Here is a list of terms we use when discussing Enterprise Contracts
A set of requirements imposed upon software delivery artifacts implemented in a Enterprise Contract Policy fulfilling a gating role allowing or preventing a release of these artifacts
Individual expression of Enterprise Contract Policy. For example: all images should be signed. Evaluation of Policy Rules determines if a release of software artifact is permitted or prevented
A Policy Rule that even if violated does not prevent a release of software artifacts. Marking a Policy Rule as non-blocking is external to the Policy Rule implementation.
The person responsible for authorizing one or more releases. For Red Hat, this is a Red Hat employee at a certain role (e.g. Project Manager, Product Owner, Technical Lead, etc). It is up to the Application maintainer to define the authorizer.
A statement that an Authorizer allows component builds from certain git references to be released.
A process of generating verifiable claims about any aspect of how a piece of software is produced. In technical terms specified via In-toto Attestation Framework.