Identity Assertion

A photojournalist Alice uses a Content Credentials-enabled capture device during a newsworthy event she is covering. Her capture device is linked to a digital wallet containing her professional credentials and records her identity in each captured asset. She then imports these assets into a Content Credentials-enabled editing application. Her identity is again associated with the edits that she has made. After editing, she sends her assets to her photo editor, Bob. Bob makes additional edits also using a Content Credentials-enabled application. A new identity assertion is recorded for these edits identifying Bob as the person responsible for those edits. The finalized asset is moved into the content management system of a news organization, which is also Content Credentials-enabled, before posting the asset to social media. Anyone viewing these assets can see the identity of Alice, Bob, and the news organization in a Content Credentials-enabled viewer.

A human rights defender Jane manages to capture footage containing Content Credentials-enabled provenance of violence during a protest. Jane’s capture device is linked to a digital wallet containing her professional credentials and records her identity in each captured asset. Jane sends the footage to a human rights organization that verifies that the asset meets video-as-evidence criteria. The human rights organization determines that releasing Jane’s identity to the public could pose a safety or privacy risk, so they redact the identity assertion using a Content Credentials-enabled editing application before publishing the footage.

Aarav is the director of social communications for a political candidate in an upcoming election. He feels concerned that in efforts to manipulate voters, bad actors will create deepfake videos to misrepresent the candidate. To protect the campaign, Aarav decides that all official communications will be created, produced, and published with Content Credentials-enabled tools. The identity assertion equips Aarav and his team with the ability to represent the campaign as the organizational author of the content that they publish. Aarav encourages voters to verify any digital campaign content to ensure that the material has Content Credentials that link the assets to the campaign.

An advertising agency representing a popular sneaker brand wants to ensure that consumers are only purchasing the shoes through official channels. They have found several fraudulent campaigns online claiming to offer the shoes at a discount. To address these scams, the agency decides to incorporate Content Credentials into their creative process, using the identity assertion to represent the designer responsible for the campaign. Before the campaign goes live, the agency redacts the designer’s name and publishes the assets with Content Credentials using the identity assertion to represent the sneaker brand. Now consumers can refer to Content Credentials to identify legitimate promotional campaigns from the sneaker brand.

One morning, Charlie, an up-and-coming digital artist, woke up to find that one of their designs went viral on social media. Charlie felt upset to see their art detached from their name. Charlie had spent months working on their artwork and was disappointed not to receive credit or compensation for their work. Moving forward, Charlie decides to use the identity assertion to link their name, social media, and copyright information to the art they create. Now, when Charlie posts their content to social media platforms that display Content Credentials, viewers can easily link the artwork back to Charlie.

Eve is a musician with a talent for releasing songs featuring clever lyrics and catchy beats. Ever since Eve’s music gained traction on audio streaming apps, artists have reached out asking permission to sample her beats. Eve views these collaborations as an opportunity to help new listeners discover her music, so it is important to her that the samples are traceable back to her. She decides to begin recording her songs using a Content Credentials-enabled device linked to a digital wallet containing her identity credentials and her profile on music streaming applications. Now, when other artists release songs that sample Eve’s tunes, she can demonstrate her contribution to the final work.

A human or non-human (hardware or software) that is participating in the C2PA ecosystem. For example: a camera (capture device), image editing software, cloud service, or the person using such tools.

A file or stream of data containing digital content, asset metadata, and a C2PA Manifest.

For the purposes of this definition, we will extend the typical definition of “file” to include cloud-native and dynamically-generated data.

A digitally signed and tamper-evident data structure that references a set of assertions by one or more actors, concerning a C2PA asset, and the information necessary to represent the content binding. If any C2PA assertions were redacted, then a declaration to that effect is included. This data is a part of the C2PA Manifest.

See Section 10, “Claims,” of the C2PA technical specification.

