22 September 2025

Attendees

  • Andrew Dworschak, Yakoa

  • Andy Rosen, Sequence Key

  • Dylan Ross, Adobe

  • Eric Scouten, Adobe

  • Erik Passoja, SAG/AFTRA

  • Howie Singer, RIAA

  • Jeremy Uzan, Universal Music

  • Luke Nispel, OriginVault

  • Makki Elfatih, HKDolts

  • Nigel Earnshaw, BBC

  • Peleus Uhley, Adobe

  • Santiago Lyon, Adobe

  • Scott Jones, RealEyes

  • Scott Perry, Digital Governance Institute

  • Tom Jones

  • Victor Grey, JLINC

  • Will Kreth, HAND (Human & Digital) Identity

Meeting notes

New members introduction

  • 🎥 8'14": Tom Jones

Review of CAWG purpose

  • 🎥 8'26": Eric gave a quick recap of the group’s purpose and work to date.

Review previous action items

  • 🎥 10'17": Reviewed previous action items:

  • ACTION: Eric to reach out to Wenjing and other ToIP members to build tighter collaboration on agentic identity. → UNDERWAY. No new developments.

  • ACTION: Eric to explore promotional video ideas. → UNDERWAY. Working with Adobe team to build a new 1-2 minute video that we can use on site. ETA ~~late August~~ → late September.

  • ACTION: Scott to work up initial draft text to use on CAWG home page. → DONE. Included on new site.

  • ACTION: Luke to revise endorsement PR #11 to incorporate suggestions from Andrew’s presentation. → NO UPDATE

  • ACTION: Referred metadata assertion PR #5 back to media identifiers TF to finalize wording and fill in TO DO items. → DONE. Reviewed later in meeting.

  • ACTION: Andrew to propose updating examples in remainder of metadata asertion spec to match this suggested usage. → NO UPDATE

  • ACTION: Eric to revise wording to encourage use of human-language and URN-based identifiers. → NOT DONE

  • ACTION: Drummond and Andrew to meet to ensure that FPP and CAWG VC efforts are technically aligned. → NOT DONE

Review metadata assertion PR #5: Add media identifiers guidance

Current draft (visible in rendered form here) is close to final form. Will likely bring it to full CAWG meeting on 6 October.

Review identity assertion PR #240: Add X.509 trust model guidance

This is an early draft and will likely undergo some significant revision before it is ready for final approval. Some discussion points from today:

  • Concern was raised over the reference to Adobe Acrobat Trust List (AATL) in the draft. After speaking with relevant Adobe product managers, we agree that AATL is not suitable for CAWG’s purposes and we will remove this reference.

  • Questions raised about the viability of vLEIs from GLEIF. That is a separate work stream not directly related to the X.509 trust list question.

  • Questions raised about the use of e-mail (S/MIME) EKUs. We will investigate the viability of enabling document-signing EKUs only. The inclusion of e-mail EKUs was based on C2PA’s trust model, which does the same.

  • Some concerns raised about the quality of organizational identity vetting that is done by CAs. Will investigate the governance regime for the issuance of OV certs.

  • To discuss further: Do we need a CAWG-specific EKU and/or trust list?