Notary: State of the Container Supply Chain


Authors:   Justin Cormack, Steve Lasker


The presentation discusses the importance of verifying the identity and authenticity of software content in the supply chain through Notary v2. The speaker uses real-world analogies to explain the concept and emphasizes the need for trust and policy management in the deployment process.
  • Notary v2 focuses on the distribution and consumption of software content in the supply chain
  • Verifying the identity and authenticity of software content is crucial in ensuring security and reliability
  • Policy management and trust are necessary in the deployment process
  • Real-world analogies, such as airport security checks, can help illustrate the concept
The speaker uses the example of airport security checks to explain the importance of verifying identity and authenticity in the deployment process. Just as travelers must prove their identity and go through multiple security checks before boarding a plane, software content must also be verified and checked before being deployed. This ensures that only trusted and authentic content is used in the supply chain.


As supply chain security becomes a larger concern for all types of organization, the tooling for supply chain security becomes critical. The Notary v2 project was set up to address issues with the original v1 project that did not see widespread use, and to gather consensus on the types of security mechanisms that were needed. This talk will show the progress we have made, and go through the decisions we made so far, as we are going into early production use. We will look at the future roadmap and the supply chain landscape.