FeynmanZhou
commented
1 year ago JFYI, Notation Hashicorp Vault plugin might be an example for the plugin development https://github.com/notaryproject/notation-hashicorp-vault
Closed zosocanuck closed 9 months ago
FeynmanZhou
commented
1 year ago JFYI, Notation Hashicorp Vault plugin might be an example for the plugin development https://github.com/notaryproject/notation-hashicorp-vault
FeynmanZhou
commented
1 year ago This request also needs suggestions from @notaryproject/notaryproject-notation-go-maintainers and @notaryproject/notaryproject-notation-core-go-maintainers.
github-actions[bot]
commented
10 months ago This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.
github-actions[bot]
commented
9 months ago This issue was closed because it has been stalled for 30 days with no activity.
Hi,
Per the community call on July 6, 2023 (see notes) it would be great to improve the overall plugin development experience, either via separate dedicated documentation or improved readability of the plugin extensibility spec.
From my perspective, the Notary V2 specs are well articulated and have been very helpful during my journey as a plugin developer.
Suggested Improvements:
SIGNATURE_GENERATOR.RAWvs.SIGNATURE_GENERATOR.ENVELOPE. Include advantages/disadvantages allowing the plugin developer to make an informed decision especially when it comes to compatibility during early stage development.SIGNATURE_GENERATOR.ENVELOPEin a popular language such as golang, to help bootstrap development efforts. In my case, I ended up pulling sample code from notation-go-core/signature/jws to get going.SIGNATURE_GENERATOR.ENVELOPEshould generate vendor-specific extended attributes to be consumed by a plugin that implementsSIGNATURE_VERIFIER.TRUSTED_IDENTITYand needs to verify vendor-specific attributes during the verification workflow.