Add intoto type documentation (#679)

* Add in-toto type documentation Signed-off-by: John Speed Meyers <jsmeyers@chainguard.dev>

Add intoto type documentation (#679)
f314ee96 · John Speed Meyers · GitHub · 88e91b94 · f314ee96
Unverified Commit f314ee96 authored 3 years ago by John Speed Meyers Committed by GitHub 3 years ago
--- a/pkg/types/intoto/README.md
+++ b/pkg/types/intoto/README.md
+**in-toto Type Data Documentation**
+This document provides a definition for each field that is not otherwise described in the [in-toto schema](https://github.com/sigstore/rekor/blob/main/pkg/types/intoto/v0.0.1/intoto_v0_0_1_schema.json). This document also notes any additional information about the values associated with each field such as the format in which the data is stored and any necessary transformations.
+**Attestation:** authenticated, machine-readable metadata about one or more software artifacts. [SLSA definiton](https://github.com/slsa-framework/slsa/blob/main/controls/attestations.md)
+- The Attestation value ought to be a Base64-encoded JSON object.
+- The [in-toto Attestation specification](https://github.com/in-toto/attestation/blob/main/spec/README.md#statement) provides detailed guidance on understanding and parsing this JSON object.
+**AttestationType:** Identifies the type of attestation being made, such as a provenance attestation or a vulnerability scan attestation. AttestationType's value, even when prefixed with an http, is not necessarily a working URL.
+**How do you identify an object as an in-toto object?**
+The "Body" field will include an "IntotoObj" field.