The non-human (hardware or software) actor that generates the C2PA claim about a C2PA asset as well as the claim signature, thus leading to the C2PA asset's associated C2PA Manifest.

A data structure which represents a statement asserted by an actor concerning the C2PA asset. This data is a part of the C2PA Manifest.

See Section 6, “Assertions,” of the C2PA technical specification.

The set of information about the provenance of a C2PA asset based on the combination of one or more C2PA assertions (including content bindings), a single C2PA claim, and a claim signature. A C2PA Manifest is part of a C2PA Manifest Store.

See Section 11, “Manifests,” of the C2PA technical specification.

An actor who consumes a C2PA asset with an associated C2PA Manifest for the purpose of obtaining the provenance data from the C2PA Manifest.

A collection of C2PA Manifests, which collectively describe the provenance history of a single C2PA asset.

See Section 11.1.4.2, “Manifest Store,” of the C2PA technical specification.

Information that associates digital content to a specific C2PA Manifest associated with a specific C2PA asset, either as a hard binding or a soft binding.

Content bindings are described in Section 9, “Binding to content,” of the C2PA technical specification.

One or more cryptographic hashes that uniquely identifies either the entire C2PA asset or a portion thereof.

Hard bindings are described in Section 9.2, “Hard bindings,” of the C2PA technical specification.

A tamper-evident credential that has authorship that can be cryptographically verified.

A portable URL-based identifier, also known as a DID, associated with an entity. These identifiers are most often used in a W3C verifiable credential and are associated with credential subjects such that a W3C verifiable credential itself can be easily ported from one repository to another without the need to reissue the W3C verifiable credential. An example of a DID is did:example:123456abcdef.

Also referred to as a DID document, this is a document that is accessible using a verifiable data registry and contains information related to a specific W3C decentralized identifier, such as the associated repository and public key information.

The actor that has control (specifically signature authority) over a ToIP verifiable identifier that describes a specific named actor.

An action signifying that a digital credential can no longer be considered as valid. This is typically indicated by an action on the part of the credential issuer stating that they can no longer attest to the validity of the information in the credential or an action on the part of the credential holder stating that the public/private key pair associated with the credential is no longer valid.

Adapted from Trust Over IP’s definition of revocation.

An actor that collects identity claims (attestations) regarding a named actor from various identity providers and can replay those identity claims into identity assertions on behalf of the named actor. This actor MAY be the same as the identity assertion generator.

A C2PA assertion that allows a credential holder to prove control over an digital identity and bind the identity to a set of C2PA assertions produced by them or on their behalf.

A C2PA Manifest Consumer who also consumes and interprets the content of any identity assertions contained within the C2PA Manifest.

The non-human (hardware or software) actor that is responsible for generating the identity assertion. This MAY be the same actor as the C2PA claim generator.

An actor that is attesting to an identity of the named actor as understood in the context of the identity provider. This actor MAY be the identity assertion generator, a third party contacted by the identity assertion generator, or the issuer of an identity credential that is used by the identity assertion generator.

The actor whose relationship to a C2PA asset is documented by an identity assertion. This may also be referred to as a credential subject when identified by the subject field of a ToIP verifiable identifier.

A sequence of UTF-8 characters that is intended to be displayed to a human user. When contained within a JSON or CBOR data structure, this may be either:

The string MUST resolve to a non-empty sequence of UTF-8 characters for all supported languages.

A temporary C2PA assertion that is created during C2PA claim generation which reserves space for the eventual content of the identity assertion. A placeholder assertion MUST be used when the final file layout of the C2PA asset is required for the hard binding assertion, as described in Section 6.3, “Interaction with data hash assertion”.

The set of C2PA assertions that are referenced by an identity assertion and thus bound to (i.e. authorized by or created by) the credential holder named in the identity assertion.

Any identifier for which an endpoint system is “able to associate, discover and verify the cryptographic keys associated with a ToIP identifier.” This satisfies the ToIP design principle that “messages and data structures exchanged between parties should be verifiable as authentic using standard cryptographic algorithms and protocols.”

