Merge pull request #245 from contentauth/misc-updates

Update intro image, add redirect, fix various references and links

Author: crandmck

docs/community.md

@@ -7,28 +7,30 @@ The Content Authenticity Initiative has an active and growing community of devel
 
 ## GitHub
 
-All the open-source CAI code is hosted in GitHub in the [CAI GitHub organization](https://github.com/contentauth) and we welcome input in the form of issues and pull requests in the repositories:
+All the open-source CAI code is hosted in GitHub in the [CAI GitHub organization](https://github.com/contentauth):
 
 - **Rust Library**: [c2pa-rs](https://github.com/contentauth/c2pa-rs)
 - **CLI tool**: [c2patool](https://github.com/contentauth/c2patool)
-- **JavaScript library**: [c2pa-js](https://github.com/contentauth/c2pa-js)
-- **Prerelease libraries**: 
-  - [c2pa-python](https://github.com/contentauth/c2pa-python)
-  - [c2pa-node](https://github.com/contentauth/c2pa-node)
-  - [c2pa-c](https://github.com/contentauth/c2pa-c)
-- **JavaScript examples**: [c2pa-js-examples](https://github.com/contentauth/c2pa-js-examples)
+- **JavaScript library**: [c2pa-web](https://github.com/contentauth/c2pa-web)
+- **Python library**: [c2pa-python](https://github.com/contentauth/c2pa-python)
+- **Node.js library**: [c2pa-node](https://github.com/contentauth/c2pa-node-v2)
+- **C++ library**: [c2pa-c](https://github.com/contentauth/c2pa-c)
 
 If you think you've found a bug or want to request a feature, please open an issue in the appropriate repository.
 
 :::note
-Do not create a public GitHub issue for suspected security vulnerabilities. Instead, please file an issue through [Adobe's HackerOne page](https://hackerone.com/adobe?type=team). 
+Do not create a public GitHub issue for **suspected security vulnerabilities**. Instead, please file an issue through [Adobe's HackerOne page](https://hackerone.com/adobe?type=team). 
 For more information on reporting security issues, see [SECURITY.md](https://github.com/contentauth/c2pa-rs/blob/main/SECURITY.md).
 :::
 
 We also welcome thoughtful pull requests (PRs) from the community, following the contribution guidelines provided out in each repository. The guidelines are generally the same for all the SDK repositories; for example. see the [c2pa-rs contribution guidelines](https://github.com/contentauth/c2pa-rs/blob/main/CONTRIBUTING.md).
 
 Participants are required to follow the [Adobe Code of Conduct](https://github.com/contentauth/c2pa-rs/blob/main/CODE_OF_CONDUCT.md) to maintain an open and welcoming environment for all.
 
+### Verify
+
+The code for the [C2PA Verify website](https://verify.contentauthenticity.org/) is open source.  For general information on using it, see [Using the Verify tool](verify.mdx).
+
 ### Related projects
 
 These related projects may be of interest, but the CAI team doesn't maintain or support them:
@@ -38,6 +40,10 @@ These related projects may be of interest, but the CAI team doesn't maintain or
 - [**TrustMark**](https://github.com/adobe/trustmark): Open-source Python implementation of watermarking for encoding, decoding and removing image watermarks. You can use TrustMark as part of providing [durable content credentials](durable-cr/index.md).
 - [**C2PA Security Testing Tool**](https://github.com/contentauth/c2pa-attacks): A CLI tool derived from [c2patool](https://github.com/contentauth/c2patool) that performs security testing on a Content Credentials application.  This tool is intended for use by software security professionals.
 
+## Browser extension
+
+The free [browser extension for Google Chrome](https://chromewebstore.google.com/detail/c2pa-content-credentials/mjkaocdlpjmphfkjndocehcdhbigaafp?hl=en) enables you to verify and display manifests for images, audio and videos which have C2PA Content Credentials.
+
 ## Discussions on Discord
 
 The CAI maintains a [Discord server](https://discord.gg/CAI) for open technical discussions within the developer community, with channels focused on different projects and topics.

docs/getting-started.mdx

@@ -90,80 +90,23 @@ In practice, to use a certificate with the CAI SDK, follow this process:
 For more information on getting and using certificates, see [Signing and certificates](signing/index.md).
 :::
 
-### Verify known certificate list
+### Verify trust list
 
 import verify_unknown_source from '../static/img/verify-cc-unknown-source.png';
 
-The C2PA [Verify tool](https://verify.contentauthenticity.org) uses a list of _known certificates_ (sometimes referred to as a "trust list") to determine whether a Content Credential was issued by a known source. The known certificate list applies only to [Verify](https://verify.contentauthenticity.org). For more information, see [Verify tool known certificate list](verify-known-cert-list)
+The C2PA [Verify tool](https://verify.contentauthenticity.org) uses a list of _known certificates_ (sometimes referred to as a "trust list") to determine whether a Content Credential was issued by a known source. Currently, it uses the [interim trust list](verify-known-cert-list) but it will be updated soon to use the official [C2PA trust list](conformance.mdx#c2pa-trust-lists).
 
