Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Discussion of out of box experience for trust policy #590

Open
yizha1 opened this issue Mar 15, 2023 · 3 comments
Open

Discussion of out of box experience for trust policy #590

yizha1 opened this issue Mar 15, 2023 · 3 comments
Labels
duplicate This issue or pull request already exists
Milestone

Comments

@yizha1
Copy link
Contributor

yizha1 commented Mar 15, 2023

          @priteshbandi The purpose of the `notation policy init` is to improve the overall out of the box experience (OOBE) of the `notation` CLI. If an advanced customer does not think it is secure, that customer can compose their own policy file and use `notation policy import` to import it.

Originally posted by @shizhMSFT in #568 (comment)

@yizha1 yizha1 changed the title @priteshbandi The purpose of the notation policy init is to improve the overall out of the box experience (OOBE) of the notation CLI. If an advanced customer does not think it is secure, that customer can compose their own policy file and use notation policy import to import it. Discussion of out of box experience for trust policy Mar 15, 2023
@patrickzheng200
Copy link
Contributor

patrickzheng200 commented Mar 16, 2023

Just posting the contexts of why we should have a notation policy init command:
For a 0-experience starter, find our specs -> find a trust policy template -> learn how to use it -> change it to user wanted values could be a very hard workflow. The learning cost for a fresh beginner is a bit too high.

A candidate as the default trust policy statement:

{
    "version": "1.0",
    "trustPolicies": [
        {
            "name": "policy-by-init-command",
            "registryScopes": ["*"],
            "signatureVerification": {
                "level": "strict"
            },
            "trustStores": ["ca:default"],
            "trustedIdentities": ["*"]
        }
    ]
}

@priteshbandi Do you mind to list your concerns to the above trust policy statement here again? so we can discuss them under this post and find the possible solutions. Thanks.

@patrickzheng200
Copy link
Contributor

patrickzheng200 commented Mar 27, 2023

An alternative would be notation policy init guiding the user to fill out the trust policy fields one by one in the command line with detailed descriptions of each field. In this way, the user won't need to find a template from our spec by themselves.
@yizha1 @shizhMSFT @priteshbandi

@yizha1 yizha1 added this to the 1.1.0 milestone Jul 25, 2023
@yizha1 yizha1 added the duplicate This issue or pull request already exists label Jul 25, 2023
@yizha1
Copy link
Contributor Author

yizha1 commented Jul 25, 2023

duplicated with issue #653

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
duplicate This issue or pull request already exists
Projects
Status: Todo
Development

No branches or pull requests

2 participants