You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are scenarios that users need to produce non-OCI signatures for non-OCI artifacts and distribute both non-OCI artifacts and signatures in a different way from using OCI compliant registry, see notation#741 and scenarios. So, I would like to request adding new specifications for non-OCI signature which covers:
Signature payload
Signature storage on disk
Trust store and trust policy
signing and verification workflow
Benefits
A new set of specifications that support new scenarios for securing software supply chains
Ensuring compatibility and interoperability between different implementations that built per the new specifications
Portability of non-OCI signatures
Proposed Solution
Create new specifications for non-OCI signature specifications.
Additional Information
N/A
The text was updated successfully, but these errors were encountered:
per discussion at the meeting on 1/2/2024, the feature signing arbitrary data will not be in the scope of Notation 1.1.0. So remove this work item from 1.1.0 milestone.
Description
The specifications v1 defines the signature payload, storage based on OCI specification, as well as the signing and verification workflow for interaction with OCI compliant registries. The trust policies are mainly defined to verify artifacts stored in OCI compliant registries, for example the property
registryScopes
contain fully qualified registry URL(s).There are scenarios that users need to produce non-OCI signatures for non-OCI artifacts and distribute both non-OCI artifacts and signatures in a different way from using OCI compliant registry, see notation#741 and scenarios. So, I would like to request adding new specifications for non-OCI signature which covers:
Benefits
Proposed Solution
Create new specifications for non-OCI signature specifications.
Additional Information
N/A
The text was updated successfully, but these errors were encountered: