Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Sigstore claimant model #285

Merged
merged 6 commits into from
Jul 19, 2023
Merged

Add Sigstore claimant model #285

merged 6 commits into from
Jul 19, 2023

Conversation

haydentherapper
Copy link
Contributor

The Sigstore claimant model formally defines a set of claims made by Sigstore's two transparency logs. This was created in collaboration with the creators of the claimant model.

This also includes sequence diagrams to make it easier to understand how the various actors interact. These are a work in progress and generated by a tool in Trillian.

Summary

Release Note

Documentation

@haydentherapper
Copy link
Contributor Author

cc @bobcallaway @SantiagoTorres

cpanato
cpanato reviewed Jun 27, 2023
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cool
lgtm

bobcallaway
bobcallaway previously approved these changes Jun 27, 2023
View reviewed changes
mhutchinson
mhutchinson reviewed Jun 29, 2023
View reviewed changes
Copy link

@mhutchinson mhutchinson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got to jump to a meeting but thought I'd drop off a few comments before I forget :-)

docs/claimantmodel/README.md Outdated Show resolved Hide resolved
docs/claimantmodel/README.md Show resolved Hide resolved
docs/claimantmodel/README.md Outdated Show resolved Hide resolved
docs/claimantmodel/README.md Outdated Show resolved Hide resolved
docs/claimantmodel/README.md Outdated Show resolved Hide resolved
@haydentherapper
Add Sigstore claimant model
7b9e9f1 
The Sigstore claimant model formally defines a set of claims made by
Sigstore's two transparency logs. This was created in collaboration with
the creators of the claimant model.

This also includes sequence diagrams to make it easier to understand how
the various actors interact. These are a work in progress and generated
by a tool in Trillian.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@haydentherapper
Update rekor timestamp model verifier
09db5c5 
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@haydentherapper
Update rekor timestamp sequence diagram to remove verifier
08f0ead 
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@haydentherapper
Change CA to Fulcio, add generated comment
1d0b4d9 
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@haydentherapper
Clarify responsibility of Verifier
5fdaf9d 
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@haydentherapper
Update claimant to id/key owner
35ff1ff 
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@haydentherapper
Copy link
Contributor Author

@mhutchinson @bobcallaway for another review

mhutchinson
mhutchinson approved these changes Jul 19, 2023
View reviewed changes
Copy link

@mhutchinson mhutchinson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good work getting to this point! This is sufficiently complex that I have a sneaking suspicion that there must be wrinkles still to be ironed out. That said, this is a big step forward and it really makes it clear that identity owners must be active readers of the Fulcio and Rekor logs to look for misissuance under their identities.

@bobcallaway bobcallaway merged commit f7eadbe into sigstore:main Jul 19, 2023
2 checks passed
@haydentherapper haydentherapper deleted the claimantmodel branch August 9, 2023 17:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpanato cpanato cpanato left review comments

@evankanderson evankanderson evankanderson left review comments

@mhutchinson mhutchinson mhutchinson approved these changes

@bobcallaway bobcallaway bobcallaway approved these changes

@SantiagoTorres SantiagoTorres Awaiting requested review from SantiagoTorres

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@haydentherapper @mhutchinson @bobcallaway @cpanato @evankanderson