proto_docs/grafeas/v1/attestation.rb in grafeas-v1-0.2.2 vs proto_docs/grafeas/v1/attestation.rb in grafeas-v1-0.3.0

@@ -49,10 +49,20 @@
         include ::Google::Protobuf::MessageExts
         extend ::Google::Protobuf::MessageExts::ClassMethods
       end
     end
 
+    # @!attribute [rw] compact_jwt
+    #   @return [::String]
+    #     The compact encoding of a JWS, which is always three base64 encoded strings
+    #     joined by periods. For details, see:
+    #     https://tools.ietf.org/html/rfc7515.html#section-3.1
+    class Jwt
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
     # Occurrence that represents a single "attestation". The authenticity of an
     # attestation can be verified using the attached signature. If the verifier
     # trusts the public key of the signer, then verifying the signature is
     # sufficient to establish trust. In this circumstance, the authority to which
     # this attestation is attached is primarily useful for lookup (how to find
@@ -67,9 +77,20 @@
     #   @return [::Array<::Grafeas::V1::Signature>]
     #     One or more signatures over `serialized_payload`.  Verifier implementations
     #     should consider this attestation message verified if at least one
     #     `signature` verifies `serialized_payload`.  See `Signature` in common.proto
     #     for more details on signature structure and verification.
+    # @!attribute [rw] jwts
+    #   @return [::Array<::Grafeas::V1::Jwt>]
+    #     One or more JWTs encoding a self-contained attestation.
+    #     Each JWT encodes the payload that it verifies within the JWT itself.
+    #     Verifier implementation SHOULD ignore the `serialized_payload` field
+    #     when verifying these JWTs.
+    #     If only JWTs are present on this AttestationOccurrence, then the
+    #     `serialized_payload` SHOULD be left empty.
+    #     Each JWT SHOULD encode a claim specific to the `resource_uri` of this
+    #     Occurrence, but this is not validated by Grafeas metadata API
+    #     implementations.  The JWT itself is opaque to Grafeas.
     class AttestationOccurrence
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods
     end
   end