21 January 2025

Meeting recording

A link to the meeting recording will be provided after the meeting.

Attendees

  • Andrew Dworschak, Yokoa

  • Andy Rosen, Sequence Key

  • Claudiu Cismaru, Adobe

  • David Bigsby, Government of British Columbia

  • Drummond Reed, Gen Digital

  • Eric Scouten, Adobe

  • Gavin Peacock, Adobe

  • Hans Granqvist, Noosphere

  • Jeremy Uzan, Universal Music

  • Makki Elfatih, HKDolts

  • Nigel Earnshaw, BBC

  • Philippe Mougin, AFP

  • Philippe Rixhon, JPEG Trust

  • Scott Perry, Digital Governance Institute

  • Victor Grey, JLINC

  • Will Kreth, HAND (Human & Digital) Identity

Meeting notes

New members introduction

  • 🎥 1'01": Andrew Dworschak, Yokoa

  • 🎥 2'00": Victor Grey, JLINC

Review previous action items

🎥 3'51": Reviewed action items from previous meeting:

ACTION (✅): Eric to revise PR 203 to:

  • Look for a more generic "federated authentication" name than the existing cawg.oauth2.

  • Clarify which identity signals are self-asserted (DNS, meta tag, etc.) vs asserted by a third party (e-mail, federated).

  • Clarify who is the identity provider in the third party cases.

DONE: Will discuss later.

ACTION: Brian McInnis to add a cawg.webauthn option. (This can be a separate PR.) → No update. Moved to issue #208.

ACTION (✅): Eric to create new PR to contemplate maximum lifetime of verifications. → DONE: Will discuss PR 207 later.

ACTION: (✅) Eric to merge PR 205. → DONE

Introduction to JPEG Trust work

🎥 4'51": Philippe Rixon presented on the relationship between the JPEG Trust initiative and the C2PA effort, explaining the use cases, requirements, and the trust framework.

The initiative started with addressing fake media and has evolved to focus on provenance, authenticity, and intellectual property rights. The first edition of JPEG Trust was published, and the second edition is in the drafting stage.

Philippe highlighted the addition of intellectual property rights to the scope of JPEG Trust. This includes attribution, which requires identifying the creator, and rights declaration, which involves expressing and protecting both moral and commercial rights.

Philippe explained that CAWG’s work on identity and metadata is crucial for JPEG Trust. The integration involves using CAWG’s identity assertions and metadata structures to identify creators, editors, and rights holders. These assertions are essential for attributing media and ensuring the accuracy of provenance information.

Slide deck (PDF)

Review PR 203: Add optional method field for describing the technique used to verify account/URI control

🎥 50'09": Reviewed PR 203: Add optional method field for describing the technique used to verify account/URI control.

ACTION (✅): Eric to merge PR 203.

Split out issue #208 as a reminder of Brian McInnis' suggestion to consider a cawg.webauthn method.

Review PR 204: Add section on credential status / revocation

🎥 58'35": Reviewed PR 204: Add section on credential status / revocation.

ACTION (✅): Eric to merge PR 204.

Review PR 207: Limit validity period for identity claims verifications

🎥 59'39": Reviewed PR 207: Limit validity period for identity claims verifications.

Eric proposed a maximum lifetime for identity verifications, suggesting that the identity claims aggregator must renew the verification at least annually. The group discussed the implications of this proposal and the need for regular verification.

Some concerns were raised about the arbitrary nature of the requirement for annual renewal. The group agreed to leave this PR open for further consideration.