Feature Overview: Establish a secure process in collaboration with Product Security (ProdSec) to sign and secure models packaged in OCI Artifact/ModelCar format.

Goals: Add in a process with ProdSec to sign and secure the models that we package up in OCI Artifact/ModelCar format.

Out of Scope [To be updated post-refinement]:

• Defining the comprehensive security policies for all validated models that we package and re-distribute on Quay..
• Implementing runtime model integrity checks (focus is on packaging/signing).

Requirements:

• Define a process for signing OCI Artifact/ModelCar packages containing models.
• Integrate with existing or establish new security tooling/infrastructure for signing.
• Ensure the signing process is secure and prevents tampering.
• Collaborate closely with the Product Security team throughout the definition and implementation.
• Define how signed models will be verified.

Done - Acceptance Criteria:

• [To be defined w/ Engineering]

Documentation Considerations:

• Document the model signing process step-by-step.
• Document how to verify the signature of a packaged model.
• Outline the security considerations and measures in place.
• Provide contact information or escalation paths for security concerns.

Questions to answer:

• What specific signing technology and infrastructure will be used?
• What is the required level of security and trust for the signing process?
• How will the signing process integrate into the model packaging/publishing pipeline?
• How do we do this in an automated fashion starting with HF stubs?

Background & Strategic Fit: Implementing model signing and security is critical for ensuring the integrity and trustworthiness of the models distributed through our platforms. This directly addresses security concerns and build customer confidence in using validated models from Red Hat AI, aligning with best practices for secure software supply chains.