Organizational Identity Profile

This document defines a lightweight profile of the Content Credentials specification for organizational content creators. The goal is to build on the existing Content Credentials framework to provide creators and publishers the ability to author and cryptographically sign their own assertions.

Version 1.0 Draft 14 October 2025 · Version history

License

This specification is subject to the W3C Patent Policy (2004).

For sample or reference code included in the specification itself, that code is subject to the Apache 2.0 license, unless otherwise designated. In the case of any conflict or confusion within this specification repository between the W3C Patent Policy (2004) or other designated license, the terms of the W3C Patent Policy (2004) shall apply.

These terms are inherited from the Decentralized Identity Foundation Project Charter.

Contributing

This section is non-normative.

This specification is an active working draft. If you wish to contribute to its development, please view the CAWG membership page.

Foreword

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. No party shall be held responsible for identifying any or all such patent rights.

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

This document was prepared by the Creator Assertions Working Group, a working group of the Decentralized Identity Foundation.

THESE MATERIALS ARE PROVIDED “AS IS.” The Contributors and Licensees expressly disclaim any warranties (express, implied, or otherwise), including implied warranties of merchantability, non-infringement, fitness for a particular purpose, or title, related to the materials. The entire risk as to implementing or otherwise using the materials is assumed by the implementer and user. IN NO EVENT WILL THE CONTRIBUTORS OR LICENSEES BE LIABLE TO ANY OTHER PARTY FOR LOST PROFITS OR ANY FORM OF INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER FROM ANY CAUSES OF ACTION OF ANY KIND WITH RESPECT TO THIS DELIVERABLE OR ITS GOVERNING AGREEMENT, WHETHER BASED ON BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, AND WHETHER OR NOT THE OTHER MEMBER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

1. Standard terms

The key words “MUST,” “MUST NOT,” “REQUIRED,” “SHALL,” “SHALL NOT,” “SHOULD,” “SHOULD NOT,” “RECOMMENDED,” “NOT RECOMMENDED,” “MAY,” and “OPTIONAL” in this document are to be interpreted as described in BCP 14, RFC 2119, and RFC 8174 when they appear in any casing (upper, lower, or mixed).

2. Profile definition

An implementation of the CAWG organizational identity profile MUST:

Support the C2PA Content Credentials Specification, version 2.2 or a later version.
Support the cawg.x509.cose signature type in the CAWG Identity Assertion, version 1.1 or a later version.
Support the CAWG Metadata Assertion, version 1.1 or a later version.

3. Assertion types and references

An organization creating an assertion defined in the C2PA Content Credentials Specification SHOULD include such assertion as a “gathered” assertion rather than a “created” assertion.

The implementation SHOULD reference every such assertion using the referenced assertions mechanism defined in the CAWG identity assertion specification to assert responsibility for the content contained in such assertions.

Appendix A: Version history

This section is non-normative.

14 October 2025

Placeholder for working draft.