Goal Summary:

Implementing Sigstore-based image signature validation during admission control, ensuring only trusted and verified Windows container images are deployed.

Goals and expected user outcomes:

Security administrators will gain the ability to enforce the validation of Windows container image signatures using Sigstore within RHACS. This extends RHACS's admission control capabilities to the Windows container ecosystem, enabling policies that mandate signatures from trusted entities for Windows images before deployment. This will mitigate the risks associated with deploying unsigned or compromised Windows container images, enhancing the overall security and integrity of Windows-based workloads.

Acceptance Criteria:

• RHACS can be configured with trusted Sigstore public keys or certificate authorities for verifying Windows container image signatures.
• Admission control policies within RHACS can be defined to enforce image signature validation specifically for Windows containers within designated namespaces or workloads.
• When a new pod deployment involving a Windows container image is attempted, the RHACS admission controller will verify the image signature against the configured trusted Sigstore entities.
• If a Windows container image lacks a valid signature according to the defined policy, the admission request will be denied, preventing the deployment.
• RHACS provides comprehensive audit logs and events detailing the outcome of Windows container image signature validation attempts during admission.
• Administrators can configure different enforcement actions (e.g., warn, deny) based on the signature validation results for Windows containers.
• The configuration process for Sigstore integration with Windows containers in RHACS is intuitive and well-documented.
• The performance impact of signature validation on the admission process for Windows containers is minimal.
• The solution supports relevant Sigstore signing mechanisms and formats applicable to Windows container images.
• The integration securely manages the configured trusted keys and authorities used for verifying Windows container signatures.

Success Criteria or KPIs measured:

• Number of OpenShift clusters with Sigstore-based image signature validation enabled for Windows containers via RHACS.
• Number of admission requests for Windows containers blocked due to invalid or missing signatures.
• Reduction in the deployment of unverified Windows container images.
• Administrator satisfaction with the ease of configuring and managing Windows container image signature validation policies in RHACS.
• Performance metrics (e.g., admission controller latency for Windows container deployments) remain within acceptable limits after enabling signature validation.

Use Cases (Optional):

• A security administrator mandates that all custom Windows application containers deployed in the production namespace must be signed with their organization's Sigstore key. Any unsigned Windows container deployment will be blocked.
• A development team signs their Windows-based application container images using Sigstore. RHACS is configured to trust the associated public key, ensuring only their signed Windows images can be deployed to the staging environment.
• An organization wants to ensure that all base Windows Server Core images used are from trusted sources and signed via Sigstore. RHACS is configured with the relevant public keys to prevent the deployment of unsigned base Windows images.