 impose normative requirements on how a result management system computes fingerprints (for example, it SHALL NOT include a non-deterministic absolute URI in its computation). Therefore we need a result management system conformance profile to say that a conformant result management system is one that satisfies those requirements. I don’t think this is controversial, but just for tracking purposes I filed the CSD.1 issue #154 , “Define a ‘result management system’ conformance profile.” I’ll include it in the same change draft as the fingerprint issues. It’s as easy as this: Conformance Clause 10: Result management system A result management system satisfies the “result management system” conformance profile if: · It satisfies the “SARIF consumer” conformance profile. · It additionally satisfies the normative requirements in §3 and Appendix B (“Use of fingerprints by result management systems”) that are designated as applying to result management systems. Appendix B will now be Normative instead of Informative because it contains the fingerprint computation requirements. Larry