SPDX documents must conform to the Core profile but can opt-in to additional profiles to support the use cases they are intending to address. This layering allows SPDX to be used for different use cases (licensing, security, bill of materials, …) while allowing adopters to focus on only the use cases they care about.
SPDX is a single logical model but can be represented by different physical models. These physical models may be to support different formats (JSON, YAML, …) or to allow more compact representation of the logical model. A logical model should be serializable to any of the defined physical models and any of the defined physical models should be deserializable to the logical model. This allows interop between formats and ensures the constraints defined in the logical model aren’t violated.
The Core profile will not constrain itself to the software domain allowing