/
TSC Meeting Notes 2023-08-24

TSC Meeting Notes 2023-08-24

Aug 28, 2023

Attendance:

Cary Phillips
Christina Tempelaar-Lietz
John Mertic
Joseph Goldstone
Kimball Thurston
Larry Gritz
Nick Porcino
Peter Hillman
Rod Bogart

Guests:

  • Leonard Rosenthol, Adobe Senior Principal Architect / C2PA Technical Working Group chair

Discussion:

  • Introduction to CAI & C2PA - presentation by Leonard Rosenthal, C2PA 

    • Related issue: https://github.com/AcademySoftwareFoundation/openexr/issues/1497 

    • Slide deck download link: https://github.com/AcademySoftwareFoundation/openexr/files/12433844/Intro.to.CAI-C2PA.pdf

    • Misinformation is rampant in today's world.

    • AI generated media, outcry related to being able to identifying 

    • Worldwide legislation is being put into place

    • 2 Entities 

      • C2PA - standards body

        • LF Joint Dev Foundation project

        • develops specifications.

        • Membership: Intel, Sony, MS, Adobe, etc...

        • Liaisons with various standard bodies ISO, etc...

      • CAI Content Authenticity Initiative - responsible for building tools

        • focused on education and implementation

        • Membership: over 1700 entities, incl. media outlets, news outlets

    • 3 foundation Pillars

      • Provenance

        • not guess what is fake, provide information about what is truth

        • another signal for detection: who, what, where, why, how

      • Education

      • Policy

        • work with governments and industries

      • Do not do detection

        • do not believe this is a viable solution

    • Design goals

      • Create minimum novel technology, rely on existing tech

      • Do not require cloud storage or distributed blockchain

      • Maintain audit trail across multiple tools

      • Work on all standard asset formats

    • Specification v1.3 available online : https://c2pa.org/specifications/

    • CAI 

      • Open source SDK, used by many software and hardware vendors

      • Adobe, Microsoft, Nikon, Sony

    • C2PA Specification

      • Model for storing information in cryptographically verifiable and tamper-proof package

      • Digitally signed, connects to a defined trust model.

      • Core components in "blob" 

      • C2PA Manifest Store / Content Credentials

        • Box based data format (JMBF - jpeg metadata box-based format)

        • Assertions

          • various facts or statements such authorship

          • Content bindings - cryptographic hashing

          • Creative work, Actions (what user did), 

          • Ingredients, Thumbnails, and more

        • Credentials 

        • Data Boxes - additional information

        • Claim 

        • Claim signature

        • Manifest - verifiable unit

    • Nick: does the hashing/cryptography introduce any international concerns - 

    • Leonard: no, hashing does not introduce any issues

    • C2PA Manifests

      • Can refer to external assets and data

      • C2PA manifests can be embedded into many image, videos, audio and document formats

        • images: jpeg, png, gif, webP, avif, heic/heif, tiff, dng, svg

        • videos: mp4, mov, avi, bmff

        • audio: flag, mp3, wav, bwf

        • docs: pdf

      • Can be stored anywhere but embedded is preferred.

      • Each step of process can create a manifest - e.g. Creation, Editing, Publishing, Sharing, Viewing

      • final asset may have multiple assets which represent the history of the asset

    • Establishing a Trust Model

      • Modelled on same approach to trust as PDF and the Web

      • Doesn't matter if certificate expires, matters if it was valid when you used it

      • Enhancing Trust with Trust Signals, trust isn't binary, it's contextual