Versions Compared

Version Old Version 3 New Version 4
Changes made by

Christina Tempelaar-Lietz

Christina Tempelaar-Lietz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Introduction to CAI & C2PA - presentation by Leonard Rosenthal, C2PA 
    • Slide deck is embedded in issue comments here: https://github.com/AcademySoftwareFoundation/openexr/files/12433844/Intro.to.CAI-C2PA.pdfissues/1497 
    • Misinformation is rampant in today's world.
    • AI generated media, outcry related to being able to identifying 
    • Worldwide legislation is being put into place
    • 2 Entities 
      • C2PA - standards body
        • LF Joint Dev Foundation project
        • develops specifications.
        • Membership: Intel, Sony, MS, Adobe, etc...
        • Liaisons with various standard bodies ISO, etc...
      • CAI Content Authenticity Initiative - responsible for building tools
        • focused on education and implementation
        • Membership: over 1700 entities, incl. media outlets, news outlets
    • 3 foundation Pillars
      • Provenance
        • not guess what is fake, provide information about what is truth
        • another signal for detection: who, what, where, why, how
      • Education
      • Policy
        • work with governments and industries
      • Do not do detection
        • do not believe this is a viable solution
    • Design goals
      • Create minimum novel technology, rely on existing tech
      • Do not require cloud storage or distributed blockchain
      • Maintain audit trail across multiple tools
      • Work on all standard asset formats
    • Specification v1.3 available online : https://c2pa.org/specifications/
    • CAI 
      • Open source SDK, used by many software and hardware vendors
      • Adobe, Microsoft, Nikon, Sony
    • C2PA Specification
      • Model for storing information in cryptographically verifiable and tamper-proof package
      • Digitally signed, connects to a defined trust model.
      • Core components in "blob" 
      • C2PA Manifest Store / Content Credentials
        • Box based data format (JMBF - jpeg metadata box-based format)
        • Assertions
          • various facts or statements such authorship
          • Content bindings - cryptographic hashing
          • Creative work, Actions (what user did), 
          • Ingredients, Thumbnails, and more
        • Credentials 
        • Data Boxes - additional information
        • Claim 
        • Claim signature
        • Manifest - verifiable unit
    • Nick: does the hashing/cryptography introduce any international concerns - 
    • Leonard: no, hashing does not introduce any issues
    • C2PA Manifests
      • Can refer to external assets and data
      • C2PA manifests can be embedded into many image, videos, audio and document formats
        • images: jpeg, png, gif, webP, avif, heic/heif, tiff, dng, svg
        • videos: mp4, mov, avi, bmff
        • audio: flag, mp3, wav, bwf
        • docs: pdf
      • Can be stored anywhere but embedded is preferred.
      • Each step of process can create a manifest - e.g. Creation, Editing, Publishing, Sharing, Viewing
      • final asset may have multiple assets which represent the history of the asset
    • Establishing a Trust Model
      • Modelled on same approach to trust as PDF and the Web
      • Doesn't matter if certificate expires, matters if it was valid when you used it
      • Enhancing Trust with Trust Signals, trust isn't binary, it's contextual

...