Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proposal: Trust system #9036

Closed
wants to merge 5 commits into from
Closed

Proposal: Trust system #9036

wants to merge 5 commits into from

Conversation

dmcgowan
Copy link
Member

@dmcgowan dmcgowan commented Nov 7, 2014

Documentation for the trust system which will be used for provenance and the V2 registry. The trust system is intended to be generic and able to be used for a wider range of authorizing users through their public key.

@dmcgowan
Copy link
Member Author

dmcgowan commented Nov 7, 2014

ping @dmp42 @jlhawn @shykes @stevvooe

@wking
Copy link

wking commented Nov 7, 2014

The docker login command can be used to register public keys with
the trust system. By default every client and daemon instance of
Docker will generate a public key and using docker login will
register that public key with the credentials provided on login.

So if I run:

$ docker login

am I registering my client's key, my daemon/engine's key, or both?
I'm not sure how this auth is going to work where serveral users use
their clients to talk to the same daemon, and that daemon talks to the
hub. Will the daemon just proxy the auth handshakes between the
client and the hub? In that case, why would the daemon need a key?
But that means you'll need a long-duration token (which the daemon can
cache) if you want the daemon to keep uploading/downloading layers
to/from the hub on your behalf after the client has disconnected.
Long-duration tokens sound like the registry's native auth target
anyway 1.

@dmcgowan
Copy link
Member Author

dmcgowan commented Nov 7, 2014

docker login will only register the client's key. The daemon's key is not relevant in the trust system for provenance or the V2 registry, but it may be in the future for other features. Authentication requests will need to originate on the client, or in the future will be able to proxy through the daemon using identity auth described in #8265 to verify the client has authorized the daemon on their behalf. You are right though that the client will need to pass the long token to the daemon if multiple actions over time are required from a single client interaction.

SvenDowideit
SvenDowideit reviewed Nov 11, 2014
View reviewed changes
docs/sources/userguide/trust.md
Docker uses a trust system based on public key cryptography and a global federated namespace to link users to keys and resources.

## Login
The `docker login` command can be used to register public keys with the trust system. By default every client and daemon instance of Docker will generate a public key and using `docker login` will register that public key with the credentials provided on login. By default `docker login` registers against Docker Hub using Docker Hub credentials. An authentication server URL may also be provided to register with.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

docs need to be line wrapped at 80 chars - it makes the GH diffs viewable

@dmcgowan
Copy link
Member Author

@SvenDowideit reformatted

@SvenDowideit
Copy link
Contributor

nice :) - i just remembered - for your document to be included in docs.docker.com, you also need to add a line to the docs/mkdocs.yml - again, not urgent until feature merge :)

@dmcgowan
Add documentation for trust system include trust server
ad25825 
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
@dmcgowan
Update trust documentation to include key management
99816b0 
Redefined the trust server to included endpoints for managing the graph.
The role of statements has also be reduced to keep the trust server from
needing to generate content for the users.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
@dmcgowan
Copy link
Member Author

Ping @dmp42 @jlhawn

Made significant updates to the documentation to incorporate key and grant management responsibility to the trust server. This has the effect of reducing the role of the x509 certificate to linking keys and giving the users authority over their own grants. Please review.

@dmp42 dmp42 mentioned this pull request Nov 24, 2014
Closed
@dmp42 dmp42 added the Proposal label Nov 25, 2014
@shykes shykes mentioned this pull request Nov 25, 2014
Closed
@dmcgowan
Update to reference separated out trust cli tool
219c828 
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
@dmcgowan
Rename scope to actions for consistency with auth spec
dc6359f 
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
@dmcgowan
Add section about x509 certificates
02b1ea1 
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
@icecrime
Copy link
Contributor

Considering that:

  • This has been opened for quite some time
  • Trust is (currently) assumed to be owned by distribution
  • Distribution has its own repo

Does it make sens to close this, and have you submit the documentation on the other repo? Ping @dmp42 @dmcgowan!

@dmp42
Copy link
Contributor

dmp42 commented Jan 13, 2015

Makes sense. Let's close it for now and have it out of your way - will re-open later when "trust" is updated.

@icecrime icecrime closed this Jan 13, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@dmcgowan @wking @SvenDowideit @icecrime @dmp42 @jamtur01