- Aviral
- Brandon Mitchell
- Jeff Carter
- Mike Brown (IBM)
- Nathan Anderson
- Ramkumar Chinchani
- ToddySM
- None
- Repo has been created: https://github.com/opencontainers/wg-auth
- How to handle disagreements in the WG
- Hopefully we won't have many
- Everything we create goes through various approvals upstream.
- Separate the use cases by current capabilities vs future features
- Use Cases:
- Permissions to access
_catalog- How to filter out repos from list you do not have access to
- How to query limited private scope
- UI authentication vs client tooling/CLI workflow
- Different types of credentials (passwords, tokens)
- Authentication to extensions in the registry (not only push/pull)
- Authentication for anything that is not specific to a repository
- Pull/push an image
- Cross repository blob mount
- Long running clients (registry mirroring, caches)
- Timeout of stale credentials
- Accessing multiple repositories
- Multi-tenant clients
- Encryption/decryption images/artifacts
- CDN integration
- Various auth methods (token, basic)
- Artifact scanning and signing
- Certificate authority
- Mutual TLS
- Auth to the tag level, e.g. embargoed fixes
- HTTP redirection (when should client allow?)
- Anonymous access
- Permissions to access
- Will we create a library in OCI?
- Existing Specs