Assign Open Badges for certification?

[wking]

Last year I'd floated Open Badges as a user-verifiable way for certified implementations to show their certification status. I think that should be part of the regular process, for a few reasons:

• It has space for an account of the achievement (e.g. “OCI Certified Runtime v1.0 on amd64 Linux. {link to opencontainers/certification issue with results}”). That makes it easy to show a pretty, tiny graphic (nice for the certified implementation) while still allowing access to the technical details (nice for a curious user).
• The issuer can revoke badges unilaterally, instead of the current policy of asking the certified implementation to remove their stale marks (which may be difficult if the certified implementation has become abandonware).

Thoughts?

[RobDolinMS]

Thanks for this @wking. Very cool!

[wking]

@RobDolinMS, if you want a Microsoft contact with some Open Badges experience, you might want to check with these folks [1]. [1]: https://www.microsoft.com/en-us/learning/badges.aspx#faq-2

[RobDolinMS]

The Open Badges model looks like it requires some non-trivial set-up but then scales nicely; particularly for Massively Open Online Courses (MOOCs.)

Assuming we're looking at on the order of 10 products that would certify as run-times; I'm thinking Open Badges might be a bit heavy weight. For images, Open Badges might make sense if we were scaling to 100's or 1,000's of container images.

I'm keen to hear if others have thoughts on this.

[caniszczyk]

@RobDolinMS While OpenBadges is super cool, I share your sentiments on it being too heavyweight, we can use a simple process for now as we have done with other LF collaborative projects.

[wking]

On Mon, Mar 13, 2017 at 11:35:18AM -0700, Chris Aniszczyk wrote: … I share your sentiments on it being too heavyweight…

I don't think it needs to be that heavy. I'll see if I can get something lightweight going locally to back that up.

[RobDolinMS]

@wking Would you be OK if we scoped this investigation just to the Runtime certification program? /cc @jtborek @caniszczyk

[wking]

On Wed, Apr 26, 2017 at 02:13:28PM -0700, Rob Dolin (MSFT) wrote: @wking Would you be OK if we scoped this investigation just to the Runtime certification program?

I'm in favor of badging runtimes and not badging images, but I see those two as part of a bigger picture. It looks like we don't plan to certify image implentations, just runtime implementations [1] and images [2]. I expect we want two validation styles: * Implementation certifications (e.g. runtime-implementation certification for things like runC and image-implementaion certifications for things like umoci). * Artifact validation (e.g. bundle validation for runtime-spec and image validation for image-spec). While certifying a few dozen implementations is managable and useful, I don't see a point to *certifying* thousands of images and bundles (where user-initiated validation seems fairly straightforward). At one point there was talk of validator.opencontainers.org (e.g. in opencontainers/image-spec#203) to facilitate this sort of uncertified validation. The repository seems to have since been removed, but I'm in favor of restoring it and trying that approach. [1]: https://github.com/opencontainers/certification/tree/82426f164d34ed15741d366a3576ea7732f9a313#oci-certified-runtime-runtime-specification [2]: https://github.com/opencontainers/certification/tree/82426f164d34ed15741d366a3576ea7732f9a313#oci-certified-image-image-specification

[caniszczyk]

After the OCI CertWG meeting today, we've decided to close this issue and keep this simple for v1.0 at the moment, we may consider this down the road.