search

c2pa-org / specifications

The public specifications for the C2PA
Creative Commons Attribution 4.0 International
95 stars 8 forks source link

Missing documentation: broker service #51

Open hackerfactor opened 6 months ago

hackerfactor commented 6 months ago

The specifications section 4.1 mentions a "broker service". https://c2pa.org/specifications/specifications/1.4/attestations/attestation.html#_trust_brokers_and_rats

  1. Is this related to the "known certificate" list? (ref: https://github.com/c2pa-org/specifications/issues/50)
  2. How does a verifying service identify the list of broker services?
  3. The existing documentation (section 4.1) references RFC9334. This RFC describes a high-level process (architecture overview) but not the specific implementation for the query. Assuming the verifying service can identify a broker service, what protocol is used to query the service?
lrosenthol commented 5 months ago

The Broker Service is specific to Attestations - which is an extension to the Trust Model of C2PA. This is described in the Attestation spec at https://c2pa.org/specifications/specifications/1.4/attestations/attestation.html#_c2pa_trust_model_overview