Adds roadmap, codeowners, and minor docs updated here and there

Signed-off-by: Maximiliano Churichi <[email protected]>

CODEOWNERS

@@ -0,0 +1,35 @@
+* @wibarre @mchurichi @jufantozzi @maxlambrecht @mgbcaio @Victorblsilveira
+
+##########################################
+# Maintainers
+##########################################
+
+# William Barrera
+# Hewlett-Packard Enterprise
+# @wibarre
+# Slack: https://spiffe.slack.com/team/U031T0XK20L
+
+# Maximiliano Churichi
+# Hewlett-Packard Enterprise
+# @mchurichi
+# Slack: https://spiffe.slack.com/team/U9LGKELCR
+
+# Juliano Fantozzi
+# Hewlett-Packard Enterprise
+# @jufantozzi
+# Slack: https://spiffe.slack.com/team/U026EMKEQQK
+
+# Max Lambrecht
+# Hewlett-Packard Enterprise
+# @maxlambrecht
+# Slack: https://spiffe.slack.com/team/UALSSBL6Q
+
+# Caio Milfont
+# Hewlett-Packard Enterprise
+# @mgbcaio
+# Slack: https://spiffe.slack.com/team/U03AQJMUGGP
+
+# Victor Vieira Barros Leal da Silveira 
+# Hewlett-Packard Enterprise
+# @Victorblsilveira
+# Slack: https://spiffe.slack.com/team/U028EK6L4VB

CONTRIBUTING.md

@@ -1,8 +1,7 @@
 # Contributing to the Galadriel Project
 
 The change management process for the Galadriel Project is designed to be transparent, fair, and
-efficient. Anyone may contribute to a project in the galadriel repository that they have read access
-to, provided they:
+efficient. Anyone may contribute to a project in the Galadriel repository that they have read access to, provided they:
 
 * Abide by the SPIFFE [code of conduct](https://github.com/spiffe/spiffe/blob/main/CODE-OF-CONDUCT.md)
 * Can certify the clauses in the [Developer Certificate of Origin](https://github.com/spiffe/spiffe/blob/main/DCO)
@@ -24,8 +23,7 @@ To get started:
 8. Open a [pull request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/)
    against the upstream `main` branch
 
-All changes to galadriel project must be code reviewed in a pull request (this goes for everyone, even
-those who have merge rights).
+All changes to Galadriel project must be code reviewed in a pull request (this goes for everyone, even those who have merge rights).
 
 ## After your pull request is submitted
 
@@ -56,6 +54,4 @@ All repositories under this project should include:
 * A `LICENSE` file with the Apache 2.0 license
 * A [CODEOWNERS](https://help.github.com/articles/about-codeowners/) file listing the maintainers
 
-All code projects should use the [Apache License version
-2.0](https://www.apache.org/licenses/LICENSE-2.0), and all documentation repositories should use the
-[Creative Commons License version 4.0](https://creativecommons.org/licenses/by/4.0/legalcode).
+All code projects should use the [Apache License version 2.0](https://www.apache.org/licenses/LICENSE-2.0), and all documentation repositories should use the [Creative Commons License version 4.0](https://creativecommons.org/licenses/by/4.0/legalcode).

GOVERNANCE.md

@@ -3,23 +3,21 @@
 ### Users
 
 These are individuals who 
-- 1) Want to learn more about the Galadriel Project; 
-- 2) Are existing users of Galadriel and its tools who wish to follow the Project's progress.
+- Want to learn more about the Galadriel Project; 
+- Are existing users of Galadriel and its tools who wish to follow the project's progress.
 
 ### Contributors
 
-These are individuals who wish to contribute code or ideas to Galadriel. Contributors submit code and ideas through GitHub.
+These are individuals who wish to contribute code or ideas to Galadriel. Contributors submit code and ideas through GitHub issues or by creating Pull Requests.
 
 ### Maintainers
 
-These are individuals who can merge submitted PRs into the primary codebase (note: the Project requires PRs to be approved by at least two (2) Contributors). For the POC and MVP of the project, contributors and maintainers will have equivalent roles.
+These are individuals who can approve submitted Pull Requests to be merged into the primary codebase. The project requires Pull Requests to be approved by at least two (2) maintaners. Once approved, a Pull Request can be merged by either maintainers or the contributor who submitted it. A list of the current maintainers can be found in the [Codeowners](./CODEOWNERS) file.
 
 ## Change Review Process
 
 **All changes must be submitted as a GitHub Pull Request (PR)**
 
-The submitter of a PR is responsible for responding to feedback from reviewers and maintainers. While the PR remains open, they are also responsible for ensuring the change is always in a state where it can be merged. Guidelines for submitting a PR for approval can be found [here](/CONTRIBUTING.md).
+The submitter of a PR is responsible for responding to feedback from reviewers. While the PR remains open, they are also responsible for ensuring the change is always in a state where it can be merged. Guidelines for submitting a PR for approval can be found [here](/CONTRIBUTING.md).
 
