Notary Project Specifications
August 3, 2023 ยท View on GitHub
This repository is in active maintenance and contains specifications shared across repositories under Notary Project as well as used by other open source projects and/or vendor tools that want to interoperate with Notary Project tooling.
Please see the Notary Project README file to learn about overall Notary Project.
In this README
Folder Structure
| Folder Name | Description |
|---|---|
| media | Media files referenced by documents in this repository |
| requirements | Requirements for Notary Project |
| security | Notary Project security related documents and reports |
| specs | Notary Project specifications |
| status-updates | This folder is not in active maintenance and contains status updates report for Notary Project |
| threatmodels | Threat models for repositories under Notary Project |
Requirements
| File Name | Description |
|---|---|
| definitions-terms.md | A collection of definitions and terms used within this repository |
| key-revocation.md | Requirements and proposals for key revocation |
| keymanagementrequirements.md | Requirements for key management |
| requirements.md | A collection of requirements and scenarios for Notary Project |
| scenarios.md | Notary Project signing scenarios |
| verification-by-reference.md | Requirement of verification by reference |
Security Documents
| File Name | Description |
|---|---|
| ADA-notation-security-audit-23.pdf | Security audit report in 2023 covering notation, notation-go, and notation-core-go repositories |
| ADA-fuzzing-audit-22-23.pdf | Fuzz testing audit in 2023 covering notary, notation-go, and notation-core-go repositories |
Specifications
| File Name | Description |
|---|---|
| plugin-extensibility.md | Notation Plugin specification |
| signature-envelope-cose.md | Notary Project OCI COSE signature envelope |
| signature-envelope-jws.md | Notary Project OCI JWS signature envelope |
| signature-specification.md | Notary Project OCI signature specification |
| signing-and-verification-workflow.md | Notary Project OCI signing and verification workflow |
| signing-scheme.md | Notary Project signing scheme |
| trust-store-trust-policy.md | Notary Project Trust Store and Trust Policy |
Threat Models
| File Name | Description |
|---|---|
| notation-threatmodel.md | Threat models for Notation CLI |
Community
If you have any questions about Notary Project or contributing, do not hesitate to file an issue on relevant repository or contact the Notary Project maintainers and community members via the following channels:
- Join the Notary Project community slack channel
- Join the Community meetings