Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CNAB Security 300 #253

Open
wants to merge 37 commits into
base: master
from

Conversation

@trishankatdatadog
Copy link
Member

trishankatdatadog commented Aug 15, 2019

Major TODOs:

  • Add a threat model to basically guide what
  • Talk about signing only bundles, not images, so simplify security levels
  • Discuss use cases to talk about what should be possible (e.g., we are doing this to support that use case)
  • Explain that it doesn't matter where you store bundles or metadata, or whether it's a think or thick bundle, because verification would exactly the same

Minor TODOs:

  • Replace links to ITEs

Sub-PRs:

WIP
WIP
@msftclas

This comment has been minimized.

Copy link

msftclas commented Aug 15, 2019

CLA assistant check
All CLA requirements met.

Copy link
Member

radu-matei left a comment

This is a great start, thanks a lot for putting this together, @trishankatdatadog!
I have a few comments, mainly about wording.

As per our conversation, I would propose the following:

  • renaming repositories to metadata repositories, in order to avoid confusions with image repositories (term which already has a meaning for containers).

  • suggest the possibility of using a single metadata repository (trusted collection in TUF) for a project, which could contain signed bundle and image metadata, together with relevant in-toto metadata.

  • suggest / propose (but not impose) a scaffolding for the project layout - with a root layout that describes the bundle provenance, and optional sublayouts for the components referenced in the bundle.

  • introduce the idea of verification images (similar to invocation images) - container images that define the environment where the in-toto verification would take place at runtime.

Thanks a lot for starting this discussion!

300-CNAB-security.md Outdated Show resolved Hide resolved
300-CNAB-security.md Outdated Show resolved Hide resolved
300-CNAB-security.md Outdated Show resolved Hide resolved
300-CNAB-security.md Outdated Show resolved Hide resolved
300-CNAB-security.md Outdated Show resolved Hide resolved
300-CNAB-security.md Show resolved Hide resolved
300-CNAB-security.md Outdated Show resolved Hide resolved
@trishankatdatadog

This comment has been minimized.

Copy link
Member Author

trishankatdatadog commented Sep 13, 2019

Okay, I've decided to split everything up, and am using 300 as a roadmap. The pieces are as follows:

More to come. Stay tuned!

@trishankatdatadog trishankatdatadog changed the title Cloud Native Application Bundles Security (CNAB-Sec) 1.0 WD CNAB Security 300 Sep 16, 2019
@trishankatdatadog trishankatdatadog referenced this pull request Sep 16, 2019
0 of 7 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.