akashsinghal
commented
3 months ago In order to support this, not only does the existing docker plugin implementation have to be updated; but also, Ratify's cli needs to be updated to support more authentication support for key management providers and ORAS store. Ratify cli also needs to add key management provider support which does not exist today.
https://github.com/ratify-project/ratify/issues/1300 https://github.com/ratify-project/ratify/issues/1630
dockerd can be extended to support an access authorization plugin. https://docs.docker.com/engine/extend/plugins_authorization/
Ratify plugin can be extended to support Authz so that all content fetch commands (image pull, build) can implicitly invoke Ratify and allow/deny the pull operation.