 ## Identity
 
-To identify who created or modified an asset, identity needs to be verifiable and bound to an asset and its manifest store. The CAI SDK supports the [W3C verifiable credentials](https://c2pa.org/specifications/specifications/1.4/specs/C2PA_Specification.html#_w3c_verifiable_credentials) standard recommendation (part of the C2PA v1.4 specification), but doesn't currently have a way to validate these credentials or ensure that they properly reflect authorship of the content. An actor can add one or more identities to a manifest using the W3C verifiable credentials data model. Currently, a verifier must trust the manifest signer to properly authenticate the identity.
-
-Identity can be bolstered with other kinds of evidence such as _Adobe connected accounts_. In the future, the identity credentials will be separately verifiable. In the future, these verifiable credentials will be strongly bound to the manifest and media and be independently verifiable.
-
-In addition to simply adding a name and organization, Adobe tools can use the [Connected Accounts service](https://connected-accounts.adobe.com/) to connect social media accounts such as Behance, Instagram, or Twitter to an identity in a manifest. This service uses OAuth, so a user must be able to log in to the account to connect it.
+To identify who created or modified an asset, identity needs to be verifiable and bound to an asset and its manifest store.
 
 :::info
-The [Creator Assertions Working Group (CAWG)](https://creator-assertions.github.io/) is developing a technical specification for an identity assertion for use in the C2PA ecosystem. CAI expects to adopt and implement this specification in the SDK at some point in the future.
+The [Creator Assertions Working Group (CAWG)](https://creator-assertions.github.io/) provides a technical specification for an identity assertion for use in the C2PA ecosystem. For more information, see [Reading CAWG identity assertions](manifest/reading/reading-cawg-id.md).
 :::
 
-## How to use the SDK
-
-The CAI open-source SDK consist of:
-
-- **C2PA Tool**, a command-line tool for working with manifests and media. This tool is a wrapper around the Rust SDK and provides most of the same capabilities that it does.
-- **Language-specific libraries** in C/C++, Python, Node.js and client JavaScript. NOTE: The C/C++, Python, Node.js libraries are prerelease versions whose APIs are subject to change.
-- **The Rust library** enables a desktop, mobile, or embedded application to create and sign manifests, embed manifests in certain file formats, and parse and validate manifests.
-
-Behind the scenes, C2PA Tool and language-specific libraries are built using the Rust library to ensure consistency.
-
-The following diagram provides a high-level view of how to use the open-source CAI SDK.
-
-<img src={cai_open_source} width="800" />
-
-Applications can use the CAI SDK in several different ways:
-
-- Web pages can use the JavaScript library to display Content Credentials.
-- Applications can "shell out" to call C2PA Tool directly.
-- Applications written in C++, Python, or Node.js can use the APIs of the corresponding language libraries to:
-  - Create, modify, and sign manifests.
-  - Embed manifests into media files.
-  - Parse and validate manifests.
-
-Similarly, applications written in many programming languages can use the Rust Foreign Function Interface to call the Rust API and perform those same functions.
-
-### Native desktop or mobile applications
-
-Applications written in C++, Python, or Node.js can use the corresponding prerelease library APIs. Applications written in any language call C2PA Tool directly, though doing so is not highly scalable.
-
-Alternatively, native applications can use Rust's _Foreign Function Interface_ (FFI) to call functions in the Rust library. The FFI enables interoperability between Rust and code written in other languages.
-
-Although the underlying technology of the Rust library supports all major programming languages, the bindings and APIs to make all of them workable and easy to use are still in development.
-
-A Windows application can use the FFI to call Rust functions from languages such as C++ or C#. For an example, see the [c2c2pa repository](https://github.com/contentauth/c2c2pa).
-
-An Android application can use JNI (Java Native Interface) to call Rust functions from Java or Kotlin code. This requires creating a shared library (a .so file) with Rust code that exposes functions with `#[no_mangle]` attribute and an `extern "C"` keyword. Java and Kotlin code can load and invoke the shared library using `System.loadLibrary()` and native methods.
-
-An iOS application can use the C-ABI (C Application Binary Interface) to call Rust functions from Swift or Objective-C code. This also requires creating a shared library (a .dylib file) with Rust code that exposes functions with `#[no_mangle]` attribute and `extern "C"` keyword. For a simple example, see [`lib.rs` in the c2c2pa repository](https://github.com/contentauth/c2c2pa/blob/main/src/lib.rs). Swift or Objective-C code can link and invoke the shared library using the `@_silgen_name` attribute and unsafe blocks.
-
-### Websites
-
-A website can serve web pages that use the JavaScript library to display manifest data using client JavaScript. The ability to create and sign manifests from JavaScript via [WebAssembly](https://webassembly.org/) is under consideration and may be released in the future.
-
-A server-side web application can create, modify, and sign claims (and view them) by:
-
-- Executing a shell command to invoke C2PA Tool. For an example, see the [c2patool Node.js service example](c2pa-service-example). While this approach works, it is not highly scalable.
-- Use the prerelease [Node.js](c2pa-node), [Python](c2pa-python), or [C++/C](c2pa-c) libraries.
-- Bind to the Rust library and use it, similarly to native applications.
-
-### Embedded applications
-
-An embedded application can use the Rust FFI (foreign function interface) to call Rust functions from languages such as C or C++, similarly to a native application.
-
-Embedded applications have unique constraints tied to the devices on which they run, including small memory footprint, low-powered hardware, intermittent network access, unique operating systems, or the lack of an operating system OS (running on bare metal). For these reasons, if you want to develop a CAI-enabled embedded application, please contact the CAI team directly.
+In addition, Adobe tools can use the [Connected Accounts service](https://connected-accounts.adobe.com/) to connect social media accounts such as Behance, Instagram, or Twitter to an identity in a manifest. This service uses OAuth, so a user must be able to log in to an Adobe account to connect it.
 
