Add a higher level API. #323
Conversation
Currently, this only supports Sigstore (and only DSSE on verification). I want to push this now so that people can start playing with it while I update the Colab demo and try to make the API more uniform and add support for the missing cases. With this, the default signing should be as simple as ``` from model_signing import api as model_signing_api model_signing_api.sign(model_path, signature_path) ``` And verification would be as simple as: ``` from model_signing import api as model_signing_api model_signing_api.verify( model_path, signature_path, expected_identity, expected_oidc_provider ) ``` Will think on how to simplify this even further.. Signed-off-by: Mihai Maruseac <[email protected]>
There was a problem hiding this comment.
Will think on how to simplify this even further.
I think the main thing that stands out to me now is that Signing/Verifying is a high level wrapper that tends to be simple, but the devil is in the Hashing details. The HashingConfig seems like a copy of the serialization API.
I assume the aim is to be explicit about what is backwards compatible by semver? Either way that seems like the rough point to me currently.
Signed-off-by: Mihai Maruseac <[email protected]>
That is true. For most usecases, the config should not be used to change anything from the defaults, but we want to allow flexibility.
I'm planning to make it even more uniform in the future, having setters for each field and then a verification method just before the first signing event. But for that I'd first need to make the serialization API more uniform.
Yup. We can then change anything else in the library and as long as these methods have the same interface no user would be broken. In fact, probably we should make everything else private (but need to check with documentation, so let's do this only after we have all documentation done). |
Yeah, we'll follow https://semver.org/#semantic-versioning-specification-semver Thank you for the review! |
Summary
Currently, this only supports Sigstore (and only DSSE on verification). I want to push this now so that people can start playing with it while I update the Colab demo and try to make the API more uniform and add support for the missing cases.
With this, the default signing should be as simple as
And verification would be as simple as:
Will think on how to simplify this even further..
This is part of #172, but not yet closing it
Release Note
NONE
Documentation
NONE