The Cloud Native Computing Foundation (CNCF) is maybe best known for being the home of the Kubernetes container orchestration project, but there are plenty of other projects that are now under the organization. All of them aim on bringing the kind of modern cloud-native tooling that big companies like Google, Microsoft, Facebook and others take for granted to a wider range of users.
Today, the CNCF is now expanding its stable with the addition of the Docker-incubated Notaryand The Update Framework (TUF), which was initially developed by professor Justin Cappos and his team at NYU’s Tandon School of engineering. These are essentially related projects. Notary, which can provide a layer of trust to any content, is actually an application of the TUF.
The core idea behind all of this is using the TLS protocol to secure the communication between a web server and client is not enough, as the server itself may have been hacked. So for example, if you want to distribute Docker containers and guarantee that these have not been lessened, the Notary/TUF client and server applications handle the signing of the metadata and provides you with an additional layer of trust.
“In a developer’s workflow, security can often be an addendum; however, every piece of installed code from the OS to the application should be signed. Notary establishes strong trust guarantees to prevent malicious content from being inserted into the workflow processes,” said Senior Software Engineer, David Lawrence at Docker. “Notary is a generally used implementation in the container space. By joining CNCF, we anticipate that Notary will be more generally adopted and different use cases will emerge.”
Docker uses this to implement its Docker Content Trust system. The automotive industry is also looking into an alternative to TUF called Uptane to protect and secure the code that runs inside modern cars.
If you want to find out more on how Notary/TUF works, Docker’s documentation most likely offers the best introduction.
“Notary and the TUF specification delivered a key challenge for enterprises working with containers by providing a solution for trusted, cross-platform delivery of content,” writes Chris Aniszczyk, COO of the CNCF, in today’s announcement.
“We are excited to have these projects come in as one collective contribution to CNCF and look forward to cultivating their communities.”
The Docker Platform (including the Enterprise and Community editions), Moby Project, Huawei,
Motorola Solutions, VMWare, LinuxKit, Quay and Kubernetes have all integrated Notary/TUF already, so these are apparently project that should fit in with the rest of the CNCF tools.
Motorola Solutions, VMWare, LinuxKit, Quay and Kubernetes have all integrated Notary/TUF already, so these are apparently project that should fit in with the rest of the CNCF tools.