05 January 2026 (Trust Task Force)

🎥 5'47": Scott described the context of CAWG sitting as part of the C2PA ecosystem. C2PA last year established its conformance program, which enables content consumers to have confidence in the what and the how attestations from conformant products. CAWG now faces a similar question regarding the identity of human content creators, whether individual or organizational. Providing a lasting architecture for clarity on that front is the purpose of this task force.

The news media industry, represented here by IPTC and BBC, have shown interest in taking ownership and control the kinds of attributions that can be made on behalf of their industry members. We are expecting other industries to have interest in doing the same, so an important part of this TF’s work will be to support those efforts in a scalable fashion.

🎥 17'57": Vasily raised the question: What is the scope of the trust registry we would create? CAWG-specific or broader?

Consensus: Limit scope to creator assertions (i.e. identity claims for digital media content that is described by C2PA manifests).

🎥 23'32": Peleus raised the question of whether the TF scope should include private use cases (i.e. specialized use cases internal a specific company or organization)?

Consensus: Limit scope to public content.

🎥 30'52": Drummond gave a brief introduction to the trust registry query protocol work being done at Trust Over IP Foundation. The intent of this protocol is to provide a mechanism for establishing the validity of claims made in various kinds of credentials.

Drummond encouraged us to think about not having just one trust registry but a class of trust registries that serve the needs of a wide variety of content creators who need to have credentials that can be trusted.

Drummond also encouraged us to think about the governance of individual trust registries as out of scope for CAWG, but rather the responsibility of industry-specific organizations. CAWG instead should focus on establishing guidance for what defines a CAWG-compliant trust registry.

🎥 35'44": Music industry, through DDEX, is interested in principle to manage a trust registry for music creators, with the caveat that they need to better understand what that means.

🎥 38'20": Eric reminded the group that we’re talking mostly about X.509 mechanisms for now, but there is already one other credential type (identity claims aggregation) in the existing identity assertion spec, and there are likely to be more within the year.

🎥 40'06": Charlie and Eric discussed the notion of industry-specific endorsements as an attachment separate from an organizational identity credential.

As a specific exmaple, depending on the specific digital media asset in question, the BBC might be acting as a news-media organization or an entertainment provider. An organizational identity credential would likely be the same in either case, but an IPTC news media endorsement should only be attached to news content.