in-toto/archivista

task: Add logic in API to upload Policies and retrieve by gitoid

Closed this issue 6 months ago · 1 comments

kairoaraujo commented 9 months ago

While Archivista API receives a JSON body with a DSSE envelope, it can verify and add if it is a policy.

The Policy can be identified by the PaylodType as described in Archivista Policy Schema (https://witness.testifysec.com/policy). It doesn't conflict with [ITE-5]
(https://github.com/in-toto/ITE/blob/master/ITE/5/README.adoc#pseudocode-for-in-totos-reference-implementation).

The Policy can be retrieved by the API (/v1/download/<gitoid>)

Parent feature:

#158

kairoaraujo commented 6 months ago

Closed by #234