See ToIP identifiers in the ToIP technology architecture specification.

In the context of an identity assertion, we define trust as meeting or exceeding the minimum level of confidence an identity assertion consumer requires over assertions made about the identity of the named actor and the named actor’s true intention regarding their attestations via content included in and referenced by the identity assertion.

A list of actors, published by an authoritative source that are trusted in a specific context.

Adapted from Trust Over IP’s definition of trust list.

A trust list can be considered a simplified form of a trust registry.

The list of referenced assertions contained in signer_payload.referenced_assertions is subject to the following requirements:

The credential holder MAY choose to describe one or more relationships of the named actor to the C2PA asset by adding a role field to signer_payload.

If present, the value for role MUST be a non-empty CBOR array of non-empty text strings. It is recommended that the CBOR text strings be chosen from the following values and that any user experience that presents the content of an identity assertion be prepared to describe these roles in the same human language as the surrounding interface:

Other CBOR text string values MAY be used in role with the understanding that they may not be well understood by identity assertion consumers. CBOR text string values for role that begin with the prefix cawg. are reserved for the use of the Creator Assertions Working Group and MUST NOT be used unless defined in a this or a future version of this specification.

An example in CBOR-Diag is shown below, which is non-normative:

If the identity assertion generator chooses to include the expected_partial_claim field in signer_payload, it MUST be computed as follows:

The expected_partial_claim field SHOULD contain a CBOR map with the following fields:

If the identity assertion generator chooses to include the expected_claim_generator field in signer_payload, it MUST be computed as follows:

The resulting hash should be used as the expected_claim_generator field.

The expected_claim_generator field SHOULD contain a CBOR map with the following fields:

If the identity assertion generator chooses to include the expected_countersigners field in signer_payload, it MUST be computed as follows:

The signing credential for other identity assertions should be serialized depending on the credential type:

If the identity assertion contains an expected_partial_claim field in signer_payload, it MUST be validated as follows:

The resulting hash MUST exactly match the value present in expected_partial_claim.hash. The cawg.identity.expected_partial_claim.mismatch error code SHALL be used to report assertions that contain other values.

If the identity assertion contains an expected_claim_generator field in signer_payload, it MUST be validated as follows:

The resulting hash MUST exactly match the value present in expected_claim_generator.hash. The cawg.identity.expected_claim_generator.mismatch error code SHALL be used to report assertions that contain other values.

If the identity assertion contains an expected_countersigners field in signer_payload, it MUST be validated as follows:

An identity claims aggregation is a W3C verifiable credential that binds one or more identity claim attestations regarding the named actor to the C2PA asset in which the identity assertion appears. An identity claims aggregation MUST meet all requirements for a verifiable credential as described in Verifiable credentials data model, version 2.0, and additional requirements as stated in the remainder of this section:

An example of the identity claims aggregation verifiable credential is given below:

The identity assertion verifiable credential must adhere to a set of strict requirements as depicted in Section 8.1.1, “Identity claims aggregation description”. All of these requirements are gathered in a verifiable credentials JSON schema, i.e. https://creator-assertions.github.io/schemas/v1/identity-claims-aggregation.json. This JSON schema SHOULD be used to establish if the structure and contents of a verifiable credential conforms to all identity assertion verifiable credential requirements.

The inclusion of the credentialSchema property in a verifiable credential is OPTIONAL. However, it is highly recommended to include this field to specify the structure and constraints of the credential’s data.

The inclusion of the identity-claims-aggregation.json schema in the verifiable credential credentialSchema is OPTIONAL. However, it is RECOMMENDED to include it as it enforces this specification’s constraints.

The usage of the data verification schemas from a verifiable credential’s credentialSchema is OPTIONAL. However, it is RECOMMENDCED that verifiers use the credentialSchema to validate the structure and data integrity of the verifiable credential. By referencing the schemas specified in the credentialSchema field, verifiers can ensure that the credential data adheres to the expected format and rules.

