12 January 2026

Attendees

  • Andrew Dworschak, Yakoa

  • Charlie Halford, BBC

  • Dom Guinard, SSL.com

  • Eric Scouten, Adobe

  • Erik Passoja, SAG/AFTRA

  • Jenny Pretz, DDEX/RIAA

  • Jeremy Uzan, Universal Music

  • Karla McKenna, GLEIF

  • Luke Nispel, OriginVault

  • Makki Elfatih, HKDolts

  • Nathan Freitas, ProofMode

  • Nicholas Salvemini, Adobe

  • Philippe Mougin, AFP

  • Philippe Rixhon, JPEG Trust

  • Richard W. Kroon, EIDR

  • Santiago Lyon, Adobe

  • Scott Perry, Digital Governance Institute

  • Utkarsh Sharma, Vlinder

  • Vasily Suvorov, accelerate.swiss

  • Victor Grey, JLINC

  • Victor Lu, independent consultant

  • Will Kreth, HAND (Human & Digital) Identity

Meeting notes

Review previous action items

πŸŽ₯ 8'20": Quick review of previous action items:

  • ACTION: Group to add language to UX guidance doc to address Pierre Mougin’s concern that we have two potential locations to state publisher identity (metadata assertion vs identity assertion). → Will result in revisions to metadata assertion.

  • ACTION: Eric to work with Scott on spinning up a trust registry task force (issue #247) and with Andrew on spinning up a VC integration task force. → Will spin up in new year.

  • ACTION (βœ…): Pia to submit abstract text to Eric. Eric to then publish to group for online approval. → DONE (see later in agenda)

  • ACTION (βœ…): Eric to create issue queueing up further discussion on this topic. → DONE (see later in agenda)

Approve UX guidance document?

πŸŽ₯ 8'42": Re-approve UX guidance document. Was approved in 15 December meeting, except that the abstract was missing. Unchanged, except to add the abstract.

ACTION (βœ…): Eric to mark document as WG approved and submit to DIF SC for ratification.

Re-approve org ID profile

πŸŽ₯ 10'02": Re-approve Organizational identity profile. DIF SC requested that we remove β€œor later version” clauses and instead provide new versions of this document when we have reviewed the relevant documents.

ACTION (βœ…): Eric to mark document as WG approved and submit to DIF SC for ratification.

FYI: Trust Over IP HAVID task force closing

πŸŽ₯ 17'14": Discuss an earlier effort to build a bridge between DIDs and X.509, which turned out not to yield a grand-unification plan for verifiable identifiers. CAWG identity assertion subsequently built a framework for accepting multiple different credential types.

Possible that some recent work in that TF could be used to add additional attribution to X.509s that would be useful in this context.

ACTION: Scott to request rights to use the ToIP TF work in the CAWG context.

FYI: Identity 1.3 draft is open!

πŸŽ₯ 21'55": See 1.3-draft.

ACTION: Eric to coordinate with Andrew to ensure that previous work on VC/VP work is an active PR against main.

Review PR #250: Update links to point to C2PA 2.3

πŸŽ₯ 22'31": Discussed PR #250 which updates the C2PA references from 2.2 to 2.3.

ACTION (βœ…): Eric to merge PR.

Readout from trust TF

πŸŽ₯ 23'45": Scott gave a summary of the initial trust task force last week.

  • The first meeting was successful, with strong participation from industry and user groups.

  • Participants discussed the need for mechanisms to assert conformance for identity and metadata usage across diverse use cases.

  • CAWG’s role is to provide generic standards for identity and metadata, while allowing industries to manage and define their own specific metadata tags.

  • There is a need to educate industry groups on applying CAWG standards and assessing their own conformance.

  • Ongoing efforts to standardize trust registries were discussed, including existing EU and C2PA work, as potential inputs to this group.

  • The task force may align with Ayra, which is working on trust registry interoperability and could provide reusable groundwork.

  • The group agreed the task force is viable and should continue, with next steps focused on finalizing the mission statement and deliverables.

This task force will meet every other Monday (alternating with the full CAWG meeting) and will meet on 19 January.

