Add intoto type documentation (#679)

* Add in-toto type documentation Signed-off-by: John Speed Meyers <jsmeyers@chainguard.dev>
sigstore · Feb 17, 2022 · f314ee9 · f314ee9
1 parent 88e91b9
commit f314ee9
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/pkg/types/intoto/README.md b/pkg/types/intoto/README.md
@@ -0,0 +1,13 @@
+**in-toto Type Data Documentation**
+
+This document provides a definition for each field that is not otherwise described in the [in-toto schema](https://github.com/sigstore/rekor/blob/main/pkg/types/intoto/v0.0.1/intoto_v0_0_1_schema.json). This document also notes any additional information about the values associated with each field such as the format in which the data is stored and any necessary transformations.
+
+**Attestation:** authenticated, machine-readable metadata about one or more software artifacts. [SLSA definiton](https://github.com/slsa-framework/slsa/blob/main/controls/attestations.md)
+- The Attestation value ought to be a Base64-encoded JSON object.
+- The [in-toto Attestation specification](https://github.com/in-toto/attestation/blob/main/spec/README.md#statement) provides detailed guidance on understanding and parsing this JSON object.
+
+**AttestationType:** Identifies the type of attestation being made, such as a provenance attestation or a vulnerability scan attestation. AttestationType's value, even when prefixed with an http, is not necessarily a working URL.
+
+**How do you identify an object as an in-toto object?**
+
+The "Body" field will include an "IntotoObj" field.