The signature field of an identity assertion using the identity claim aggregation mechanism MUST be secured as described by §3.3.1, “Securing JSON-LD verifiable credentials with COSE,” of the W3C standard Securing verifiable credentials using JOSE and COSE. The signature payload MUST begin with the tagged COSE_Sign1 structure.

To generate the COSE signature for an identity assertion, the steps described in the listed sections of the C2PA technical specification MUST be followed with adaptations as described subsequently:

In each of the above sections, the following changes MUST be applied:

To validate the COSE signature for an identity assertion, the steps described in the listed sections of the C2PA technical specification MUST be followed with adaptations as described:

In each of the above sections, the following changes MUST be applied:

Technical trust exists if the following requirements are met to the satisfaction of the identity assertion consumer:

The identity assertion should be thought of primarily as providing a framework for establishing technical trust between a named actor and an identity assertion consumer.

Governance trust exists if the following requirements are met to the satisfaction of the identity assertion consumer:

Software tools supporting identity assertion consumers can assist in establishing governance trust by making well-informed choices about roots of trust.

Reputation trust exists if the following requirements are met to the satisfaction of the identity assertion consumer:

While reputation trust requires technical trust and governance trust to be established in order to evaluate it meaningfully, these criteria are largely subjective and thus outside the scope of this specification. Also, unlike technical trust, the evaluation of reputation trust is likely to evolve over time as the identity assertion consumer gains experience with and learns more about the named actor.

In this scenario, the credential holder possesses a credential that describes the named actor and is provisioned with the ability to generate digital signatures on the named actor’s behalf.

This scenario is implicit in the X.509 certificate-based workflow as described in Section 8.2, “X.509 certificates and COSE signatures”. Other credential types MAY also follow this scenario.

The credential holder uses this signature authority directly to generate the asset-specific credential, as depicted in the following diagram, which is non-normative:

In this scenario, the identity assertion consumer SHOULD make its trust decision based on the following predicates:

In this scenario, the credential holder possesses a credential that describes the named actor but does not have the ability to generate digital signatures on the named actor’s behalf.

In this scenario, the hardware or software implementation that is generating the identity assertion MAY request a summary of the named actor’s credential from the credential holder, and gather that information into the identity assertion, which it will then sign using its own credentials.

In this scenario, the issuer of the asset-specific credential is not the credential holder but the actor that is generating the identity assertion, as depicted in the following diagram, which is non-normative:

In this scenario, the identity assertion consumer SHOULD make its trust decision based on the following predicates:

An attacker could attempt to extract a valid identity assertion out of one C2PA asset and embed it in a new C2PA asset of an attacker’s choosing without causing a validation error. This scenario could allow an attacker to falsely attribute the new C2PA asset to a victim’s identity without their consent or knowledge. If the attacker’s C2PA asset is controversial or illegal, then falsely attributing it to a victim’s identity could result in severe consequences for the victim. The system must ensure that an attacker can not apply an existing identity assertion to a different C2PA asset.

To prevent this attack, we require that a valid identity assertion contain a signer_payload.referenced_assertions which includes a hard binding assertion that properly describes the C2PA asset. A compliant identity assertion consumer should detect that the hard binding assertion referenced by the original identity assertion does not match the attacker’s C2PA asset and fail validation.

Any content including, but not limited to the named actor’s identity, could be subject to a number of parsing or validation attacks:

The effectiveness of such attacks will necessarily be dependent on the language and other related development tooling in use for any given implementation. Beyond reminding implementers that parsing and validation errors are a likely attack surface, it is outside the scope of this specification to provide language-specific guidance.

An attacker could make use of visually-similar Unicode characters to mislead an end user into accepting a mistaken assertion of identity on behalf of a specific named actor. Such attacks are common in phishing and impersonation attacks conducted on domain names and social media.