New task forces

πŸŽ₯ 27'40": Three new task forces are spinning up:

  • Add VC/VP support (esp. First Person Project credentials) to identity assertion → Andrew

  • Add ACDC support (esp. vLEI) to identity assertion → Vasily

  • Add relationship matrix to identity assertion or adjacent document → Daniel

ACTION: Eric to work with each of the TF chairs to set up meeting times.

Review identity assertion framework FAQ

πŸŽ₯ 31'04": Eric presented a draft framework document on the Identity Assertion, intended to explain how identity assertions work and how they fit into the broader content provenance ecosystem. The document is a distilled, narrative version of slide decks Eric has been using and is meant to serve as an accessible β€œstart here” reference.

The draft covers:

  • The roles of organizations involved in content provenance (C2PA, CAWG, CAI, etc.)

  • Clarification that CAWG is not a working group within C2PA, a common misconception

  • Who signs what in the ecosystem (C2PA claim generators vs. CAWG named actors)

  • Responsibilities, number of signatures, and credential usage

  • How identity assertions differ from legacy metadata systems (XMP, IPTC photo metadata, etc.)

ACTION (βœ…): Eric to publish Draft document as reviewed on Monday.

ACTION: Eric to revise the document to incorporate feedback received:

  • Explicitly mention the C2PA conformance program

  • Better explain how CAWG assertions live inside the C2PA manifest

  • Include IPTC as an active organization in provenance work

  • Use clearer terminology when referencing IPTC standards (i.e. IPTC photo metadata specification)

  • Move toward an ecosystem-oriented framing rather than strict separation

Remove endorsement assertion?

πŸŽ₯ 44'13": Endorsement assertion has had no discussion and little interest. Remove from active draft status?

ACTION: Charlie to confer with team at BBC and suggest next steps.

Review metadata 1.2 — what needs to be completed?

πŸŽ₯ 45'56": New language requested late last year to address Phillippe Mougin’s concern that we have two potential locations to state publisher identity (metadata assertion vs identity assertion). Feedback requested; I’ll attempt to draft a revision later in the week.

ACTION: Eric to draft a PR that adds language to section 6 roughly like this:

These fields should be used only in the case where a valid signing credential is not available. So, in other words, a publisher might sign the identity assertion and attest to …​

ACTION: Charlie to file new issue suggesting a closer linkage between the CAWG identity framework signer_payload.role field and the Dublin Core metadata fields used in the CAWG metadata assertiopn.

FYI: C2PA+CAWG mobile SDKs available

πŸŽ₯ 1h02'09": Nathan pointed out that mobile SDKs are now available derived from the c2pa-rs open-source SDKs made available from the Adobe CAI team. Please see https://opensource.contentauthenticity.org/docs/mobile for more information.

OpenSSF introduction

πŸŽ₯ 1h04'21": Victor introduced the group to the OpenSSF project, which is focused on end-to-end model provenance, aiming to track both data and model lineage from source through deployment, with a strong security perspective.

There is some overlap of this project to the work of C2PA and CAWG, but it’s important to note that while C2PA supports provenance and audit trails for digital media, it does not capture the full set of metadata involved in ML training pipelines. CAWG and C2PA were seen as addressing related but different scopes, particularly around identity frameworks and credential types.

Jeremy shared related work from the AIML/COG space on capturing ML pipeline provenance (datasets, transformations, training, and resulting models) using graph-based manifests. Victor highlighted differences between the OpenSSF security-focused effort and CAWG/C2PA, especially around identity protocols, and raised the question of how the efforts could interoperate.

Victor encourages CAWG participants to engage with the OpenSSF work. Those interested are encouraged to review notes from their recent meetings.

Proposal: Standardize signing service API

πŸŽ₯ 1h11'52": Charlie proposed that a standardized HTTPS API protocol be developed which covers the generation of C2PA manifests and/or CAWG identity assertions.

ACTION: Eric and Charlie to talk offline and then perhaps bring a proposal to the group.

Open discussion: Required network calls for validating credentials

πŸŽ₯ 1h14'18": Follow up on issue #249: Add guidance regarding required network calls for validating credentials.

OUTCOME: Not feasible to constrain the credential space to those that do not require outbound network traffic.

ACTION: Eric to propose a PR that makes this explicit.