Milestone: engine notary support - enforcement

Story As a user I want to have confidence that the bytes I am using are the bytes I think I'm using, and that the author is known. As a user I want to have confidence that the bytes I am using are the bytes I should be using given the application I'm running As an admin I want to know that bytes used by users are from trusted sources and are use in an appropriate manner

Details All trust is associated with tags - in a VCH, the portlayer is unaware of tags (these are a personality facet) - the implication is that the verification must be done in the personality side.

Trust level that can be applied to entities:

blind (trust anything, don't vet signature)
insecure (trust anything, confirm signature)
TOFU (trust anything, confirm stable)
secure (require verification via prior knowledge - ie. known CA, referred to as Trust Pinning)

Remote entities involved in image publishing/acquisition:

notary
registry
repository
tag

Registry is a hierarchy of:

server
- repository
- tag

Each element in the registry should have:

trust setting
inheritable trust setting
- specific trust setting overrides inherited?

Knowledge needed by a VCH:

default registry
notary configs
- trust level
- CA
registry configs
- trust level
- CA
repository configs
- trust level
- CA if secure & not TOFU
tag configs
- trust level
- CA if secure & not TOFU

Tasks - basic support for notary (client enforced):

[ ] image signature validation (#1331)

Tasks - VCH support for notary (appliance enforced):

[ ] provide basic notary configuration to VCH (#4766)
[ ] add notary client support to the personality (#4767)
[ ] default registry configuration (optional)
[ ] provide rich trust-level configuration (optional)

NOTE Consider dropping some of the negative case testing in favour of whitelist - I think that's a better investment of time.

vmware / vic

Milestone: engine notary support - enforcement #4450