Task: Implement Policy Approval

[kairoaraujo]

The goal of this task is to implement Policy Approval using TUF.

The idea is not to create a process inside Archivista or in a third-party system but to use the TUF signature threshold of metadata as the trusted process.

With this implementation, you have full control. The Policy is stored in a specific Target Delegated Role TUF Metadata that you define with a threshold.

Example: policy.json TUF metadata with threshold 2.

Note: Maybe a 1:1 role per Policy will make the approval per Policy added

When a person submits a new Policy, it generates a new version of the Metadata (i.e., 3.policy.json), which must be signed by the key holders who are signers of this delegated role.

When the users sign the metadata this Policy becomes trusted by clients (for example, Witness)

This feature requires some third-part features in RSTUF:

• Feature: Create/Remove custom delegate Target Roles repository-service-tuf/repository-service-tuf#354
• Feature: Support custom delegated target roles using offline keys repository-service-tuf/repository-service-tuf#647

Required Tasks

• Task: Integrate tufstorage to Archivista store Process #239

Parent feature

• Feature|Experimental: Add support to add Policies to TUF #159