-## Attaching and storing the manifest
+## Attaching and storing manifest data
 
 Once you've generated a manifest, you must attach it to the asset for it to be useful.
 

docs/introduction.mdx

@@ -4,7 +4,7 @@ title: CAI open source SDK
 ---
 
 import cr_pin from '../static/img/cr-pin.png';
-import cai_open_source_red from '../static/img/cai-open-source-red.jpg';
+import cai_open_source from '../static/img/cai-open-source.jpg';
 
 :::tip
 You're strongly encouraged to read this introduction and [Getting started](getting-started.mdx) to give you some basic background and context, before you dive right into development. [Working with manifests](manifest/understanding.md) also has some crucial information, regardless of which language and library you use.
@@ -14,52 +14,38 @@ The Coalition for Content Provenance and Authenticity (C2PA) and Content Authent
 
 ## What's in the SDK
 
-The CAI open-source SDK (software development kit) is a set of tools and libraries that enable developers to create, verify, and display Content Credentials based on C2PA standards.
+The CAI open-source SDK consist of:
 
-<img src={cai_open_source_red} width="800" />
-
-The CAI open-source SDK consists of:
-
-- [C2PA Tool](#c2pa-tool): a command-line tool for working with C2PA manifests and media assets.
-- [The JavaScript library](#javascript-library) (also known as the JavaScript SDK): Client JavaScript library for code that runs, for example, in a web browser.
-- [Prerelease libraries](#prerelease-libraries) for Node.js, Python, and C++/C.
-- [The Rust library](#rust-library), which is the code that underlies everything else. It's the "source of truth" that all the other libraries use.
+- [**C2PA Tool**](c2patool/readme.md), a command-line tool for working with manifests and media. This tool is a wrapper around the Rust SDK and provides most of the same capabilities that it does. C2PA Tool can:
+  - Read a JSON report of manifest data.
+  - Attach a manifest store to an asset, if it doesn't already have an associated manifest store.
+  - Add a manifest to to the associated manifest store if the asset does have an associated manifest store.
+- [**JavaScript library**](c2pa-js) that enables web pages to verify and read manifest data using client JavaScript. Use it to add user interface elements to your website that display manifest data while following the [C2PA user experience recommendations](https://c2pa.org/specifications/specifications/1.0/ux/UX_Recommendations.html).
+- **[C/C++](c2pa-c/readme.md), [Python](c2pa-python/readme.md), [Node.js](c2pa-node/readme.md) libraries** that enable applications to read and validate manifest data, create and sign manifest data and embed it supported asset files.
+- [**Mobile libraries**](mobile.md) that enable mobile applications for iOS and Android to to read and generate manifest data.
+- [**The Rust library**](rust-sdk/readme.md) that generates the other language bindings and can also be used directly to read and generate manifest data. The Rust library is the fundamental system underlying everything else.
 
 To see a summary of what each tool and library can do, see [Which tool is right for you?](#which-tool-is-right-for-you).
 
