Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Features for manual verification #45

Open
eeeps opened this issue Jan 17, 2024 · 3 comments
Open

Features for manual verification #45

eeeps opened this issue Jan 17, 2024 · 3 comments
Assignees
@lrosenthol

Comments

@eeeps
Copy link

eeeps commented Jan 17, 2024

Problem:

People and organizations want to publish assets containing meaningful content credentials, but are working with:

  1. existing libraries of media, which do not have C2PA provenance
  2. new media coming from cameras and editing flows which have not yet adopted C2PA, which also lack C2PA provenance.

These people and organizations need some way to attest that the media is authentic, and associate their organization's trustworthiness with this attestation.

I wrote up a proposal for enabling this sort of thing with a new action (c2pa.verified): https://github.com/eeeps/verified-c2pa-action-explainer. However if there are existing solutions to this problem that I have overlooked, or even just conversations about it that I have missed, please let me know!
@lrosenthol
Copy link
Contributor

@eeeps You don't need a specific action for this - just add the C2PA Manifest to the next version of the asset, marking the original (w/o manifest) as a parent ingredient. This is what stock sites like Adobe Stock have been doing for quite a while now.

If you want an action, I believe that Adobe Stock uses c2pa.published.

@lrosenthol lrosenthol self-assigned this Jan 18, 2024
@eeeps
Copy link
Author

eeeps commented Jan 18, 2024
edited
Loading

@lrosenthol That would require the entity who wishes to make the attestation to implement signing (acquire a certificate, get on relevant trust lists, install and operationalize open source tooling). In this use case, I am envisioning a piece of software (e.g. Photoshop, or a cloud-based DAM solution) allowing its users to make these attestations, and tie them to specific facts about the image presented in the c2pa.metadata. Also possibly separately-in-time from their publishing flow. Does that make sense?

It's possible that the recommendation here is that anyone who wants to make a verifiable statement about the media must implement a signing flow and sign manifests themselves. Is that the case?

@lrosenthol
Copy link
Contributor

It's possible that the recommendation here is that anyone who wants to make a verifiable statement about the media must implement a signing flow and sign manifests themselves. Is that the case?

If you want the verifiable statement to be part of the provenance of the asset, that can be verified as part of the C2PA validation process - then yes, those statements would need to be signed and incorporated into a C2PA Manifest.

Of course, there are a variety of other groups working on external attestation systems such as the CredWeb effort from the W3C.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lrosenthol lrosenthol

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eeeps @lrosenthol