-**All changes must be approved by at least two other Contributors**
-
-Documentation changes, bugfixes, or other minor changes that do not significantly impact most users must be approved by at least two (2) contributors.
+**All changes must be approved by at least two (2) Maintainers**

README.md

@@ -1,9 +1,47 @@
 # Galadriel
-
 [![CodeQL](https://github.com/HewlettPackard/galadriel/actions/workflows/codeql.yml/badge.svg)](https://github.com/HewlettPackard/galadriel/actions/workflows/codeql.yml)
-[![PR Build](https://github.com/HewlettPackard/galadriel/actions/workflows/linter.yml/badge.svg)](https://github.com/HewlettPackard/galadriel/actions/workflows/linter.yml)
+[![PR Build](https://github.com/HewlettPackard/galadriel/actions/workflows/pr_build.yml/badge.svg)](https://github.com/HewlettPackard/galadriel/actions/workflows/pr_build.yml)
 [![Scorecards supply-chain security](https://github.com/HewlettPackard/galadriel/actions/workflows/scorecards.yml/badge.svg)](https://github.com/HewlettPackard/galadriel/actions/workflows/scorecards.yml)
 [![trivy](https://github.com/HewlettPackard/galadriel/actions/workflows/trivy.yml/badge.svg)](https://github.com/HewlettPackard/galadriel/actions/workflows/trivy.yml)
 
-- [PoC Instructions](./doc/INSTRUCTIONS.md)
-- [Usage Instructions](./doc/USAGE.md)
+---
+
+Project Galadriel, or just Galadriel, is an open source project that enables scalable and easy configuration of Federation relationships among SPIRE Servers. It works as a central hub for managing and auditing Federation relationships.
+
+### What is Galadriel?
+- **Alternative approach to SPIRE Federation**: it's built on top of SPIRE APIs to facilitate foreign Trust Bundles management.
+- **Multi-tenant**: multiple organization can leverage the same Galadriel deployment, while ensuring data and operations isolation.
+- **Federation at scale**: configuring multiple SPIRE Server federation should be easy and secure by defaults, that is Galadriel's main focus.
+- **Central hub**: it's a central place where federation relationships can be defined and audited.
+
+### What is NOT Galadriel?
+- **A replacement of SPIRE/SPIFFE Federation**: it doesn't replace SPIRE Federation, it leverages what's already built in there.
+- **A SPIRE plugin**: it's deployed as a separate component, not as a SPIRE plugin.
+
+---
+
+## Get started
+
+- Learn how to run the Proof of Concept (v0.1.0) [here](https://github.com/HewlettPackard/galadriel/blob/v0.1.0/doc/INSTRUCTIONS.md)
+- [Configuration and CLI Usage instructions](./doc/USAGE.md)
+
+## Contribute
+
+Project Galadriel is an open source project under the [Apache 2 license](./LICENSE), and as such, any kind of contribution is welcome, being documentation, new features, bugfixing, issues, etc. Check out our [Contributing guidelines](./CONTRIBUTING.md) to learn how we manage contributions, and the [Governance policy](./GOVERNANCE.md) to learn about the different roles in the project.
+
+## Roadmap
+
+Project Galadriel has currently reached the Proof of Concept milestone ([v0.1.0](https://github.com/HewlettPackard/galadriel/blob/v0.1.0/doc/INSTRUCTIONS.md)). Refer to the [Roadmap](./ROADMAP.md) to learn what's next.
+
+## Want to know more?
+
+### Design document
+Please feel free to check out our [Design Document](https://docs.google.com/document/d/1nkiJV4PAV8Wx1oNvx4CT3IDtDRvUFSL8/edit?usp=sharing&ouid=106690422347586185642&rtpof=true&sd=true), where you can find more information about the architecture and future plans for Galadriel. Comments and suggestions are welcome and highly appreciated.
+
+### Community Presentations & Blog Posts
+- SPIRE Bridge: an Alternative Approach to SPIFFE Federation - [Juliano Fantozzi](https://github.com/jufantozzi), [Maximiliano Churichi](https://github.com/mchurichi) / SPIFFE Community Day Fall 2022 (October 2022) / [video](https://www.youtube.com/watch?v=pHdOm4MdPHE), [slides](https://docs.google.com/presentation/d/1Cox9MNeZA1bD2aktg2HTMjcgGn_6Rbb0/edit?usp=sharing&ouid=106690422347586185642&rtpof=true&sd=true), [demo](https://github.com/HewlettPackard/galadriel/tree/v0.1.0/demos)
+- Galadriel - A SPIRE Federation Alternative - [William Barrera Fuentes](https://github.com/wibarre) / HPE Developer Community (October 2022) / [blog post](https://developer.hpe.com/blog/galadriel-a-spire-federation-alternative/)
+
+## Found a security issue?
+
+Please refer to the [Security policy](./SECURITY.md) to learn more about security updates and reporting potential vulnerabilities.

