18 May 2026

Attendees

  • Andrew Dworschak, Yakoa

  • Andy Rosen, Sequence Key

  • Bruce MacCormack

  • Charlie Halford, BBC

  • Colin Murphy, Adobe

  • Drummond Reed

  • Eric Osterweil, Verisign

  • Eric Scouten, Adobe

  • Gavin Peacock, Adobe

  • Jenny Pretz, RIAA

  • Jeremy Uzan, Universal Music

  • John Carlucci, HAND (Human & Digital) Identity

  • Nathan Freitas, ProofMode

  • Nicholas Salvemini, Adobe

  • Niels Rump, DDEX

  • Peleus Uhley, Adobe

  • Richard W. Kroon, EIDR

  • Scott Perry, Digital Governance Institute

  • Toby Weir-Jones, Verisign

  • Utkarsh Sharma, Vlinder

  • Vasily Suvorov, accelerate.swiss

  • Victor Grey, JLINC

  • Will Kreth, HAND (Human & Digital) Identity

Meeting notes

New members introduction

  • 🎥 6'29": Toby Weir-Jones, Verisign

Review previous action items

🎥 7'07":

ACTION (determined when meeting with Charlie Halford): Eric to draft a new cawg.actions assertion spec. → NOT DONE

Holiday coverage

🎥 7'50": Task force meetings next Monday (25 May) may need to be rescheduled for US holiday. → Trust TF rescheduled to Tuesday (26 May) next week.

Also, Eric not available for 29 June general meeting.

Readout from Singapore and Asia trip: Scott

🎥 8'51": Scott reported on his recent trip to Asia where he attended the CAI Content Authenticity Summit in Singapore, which was hosted by CAI and CATOS with approximately 175 attendees including a minister and representatives from companies like TikTok and Google. The meeting focused on content provenance issues and AI-related information, with Scott presenting on the C2PA conformance program and noting that several companies are already in the pipeline for conformance.

Charlie and Scott mentioned that they have both met with the Originator Profile team, noting potential collaboration areas including how they handle attached-to-text items and maintain attributes about named actors.

Readout from trust task force: Eric

🎥 21'06": Key topics:

  • Trust registry vs credentials all the way down?

  • Is the governance assertion a membership credential vs delegation of authority?

  • Can I trust the credential? Can I use it to operate under my governance?

We posited five goals for identity endorsement:

  1. Enable verification of content creator identity for an arbitrary length of time after content creation.

  2. Enable content creator to state the governance under which the content is being created. (This was discussed as a reference-bound registry. I think.)

  3. Enable content creator to state the endorsement of a governance organization under which the content is being created. (Big open question: How much is baked in at time of content creation vs how much needs to be discovered at time of verification?)

  4. Enable distinction between content creator’s use of restricted metadata that is authorized by professional organization from non-member assertion of that same metadata.

  5. Enable discovery of additional information / updates to permission / endorsement that may have occurred subsequent to the content creation.

Readout from VC/VP task force: Andrew

🎥 36'27": Previous meeting was cancelled. Will resume next week.f

Readout from consent task force: Erik

🎥 38'30": Erik isn’t able to join us today. He provided the following readout:

Last session, we worked through the first portion of the consent assertion spec. We also addressed the recently filed Avatar / Kilter federal complaint as a real-world example to walk through several domains of consent, including creator, subject, access and purpose, and delegated consent. We then worked through the eight asset consent categories.

This week’s discussion will cover recent developments in the entertainment industry like the SAG-AFTRA / AMPTP tentative agreement and RSL Media launch and how they relate to identity and consent as we continue working through the spec.

Next meeting: Thursday, 21 May, 9am US Pacific / noon US Eastern / 1600 UTC.

Readout from KERI/ACDC task force: Vasily

🎥 39'26": KERI/ACDC task force conducted its initial kickoff meeting last week.

  • agreed goals:

    • focus on vLEI as the governance driven usage of KERI/ACDC with global coverage for organizations and organizational role credentials

    • focus on basic credentials that can "sign" Identity Assertion. In scope: vLEI LE (Legal Entity) and Role (Official and Engagement Context roles)

    • out of focus for now: "linked" credentials that can provide additional context, e.g. membership, etc.

      • will see how "authority" and "consent" Task forces develop and possibly link up with them

  • first technical considerations

    • think about the needs of "archival quality" identifiers

    • provide for ease of discovery of the AIDs' Key Event Logs (KELs) for the purposes of the verification including witnesses, etc.

    • provide for the ability to include all required credentials in the assertion (e.g. QVI, Role, etc) that are required to establish and verify the entity that is signing the assertion.

    • use CESR signatures for the signature payload over the assertion, think about the need for timestamps and version of the keys used

Heads up: Request from C2PA to rename status codes

🎥 42'46": Eric relayed a request from C2PA for us to discontinue the use of C2PA-reserved status codes when validating CAWG X.509 assertions.

ACTION: Eric to prepare a PR introducing new CAWG-specific status codes.