Here is a list of terms we use when discussing Enterprise Contracts

Enterprise Contract

A set of requirements imposed upon software delivery artifacts implemented in a Enterprise Contract Policy fulfilling a gating role allowing or preventing a release of these artifacts

Enterprise Contract Policy

An implementation of Enterprise Contract comprised of one or more Policy Rule

Policy Rule

Individual expression of Enterprise Contract Policy. For example: all images should be signed. Evaluation of Policy Rules determines if a release of software artifact is permitted or prevented

Non-blocking Policy

A Policy Rule that even if violated does not prevent a release of software artifacts. Marking a Policy Rule as non-blocking is external to the Policy Rule implementation.

Time-based Policy Rule

A Policy Rule that behaves like a Non-blocking Policy until a certain time in the future at which point it behaves like a regular Policy Rule.


The person responsible for authorizing one or more releases. For Red Hat, this is a Red Hat employee at a certain role (e.g. Project Manager, Product Owner, Technical Lead, etc). It is up to the Application maintainer to define the authorizer.


A statement that an Authorizer allows component builds from certain git references to be released.


A process of generating verifiable claims about any aspect of how a piece of software is produced. In technical terms specified via In-toto Attestation Framework.