Added docs (#1)

* Added documentation

- Initial version of TAF readme
- Copied TUF specification

* Added UELMA whitepaper

Added UELMA whitepaper and replaced gitignore, as
it was just copied from platform. We don't want
to ignore pdf files

* Use  unordered list instead of ordered

.gitignore

@@ -1,30 +1,37 @@
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]
-db.sqlite3
-
-*.css.map
-*.js.map
+*$py.class
 
 # C extensions
 *.so
 
 # Distribution / packaging
 .Python
-env/
 build/
-!core/oll/tools/build/
 develop-eggs/
 dist/
+downloads/
 eggs/
+.eggs/
 lib/
 lib64/
 parts/
 sdist/
 var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
 *.egg-info/
 .installed.cfg
 *.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
 
 # Installer logs
 pip-log.txt
@@ -33,78 +40,84 @@ pip-delete-this-directory.txt
 # Unit test / coverage reports
 htmlcov/
 .tox/
+.nox/
 .coverage
+.coverage.*
 .cache
 nosetests.xml
 coverage.xml
+*.cover
+.hypothesis/
+.pytest_cache/
 
 # Translations
 *.mo
-
-# Mr Developer
-.mr.developer.cfg
-.project
-.pydevproject
-
-# Rope
-.ropeproject
+*.pot
 
 # Django stuff:
 *.log
-*.pot
+local_settings.py
+db.sqlite3
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
 
 # Sphinx documentation
 docs/_build/
 
-# DOT files
-*.dot
-site
-.directory
-*.png
-examples/Entity/srcgen/
-tags
-textX.mm
-textx.build/
-*.pstats
-venv
-*.pdf
-*.svg
-!docs/**/*svg
-
-# VS Code
-.vscode/
-!cls/.vscode
-*.code-workspace
+# PyBuilder
+target/
 
-.pytest_cache/
-wheels/
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
 
-node_modules
+# pyenv
+.python-version
 
-# secrets.json should *not* be checked into source control
-**\secrets.json
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don’t work, or not
+#   install all needed dependencies.
+#Pipfile.lock
 
-# Other front-end stuff
-server/v3/static/v3/dist/
-result.xml
+# celery beat schedule file
+celerybeat-schedule
 
-# need our oll-draft-server lib/ and the sub-folder lib/v*/**/dist/ folders, but lib/v*/dist
-!draft-server/**/lib
-!draft-server/**/lib/**/dist
-draft-server/**/lib/v*/dist
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
 
-# provisioning
-.vagrant/
-playbook.retry
-.terraform/
+# mkdocs documentation
+/site
 
-# ignore some more OLL-specific stuff
-**/dc-law-test-xml/**
-cached_urls.json
-# don't ignore Codify extension assets
-!cls/client/assets/*
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
 
-# new api dist files
-draft-server/oll/draft/server/v*/lib/css/draft/
-draft-server/oll/draft/server/v*/lib/js/draft/
-draft-server/oll/draft/server/**/office-ui-fabric-react.stats.json
+# Pyre type checker
+.pyre/

README.md

@@ -1,2 +1,23 @@
-# taf
-The Archive Framework
+# TAF
+
+TAF (The Archive Framework) is an implementation of archival authentication. In other words, TAF ensures that a git repository can be securely cloned/updated and authenticated. In our case, a git repository is a collection of thousands of XML documents and represents a Library of official legal material, but TAF can be used to secure any git repository, regardless of its content.
+
+A git repository can be compromised in a number of ways:
+
+- an attacker could hack a user's account on a code hosting platform, like GitHub or GitLab,
+- an attacker could hack the hosting platform,
+- an attacker could gain access to a developer's personal computer.
+
+This attacker could then:
+- upload a new GPG key to GitHub,
+- push new commits to any repository,
+- add another authorized user with write access,
+- unprotected the master branch of any of the repositories and force push to it.
+
+TAF's goal is not to prevent any of the attacks listed above from happening, but to detect that an attack took place and cancel an update if that is the case. So, TAF should be used instead of directly calling `git pull` and `git clone`.
+
+TAF's implementation strongly relies on [The Update Framework (TUF](https://theupdateframework.github.io)), which helps developers maintain the security of a software update system and provides a flexible framework and specification that developers can adopt into any  software update system.
+
+Further reading:
+1. [UELMA whitepaper](whitepapers/UELMA-Open-Law-White-Paper.pdf)
+1. [TAF implementation and integration with TUF](docs/TUF/tuf-specification.md)