typo fixes

Signed-off-by: Steven Lasker <stevenlasker@hotmail.com>
opencontainers · Aug 24, 2019 · 36cf15a · 36cf15a
1 parent 7656982
commit 36cf15a
Show file tree

Hide file tree

Showing 3 changed files with 81 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -8,17 +8,33 @@ Utilizing the [manifest][image-manifest] and [index][image-index] definitions, n
 
 This repository provides a reference for artifact authors and registry implementors for supporting new artifact types with the existing implementations of distribution.
 
-By providing an OCI artifact definition, the community can continue to innovate, focusing on new artifact types without having to build yet another storage solution (YASS). 
+By providing an OCI artifact definition, the community can continue to innovate, focusing on new artifact types without having to build yet another storage solution ([YASS][def-yass]). 
 
 ## Table of Contents
 
+* [What Is an OCI Artifact](#what-is-an-oci-artifact)
+* [Defining OCI Artifact Types](#defining-oci-artifact-types)
 * [The Apache License, Version 2.0](LICENSE)
 * [Maintainers](MAINTAINERS)
 * [Maintainer guidelines](MAINTAINERS_GUIDE.md)
 * [Contributor guidelines](CONTRIBUTING.md)
 * [Project governance](GOVERNANCE.md)
 * [Release procedures](RELEASES.md)
 
+## What Is an OCI Artifact
+
+An OCI Artifact is a generic reference to an object that can be stored in an instance of [OCI Distribution][distribution-spec]. The artifact can be [def-well known types][well-known-types], such as [OCI-Image][image-spec] and [Singularity][singularity], or customer or vendor specific types. 
+
+## Defining OCI Artifact Types
+
+[Registries][def-registry], vulnerability scanners and artifact tooling must understand the types of artifacts they support. Registry scanning tools may only support a subset of artifact types, or they may need to apply different scanning methods based on the artifact type. 
+
+If a security scanning solution were to scan all types, it would fail when it encounters unsupported types, representing false negatives. By differentiating types, a registry scanning solution can ignore unknown types, representing a known state. As new artifact types become [well known][def-well-known-types], scanners can expand the types they offer, providing a more complete known state. 
+
+Artifact tooling must also know the types they support. The docker and containerD client know how to instance container images. However, they are not intended to instance Helm Charts or Singularity images. By defining the artifact type, registries can present the type to their users, and tools pulling artifacts from a registry can determine if they can support the specific type before encountering a runtime error. 
+
+Artifacts are defined by setting the `manifest.config.mediaType` to a globally unique value. The `config.mediaType` of `application/vnd.oci.image.config.v1+json` is reserved for artifacts intended to be instanced by docker and [containerD][containerd].
+
 ## Code of Conduct
 
 This project incorporates (by reference) the OCI [Code of Conduct][code-of-conduct].
@@ -39,11 +55,16 @@ Artifacts will reference specific [distribution][distribution-spec], [index][ima
 
 **Q: Does this change the OCI Charter or Scope Table?**
 
-A: No.  Artifacts are a prescriptive means of storing [index][image-index] and [manifest][image-manifest] within [distribution][distribution-spec] implementations. 
+A: No. Artifacts are a prescriptive means of storing [index][image-index] and [manifest][image-manifest] within [distribution][distribution-spec] implementations. 
 
 [distribution-spec]: https://github.com/opencontainers/distribution-spec/
+[image-spec]: https://github.com/opencontainers/image-spec/
+[containerd]: https://containerd.io/
 [code-of-conduct]: https://github.com/opencontainers/org/blob/master/CODE_OF_CONDUCT.md
 [image-manifest]: https://github.com/opencontainers/image-spec/blob/master/manifest.md
 [image-index]: https://github.com/opencontainers/image-spec/blob/master/image-index.md
 [distribution]: https://github.com/docker/distribution
-[singularity]: https://github.com/sylabs/singularity
+[singularity]: https://github.com/sylabs/singularity
+[def-well-known-types]: https://github.com/SteveLasker/artifacts/blob/definitions-terms/definitions-terms.md#well-known-types
+[def-registry]: https://github.com/SteveLasker/artifacts/blob/definitions-terms/definitions-terms.md#registry
+[def-yass]: https://github.com/SteveLasker/artifacts/blob/definitions-terms/definitions-terms.md#yass
diff --git a/definitions-terms.md b/definitions-terms.md
@@ -0,0 +1,47 @@
+# Definitions and Terms
+
+A collection of definitions and terms used within this repository.
+
+* [Artifact Author](#artifact-author)
+* [Distribution Operator](#distribution-operator)
+* [Media Type](#media-type)
+* [OCI Image](#oci-image)
+* [Registry](#registry)
+* [YASS](#yass)
+
+## Artifact Author
+
+The owner of an artifact format. The [OCI Image Spec](https://github.com/opencontainers/image-spec/) is owned by the OCI working group. 
+
+An artifact is defined to be unique by its `config.mediaType`. 
+
+## Container Registry
+
+See [Registry](#registry)
+
+
+## Distribution Operator
+
+Vendors that implement and/or run the [OCI Distribution Spec](https://github.com/opencontainers/distribution-spec/). 
+
+## Media Type
+
+The uniqueness of an artifact is defined by its type. An artifact has a type, which has a collection of layers.
+
+The Artifact is defined as unique by its `manifest.config.mediaType`. Layers are defined by their `layer.config.mediaType`. 
+
+## OCI Image
+
+OCI Image is a specific type of artifact. However, an OCI image is not meant to define all artifacts. Tooling, such as docker, containerD and vulnerability scanners that perform security checks upon container images, use the `config.mediaType` to know they can pull and instance container images. Docker and containerD are not intended to pull and instance Helm Charts, Singularity, OPA or other artifact types. 
+
+## Registry
+
+A registry, or container registry, is an instance of the [distribution-spec]. See [Implementors][implementors] for a list of registries that support OCI Artifacts. 
+
+## YASS
+
+[OCI Artifacts][artifacts] provides an alternative to having to build, distribute and run "**Y**et **A**nother **S**torage **S**ervice". 
+
+[artifacts]: https://github.com/opencontainers/artifacts
+[implementors]: https://github.com/SteveLasker/artifacts/blob/implementors/implementations.md
+[distribution-spec]: https://github.com/opencontainers/distribution-spec/
diff --git a/implementors.md b/implementors.md
@@ -0,0 +1,10 @@
+# OCI Artifacts Implementations
+
+Projects or companies currently supporting OCI Artifacts
+
+* [Azure Container Registry](https://aka.ms/acr/artifacts)
+* [docker/distribution](https://github.com/docker/distribution/) - the reference implementation of the [OCI Distribution Spec][distribution-spec]
+
+_(to add your project, please open a [pull-request](https://github.com/opencontainers/artifacts/pulls))_
+
+[distribution-spec]: https://github.com/opencontainers/distribution-spec/