Added encryption mediatype doc #15
Conversation
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
lumjjb
force-pushed
the
encryption-mediatype
branch
from
0f2cfb8
to
2b964a0
Compare
|
Thanks for the fixes, @vbatts. Pushed the changes. |
|
@SteveLasker what is the plan for merging things into this artifacts project? |
|
Great question. To be honest, I've been focused on how we add new artifacts, and how we can link artifacts together with reference types, including the reverse lookup pattern. (like Notary, SBoM, GPL, ...) Artifacts PR#27 |
|
suggest creating an incoming or under-consideration path for artifacts in progress and an approved path for artifacts approved... this is more a common extension but I'd still put it in the incoming till we push an artifact type to the approved path that has optional / required dependency on this.. and for when we can get approval from the owner of the artifact type that this extension is approved for said type. |
This is great suggestion. |
|
|
||
| To be able to protect the confidentiality of the data in layers, encryption of the layer data blobs can be done to prevent unauthorized access to layer data. Encryption is performed on the data blob of a by specifying a media type with the `+encrypted` suffix. For example, `application/vnd.oci.image.layer.v1.tar+encrypted` is an layer representation of an encrypted `application/vnd.oci.image.layer.v1.tar` layer. | ||
|
|
||
| ## `+encrypted` media type and annotation definitions |
There was a problem hiding this comment.
Defining media types this way does not scale: opencontainers/image-spec#791
There was a problem hiding this comment.
nod...
@lumjjb Perhaps you could add an explanation at the top something to the effect that this is a work in progress (WIP) because the + compression/encoding suffix model is not seen as a scaleable model and provide link(s) to the discussion underway. For that matter we could place it in a WIP section.
There was a problem hiding this comment.
Agreed on this, I've added the note that the mediatype definition is subject to change.
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
|
The PR is updated addressing the comments... Hmm since we were recently discussing this, are there plans to move this forward at the moment? |
|
@lumjjb, we've been discussing how we can enable flexibility to the manifests to support versioning within an artifact type. |
|
Sounds good, i'll take a look at #37 |
That's not what superset means |
|
FYI artifacts mission is moving to opencontainers/image-spec this repo is being archived. |
|
closing for now due to pending archive action.. pls reopen if archive is not completed and/or if you believe this close to be in error |
Following discussions in opencontainers/image-spec#775, adding details on encrypted mediatype definitions.
Signed-off-by: Brandon Lum lumjjb@gmail.com