Similarly, it is likely that two or more named actors may legitimately have the same or very similar names. Whether legitimate or not, similar names may cause confusion among identity assertion consumers absent other signals that disambiguate specific individuals or organizations. If anonymous identities are supported, identity assertions should also contain signals to disambiguate between anonymous identities.

Implementers are encouraged to apply one or more of the following approaches to mitigate this potential attack:

There are numerous scenarios which may result in the credential issued to a credential holder being revoked. Some are adverse, such as credential compromise or acting in bad faith. Other scenarios are routine, such as changes to the name, address, or other identifying information contained within the credentials.

The identity assertion consumer should make a best effort to verify the status of the credential as of the time of identity assertion creation. The exact mechanism will vary based on the credential type and will be specified in the appropriate subsection of Section 8, “Credentials, signatures, and validation methods”. If a credential is found to be revoked at that time, this information should be prominently displayed in any user experience regarding the identity assertion. Absent specific information as to the cause for revocation, a identity assertion consumer should not assume that a revocation is an indication of an adverse event.

Software tools that support Identity assertion consumers are encouraged to be mindful of harms or risks – such as generating network traffic that may indicate interest in particular content – that may accrue to the identity assertion consumer in the process of making online inquiries about such status.

In practice, the credential holder’s signing keys will be issued to systems that perform identity assertion signing operations. These systems may make these operations available to end users and/or be deployed to user-owned platforms (e.g., mobile phones). Issuance or disclosure of signing keys to malicious actors enables attackers to create claim signatures on arbitrary assets using the compromised identity. The resulting identity assertions will be valid in terms of the identity assertion specification, but effectively allow for spoofing identity.

It is therefore important that systems that manage identity assertion signing keys adhere to security and key management best practices. This includes leveraging platform-specific features (e.g., hardware security modules and cloud key management services), minimizing key reuse, and revoking keys when compromise is suspected. For more information on key management, see the NIST Key Management Guidelines.

Some identity assertion generation and signing systems may be exposed to untrusted users. Exploitation or misuse of these systems may allow attackers to create identity assertion signatures on arbitrary assets using identities provided by the system. The resulting identity assertions will be valid in terms of the identity assertion specification, but effectively allow for spoofing identity. The impact of such an attack may be amplified if identities are shared between users, and/or if the attack goes undetected for an extended period of time.

Identity assertion generation and signing systems should consider industry best practices for information security, secure development and operation, and anti-abuse practices, including leveraging available platform-specific features for deployment (e.g., Android SafetyNet, Apple DeviceCheck and AppAttest).

Capture devices, such as non-smartphone cameras, often do not have a mechanism for restricting access to specific users. It is recommended that such devices should not hold credentials for named actors and should not generate identity assertion unless they can access more secure credential-access mechanisms such as a digital wallet.

An attacker could attempt to alter the content of an identity assertion to substitute different credentials or alter the attestations included in signer_payload in order to create a misleading of the named actor or the C2PA asset.

A compliant identity assertion consumer should validate the signature field of the identity assertion. If the content of signer_payload has been altered, the signature should not match and the identity assertion consumer should fail validation in that case.

The signature from the claim generator provides an additional level of tamper evidence. In the event an attacker substitutes a new identity assertion which contains a new signature that is valid, the hash reference from the C2PA claim should still mismatch. A compliant C2PA Manifest Consumer should fail validation in that case. When validation of a C2PA Manifest has failed, a compliant identity assertion consumer should not attempt to interpret the content of any identity assertion in that C2PA Manifest.

An attacker could take a valid C2PA asset and create a new C2PA Manifest with a new signature from a new claim generator that alters the context that was anticipated by the original credential holder when signing the identity assertion.

A credential holder can prevent these attacks by using one or more of the following optional mechanisms in signer_payload which are intended to limit the content of the enclosing C2PA Manifest:

See Section 5.1, “Overview”, for complete description of these mechanisms.