From e7f7c891cb6c228068ac1631b753c8f885786159 Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jkukkonen@google.com>
Date: Fri, 1 Sep 2023 11:06:51 +0300
Subject: [PATCH] Sigstore: improve docstring language

The identity/issuer in the public key are the details that we verify
in the signing certificate. The OIDC identity of the authentication
token may be slightly different:
* because of identity federation the OIDC issuer may be sigstore.dev
  but the verified (federated) issuer may be github.com
* in the ambient credential case the authentication token identity
  does not necessarily match the sertificate identity

Make it clear that import_() takes the "verifying identity" details.
---
 securesystemslib/signer/_sigstore_signer.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/securesystemslib/signer/_sigstore_signer.py b/securesystemslib/signer/_sigstore_signer.py
index 3b5f2bcf..c8df0348 100644
--- a/securesystemslib/signer/_sigstore_signer.py
+++ b/securesystemslib/signer/_sigstore_signer.py
@@ -189,8 +189,8 @@ def import_(
         key should be stored for later use.
 
         Arguments:
-            identity: The OIDC identity used to create a signing token.
-            issuer: The OIDC issuer URL used to create a signing token.
+            identity: The OIDC identity to use when verifying a signature.
+            issuer: The OIDC issuer to use when verifying a signature.
             ambient: Toggle usage of ambient credentials in returned URI.
         """
         keytype = SigstoreKey.DEFAULT_KEY_TYPE