libtrust
libtrust copied to clipboard
docker
Trust server docs
Document detailing the design of the trust server and its role in the global trust graph. Since no existing global trust graph documentation exists there is more detail about how namespacing works. Additional docs may be added to describe the global trust graph as well as additional key and acl management services.
Ping @jlhawn and @dmp42 for initial review
We should probably declare a MIME type for the different content types that could be inside a JWS. If we are sending up build manifests which are versioned. The version information should really be part of the mime-type not just part of the content. Parsing will be more difficult if we have to assume the inner content is json, then attempt to derive what type and version of that type from the parsed JSON struct.
application/json+dockerimage.v1 or something to that effect
Content-types headers are an http centric artifact. That will not fly for other protocols where there is no such thing (filesystem for eg).
JSON web signatures allow for defining the content type using the same MIME types as would be expected in the HTTP header. The content type would be retrievable from the JSON signature object and not need to be present in the transport, since the transport content type will always be a JWS. It can be optional, but will be helpful in trying to parse the JSON especially in Go where we want to decode directly into a struct instead of infer the structure from a map.
https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-36#section-4.1.10