ROADMAP.md

@@ -0,0 +1,29 @@
+# Roadmap
+
+## Milestones
+
+### Proof of Concept (PoC)
+- **Status**: Completed ([v0.1.0](https://github.com/HewlettPackard/galadriel/tree/v0.1.0/))
+- **Goal**: Exercise concepts about trust bundle exchange based on relationships. It will corroborate the feasibility of having a Harvester agent as a medium to manage federated relationships in SPIRE servers, the Server as a middle hub for exchange, and the relationship as a control for the exchange. 
+- **Result**:
+    - Server runs, and stores bundles and defined relationships in an ephemeral storage system.
+    - Server exposes local APIs for admins to register new members, generate access tokens for them, and define bidirectional 1:1 relationships.
+    - Server exposes public authenticated APIs for Harvesters.
+    - Harvester uses Server-generated access tokens to communicate with the Server.
+    - Harvester communicates with the SPIRE Server to fetch its bundle and to set foreign bundles.
+    - Harvester sends its collocated SPIRE bundle, and fetches and keeps in sync foreign bundles based on the defined relationships.
+
+### Minimum Viable Business Product (MVBP)
+- **Status**: In Progress
+- **Goal**: Have a production-ready product that is API based and implements the security and core principles identified in the [Design Document](https://docs.google.com/document/d/1nkiJV4PAV8Wx1oNvx4CT3IDtDRvUFSL8/edit?usp=sharing&ouid=106690422347586185642&rtpof=true&sd=true).
+- **Result**:
+    - Server and Harvester APIs are well defined and documented.
+    - Harvester is securely introduced to the Server.
+    - One or more production-ready database systems are available to be used as backend storage.
+    - Multiple organizations can share the same Galadriel Server instance without data leak risks.
+    - Trust bundles are cryptographically signed and verified end-to-end.
+    - Galadriel supports SPIRE in an HA topology.
+    - Server and Harvester can be configured to emit metrics to an open telemetry standard.
+    - Harvester admins explicitly approve or deny relationships.
+    - Components and flows are thoroughly and continuously tested and exercised.
+    - There are deployment options for bare metal and Kubernetes.

SECURITY.md

@@ -11,6 +11,6 @@ Versions of the project that are currently being supported with security updates
 
 ## Reporting a Vulnerability
 
-If you've found a vulnerability or a potential vulnerability in Galadriel please reach out to any of the maintainers using any private communication channel at your discretion.
+If you've found a vulnerability or a potential vulnerability in Galadriel please reach out to [any of the maintainers](./CODEOWNERS) using any private communication channel at your discretion.
 
-The maintainers are currently available at the [SPIFFE Slack](https://slack.spiffe.io).
+The maintainers are currently available at the [SPIFFE Slack](https://slack.spiffe.io).

doc/INSTRUCTIONS.md → doc/POC.md

@@ -1,10 +1,10 @@
 # Instructions
-Below is a list of instructions for running the PoC application.
+Below is a list of instructions for running the Proof of Concept of Galadriel.
 
 ## Requirements
 In order to run Galadriel you should have:
-- [Go Lang](https://go.dev/dl/) installed at version `1.19.x`
-- A running [SPIRE](https://spiffe.io/docs/latest/deploying/install-server/) server
+- [Go Lang](https://go.dev/dl/) installed at the version specified in [.go-version](/.go-version)
+- A running [SPIRE](https://spiffe.io/docs/latest/deploying/install-server/) Server
 
 ## Running the PoC locally
 In order to run the PoC locally, clone the repository:
@@ -34,12 +34,12 @@ INFO[0000] Starting TCP Server on 127.0.0.1:8085         subsystem_name=endpoint
 INFO[0000] Starting UDS Server on /tmp/galadriel-server/api.sock  subsystem_name=endpoints
 ```
 
-With the Galadriel Server running you will need to register a new Galadriel Harvester `Member`:
+With the Galadriel Server running you will need to register a new Galadriel Harvester `Member`, which represents a Trust Domain:
 ```bash
-bin/galadriel-server create member -t <your SPIRE Trust Domain>
+bin/galadriel-server create member --trustDomain <your SPIRE Trust Domain>
 ```
 
-After registering the `Member` you will need to generate a new token to onboard the Galadriel Harvester that will manage the SPIRE Server:
+After registering the `Member` you will need to generate a new token to onboard the Galadriel Harvester that will manage the SPIRE Server in the given Trust Domain:
 ```bash
 ACCESS_TOKEN=$(bin/galadriel-server generate token -t <your SPIRE Trust Domain> | cut -d ' ' -f 3)
 ```
@@ -55,4 +55,6 @@ This will result in the following output:
 INFO[0000] Starting Harvester                            subsystem_name=harvester
 INFO[0000] Connected to Galadriel Server                 subsystem_name=galadriel_server_client
 INFO[0000] Starting harvester controller                 subsystem_name=harvester_controller
-```
+```
+
+Now the Galadriel Harvester will start managing the Federation relationships in the SPIRE Server that are defined in the upstream Galadriel Server. Please refer to the [Usage documentation](./USAGE.md) to learn more.