Metadata Assertion

The C2PA technical specification allows actors in a workflow to make cryptographically signed assertions about the produced C2PA asset.

This specification describes a C2PA assertion referred to here as the metadata assertion, binding metadata from standards such as XMP, IPTC, and Exif to a C2PA Manifest in a tamper-evident way.

Unlike the c2pa.metadata assertion from the C2PA technical specification, this specification places no restrictions on which metadata fields may be included. This flexibility allows it to support a broader set of use cases and makes it well-suited for use in gathered_assertions in the C2PA Claim schema, where the signer of the C2PA Manifest does not attest to the accuracy of the provided metadata but still ensures the integrity of the C2PA Manifest.

Version 1.2 Draft 16 June 2025 · Version history

License

This specification is subject to the W3C Patent Policy (2004).

For sample or reference code included in the specification itself, that code is subject to the Apache 2.0 license, unless otherwise designated. In the case of any conflict or confusion within this specification repository between the W3C Patent Policy (2004) or other designated license, the terms of the W3C Patent Policy (2004) shall apply.

These terms are inherited from the Decentralized Identity Foundation Project Charter.

Contributing

This section is non-normative.

This specification is an active working draft. If you wish to contribute to its development, please view the CAWG contributing guide.

Foreword

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. No party shall be held responsible for identifying any or all such patent rights.

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

This document was prepared by the Creator Assertions Working Group, a working group of the Decentralized Identity Foundation.

THESE MATERIALS ARE PROVIDED “AS IS.” The Contributors and Licensees expressly disclaim any warranties (express, implied, or otherwise), including implied warranties of merchantability, non-infringement, fitness for a particular purpose, or title, related to the materials. The entire risk as to implementing or otherwise using the materials is assumed by the implementer and user. IN NO EVENT WILL THE CONTRIBUTORS OR LICENSEES BE LIABLE TO ANY OTHER PARTY FOR LOST PROFITS OR ANY FORM OF INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER FROM ANY CAUSES OF ACTION OF ANY KIND WITH RESPECT TO THIS DELIVERABLE OR ITS GOVERNING AGREEMENT, WHETHER BASED ON BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, AND WHETHER OR NOT THE OTHER MEMBER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Table of contents

1. Introduction

This section is non-normative.

1.1. History

In versions 1.3 and earlier of the C2PA technical specification, there were individual assertions for each metadata standard (e.g., IPTC, Exif). These were coalesced into a single “common” metadata assertion in version 1.4 of the specification. In version 2.x of the C2PA technical specification, new restrictions were added as to which metadata content could be reflected in the built-in c2pa.metadata assertion.

This specification is not a product of the C2PA, but provides a mechanism for metadata that can no longer be expressed in the c2pa.metadata assertion to be included in a C2PA Manifest.

2. Normative references

3. Standard terms

The key words “MUST,” “MUST NOT,” “REQUIRED,” “SHALL,” “SHALL NOT,” “SHOULD,” “SHOULD NOT,” “RECOMMENDED,” “NOT RECOMMENDED,” “MAY,” and “OPTIONAL” in this document are to be interpreted as described in BCP 14, RFC 2119, and RFC 8174 when they appear in any casing (upper, lower, or mixed).

4. Assertion definition

A CAWG metadata assertion SHALL have a label of cawg.metadata and SHALL follow the format for metadata assertions as described below:

Each metadata assertion shall contain a single JSON content type box containing the JSON-LD serialization of one or more metadata values. The @context property within the JSON-LD object shall be included, and used to provide context / namespaces for the metadata standards being specified. The recommended procedure to create this JSON-LD object is to first create an XMP Data Model representation of the metadata and then serialize that to JSON-LD using the JSON-LD serialization of XMP. The JSON-LD would then be stored as a JSON content type box.
Section 18.16.2, “Metadata: Common Requirements,” of the C2PA technical specification version 2.2
The restrictions expressed in Appendix B, “Implementation Details for c2pa.metadata,” in the C2PA technical specification SHALL NOT apply to this assertion.

