Closed zosocanuck closed 9 months ago
JFYI, Notation Hashicorp Vault plugin might be an example for the plugin development https://github.com/notaryproject/notation-hashicorp-vault
This request also needs suggestions from @notaryproject/notaryproject-notation-go-maintainers and @notaryproject/notaryproject-notation-core-go-maintainers.
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.
This issue was closed because it has been stalled for 30 days with no activity.
Hi,
Per the community call on July 6, 2023 (see notes) it would be great to improve the overall plugin development experience, either via separate dedicated documentation or improved readability of the plugin extensibility spec.
From my perspective, the Notary V2 specs are well articulated and have been very helpful during my journey as a plugin developer.
Suggested Improvements:
SIGNATURE_GENERATOR.RAW
vs.SIGNATURE_GENERATOR.ENVELOPE
. Include advantages/disadvantages allowing the plugin developer to make an informed decision especially when it comes to compatibility during early stage development.SIGNATURE_GENERATOR.ENVELOPE
in a popular language such as golang, to help bootstrap development efforts. In my case, I ended up pulling sample code from notation-go-core/signature/jws to get going.SIGNATURE_GENERATOR.ENVELOPE
should generate vendor-specific extended attributes to be consumed by a plugin that implementsSIGNATURE_VERIFIER.TRUSTED_IDENTITY
and needs to verify vendor-specific attributes during the verification workflow.