Open eeeps opened 10 months ago
@eeeps You don't need a specific action for this - just add the C2PA Manifest to the next version of the asset, marking the original (w/o manifest) as a parent ingredient. This is what stock sites like Adobe Stock have been doing for quite a while now.
If you want an action, I believe that Adobe Stock uses c2pa.published
.
@lrosenthol That would require the entity who wishes to make the attestation to implement signing (acquire a certificate, get on relevant trust lists, install and operationalize open source tooling). In this use case, I am envisioning a piece of software (e.g. Photoshop, or a cloud-based DAM solution) allowing its users to make these attestations, and tie them to specific facts about the image presented in the c2pa.metadata. Also possibly separately-in-time from their publishing flow. Does that make sense?
It's possible that the recommendation here is that anyone who wants to make a verifiable statement about the media must implement a signing flow and sign manifests themselves. Is that the case?
It's possible that the recommendation here is that anyone who wants to make a verifiable statement about the media must implement a signing flow and sign manifests themselves. Is that the case?
If you want the verifiable statement to be part of the provenance of the asset, that can be verified as part of the C2PA validation process - then yes, those statements would need to be signed and incorporated into a C2PA Manifest.
Of course, there are a variety of other groups working on external attestation systems such as the CredWeb effort from the W3C.
Problem:
People and organizations want to publish assets containing meaningful content credentials, but are working with:
These people and organizations need some way to attest that the media is authentic, and associate their organization's trustworthiness with this attestation.
I wrote up a proposal for enabling this sort of thing with a new action (
c2pa.verified
): https://github.com/eeeps/verified-c2pa-action-explainer. However if there are existing solutions to this problem that I have overlooked, or even just conversations about it that I have missed, please let me know!