Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cloud
    • Cloud
    • Cybersecurity

    CNCF Brings In Notary, The Update Framework to Boost Container Security

    Written by

    Sean Michael Kerner
    Published October 24, 2017
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The Cloud Native Computing Foundation on Oct. 24 announced that it is expanding its project roster with the addition of the Notary container trust project and The Update Framework security effort.

      The Notary project was originally developed by Docker and provides a content signing framework to help verify the cryptographic integrity of a container application image. Notary makes use of The Update Framework (TUF), which is a specification for enabling secure software updates.

      The new additions are the CNCF’s 13th and 14th projects since its creation in July 2015. The open-source Kubernetes container orchestration project was its first hosted project. The two new projects follow the CNCF’s Sept. 13 announcement adding the Envoy and Jaeger projects.

      “Notary is a content signing framework implementing the TUF specification in the Go language,” the CNCF project proposal states. “The project provides both a client, and a pair of server applications to host signed metadata and perform limited online signing functions. It is the de facto image signing framework in use by Docker, Quay, VMware, and others.”

      The need to secure container virtualization with some form of digital integrity is an idea that Docker creator Solomon Hykes first discussed with eWEEK in a 2014 video. The open-source Notary project became integrated with the Docker 1.8 .0 release in August 2015 under the feature name Docker Content Trust. Notary relies on TUF, which is a software development and update model that was described in detail by co-creator Justin Cappos, an assistant professor at New York University, at the DockerCon 17 conference in April.

      “If you have the green HTTPS padlock in your browser, it tells you the browser has a secure connection to a server,” Cappos said. “It doesn’t say anything about whether the server has a valid update or know what the correct update is and whether the server itself has been compromised.”

      Docker first proposed the donation of Notary at the CNCF Technical Oversight Committee meeting on June 20. At the same meeting, Cappos proposed that TUF become a CNCF project as well. The addition of Notary and TUF to the CNCF project roster, however, only came after months of discussion and debate on GitHub as well as various mailing lists.

      There are multiple requirements a project must meet for acceptance into the CNCF. Among the most important is alignment with the CNCF’s mission of enabling cloud computing to expand.

      “Notary is the most secure and widely adopted implementation of The Update Framework to date and represents a critical building block for ensuring the provenance and integrity of data in the field of cloud native computing,” the proposal states. “We want the TUF specification to be accepted into CNCF because it will make a clear statement of the importance and expectations the community must have for the security of their software distribution channels.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and writer for several leading IT business web sites.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.