4.1. Examples

This section is non-normative.

An example of an common metadata assertion for an image:

{
	"@context" : {
		"exif": "http://ns.adobe.com/exif/1.0/",
		"exifEX": "http://cipa.jp/exif/2.32/",
		"tiff": "http://ns.adobe.com/tiff/1.0/",
		"Iptc4xmpCore": "http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/",
		"Iptc4xmpExt": "http://iptc.org/std/Iptc4xmpExt/2008-02-29/",
		"dc" : "http://purl.org/dc/elements/1.1/",
		"photoshop" : "http://ns.adobe.com/photoshop/1.0/",
	},
	"photoshop:DateCreated": "Aug 31, 2022", 
	"Iptc4xmpExt:DigitalSourceType": "https://cv.iptc.org/newscodes/digitalsourcetype/digitalCapture",
	"Iptc4xmpExt:LocationCreated": { 
	  "Iptc4xmpExt:City": "San Francisco"
	},
	"Iptc4xmpExt:PersonInImage": [ 
	  "Erika Fictional"
	],
	"Iptc4xmpCore:AltTextAccessibility": "Photo of Erika Fictional standing in front of the Golden Gate Bridge at sunset.",
	"exif:GPSVersionID": "2.2.0.0",
	"exif:GPSLatitude": "39,21.102N",
	"exif:GPSLongitude": "74,26.5737W",
	"exif:GPSAltitudeRef": 0,
	"exif:GPSAltitude": "100963/29890",
	"exif:GPSTimeStamp": "2019-09-22T18:22:57Z",
	"exif:GPSSpeedRef": "K",
	"exif:GPSSpeed": "4009/161323",
	"exif:GPSImgDirectionRef": "T",
	"exif:GPSImgDirection": "296140/911",
	"exif:GPSDestBearingRef": "T",
	"exif:GPSDestBearing": "296140/911",
	"exif:GPSHPositioningError": "13244/2207",
	"exif:ExposureTime": "1/100",
	"exif:FNumber": 4.0,
	"exif:ColorSpace": 1,
	"exif:DigitalZoomRatio": 2.0,
	"tiff:Make": "CameraCompany",
	"tiff:Model": "Shooter S1",
	"exifEX:LensMake": "CameraCompany",
	"exifEX:LensModel": "17.0-35.0 mm",
	"exifEX:LensSpecification": { "@list": [ 1.55, 4.2, 1.6, 2.4 ] }
  
}

An example of an common metadata assertion for a PDF:

{
	"@context" : {
	  "dc" : "http://purl.org/dc/elements/1.1/",
	  "xmp" : "http://ns.adobe.com/xap/1.0/",
	  "pdf" : "http://ns.adobe.com/pdf/1.3/",
	  "pdfx": "http://ns.adobe.com/pdfx/1.3/"
	},
	"dc:created": "2015 February 3", 
	"dc:title": [
		"This is a test file"
	],
	"xmp:CreatorTool": "TeX",
	"pdf:Producer": "pdfTeX-1.40.14",
	"pdf:Trapped": "Unknown",
	"pdfx:PTEX.Fullbanner": "This is pdfTeX, Version 3.1415926-2.5-1.40.14 (TeX Live 2013) kpathsea version 6.1.1"
}

5. Use with identity assertion

When a CAWG metadata assertion is included in gathered_assertions in the C2PA Claim schema, meaning that the provided metadata is not attributed to the signer of the C2PA Manifest, it is RECOMMENDED to include this assertion as a referenced assertion within a CAWG identity assertion.

This reference SHALL constitute an attestation by the named actor of that identity assertion to the accuracy of the provided metadata.

Appendix A: Version history

This section is non-normative.

20 May 2025

16 June 2025

  • Updated C2PA technical spec references to use version 2.2.

  • Restored missing link to IETF standard terms.

  • Recommend use of identity assertion to attest to metadata authorship.