-### C2PA Tool
-
-[C2PA Tool](c2patool/readme.md), is a **command-line utility for working with C2PA manifest data**. Use this tool to work with assets in a supported file format to:
-
-- Read a JSON report of manifest data.
-- Attach a manifest store to an asset, if it doesn't already have an associated manifest store.
-- Add a manifest to to the associated manifest store if the asset does have an associated manifest store.
-
-### JavaScript library
+The following diagram provides a high-level view of the SDK.
 
-The client [JavaScript library](js-sdk/getting-started/overview.mdx) enables **working with manifest data in the browser**. Use this library to:
+<img src={cai_open_source} width="800" />
 
-- Verify and display manifest data on a website or web application.
-- Link manifest data displayed on your site to [Verify](https://verify.contentauthenticity.org/).
-- Easily add user interface elements to your website that display manifest data while following the [C2PA user experience recommendations](https://c2pa.org/specifications/specifications/1.0/ux/UX_Recommendations.html).
-
-### Prerelease libraries
-
-The [C++/C](c2pa-c/readme.md), [Python](c2pa-python/readme.md), and [Node.js](c2pa-node/readme.md) libraries enable applications written in those languages to **create, verify, and display Content Credentials**.
-
-:::warning Warning
-These libraries are all early prerelease versions. They may have bugs and unimplemented features, and their APIs are subject to change.
-:::
+## How to use the SDK
 
-### Rust library
+Applications can use the CAI SDK in several different ways:
 
-The [Rust library](rust-sdk/readme.md) enables **adding C2PA capabilities to a desktop, mobile, or embedded application**. The Rust library is the fundamental system underlying everything else. C2PA Tool uses it "under the hood" and language-specific APIs are generated from it.
+- Web pages can use the JavaScript library to display Content Credentials.
+- Applications can "shell out" to call C2PA Tool directly, though doing so is not highly scalable.
+- Applications written in C++, Python, or Node.js can use the corresponding language libraries to:
+  - Create, modify, and sign manifests.
+  - Embed manifests into media files.
+  - Parse and validate manifests.
+- Mobile apps can use the iOS and Android libraries do all the above.
 
-You can use the Rust library via the Foreign Function Interface (FFI) to:
+Native applications can also use Rust's _Foreign Function Interface_ (FFI) to call functions in the Rust library. The FFI enables interoperability between Rust and code written in other languages. For example, a Windows application can use the FFI to call Rust functions from languages such as C++ or C#. For an example, see the [c2c2pa repository](https://github.com/contentauth/c2c2pa).
 
-- Create and sign C2PA claims and manifests.
-- Embed a manifest store into certain asset file formats.
-- Parse and validate manifests found in certain asset file formats.
+An embedded application can use the Rust FFI (foreign function interface) to call Rust functions from languages such as C or C++, similarly to a native application. Embedded applications have unique constraints tied to the devices on which they run, including small memory footprint, low-powered hardware, intermittent network access, unique operating systems, or the lack of an operating system OS (running on bare metal). For these reasons, if you want to develop a CAI-enabled embedded application, please contact the CAI team directly.
 
 ## Which tool is right for you?
 
@@ -71,7 +57,7 @@ import green_check from '../static/img/green_check.png';
       <th style={{ textAlign: 'left' }}>Use To...</th>
       <th style={{ textAlign: 'left' }}>JavaScript Library </th>
       <th style={{ textAlign: 'left' }}>C2PA Tool</th>
-      <th style={{ textAlign: 'left' }}>Prerelease Libraries </th>
+      <th style={{ textAlign: 'left' }}>Python, C++, and Node.js Libraries </th>
       <th style={{ textAlign: 'left' }}>Rust Library</th>
     </tr>
   </thead>

docs/js-sdk/getting-started/legacy-js-sdk-redirect.mdx

@@ -0,0 +1,10 @@
+---
+id: overview
+title: Redirect
+---
+
+import { Redirect } from '@docusaurus/router';
+
+<Redirect to="../../js-landing/" />
+
+This page will be redirected to `https://opensource.contentauthenticity.org/docs/js-sdk/js-landing`.

docs/js-sdk/getting-started/overview.mdx

@@ -7,7 +7,7 @@ import Deprecation from '../deprecation-notice.md';
 
 <Deprecation name="deprecation" />
 
-The CAI JavaScript library (sometimes referred to as the "JavaScript SDK") enables client JavaScript applications to view and verify [C2PA](https://c2pa.org/) data. It performs only **read** operations on C2PA manifests, unlike the [Rust library](../../rust-sdk/), and the [prerelease libraries](../../other-langs) which can both read and write manifests.
+The CAI JavaScript library (sometimes referred to as the "JavaScript SDK") enables client JavaScript applications to view and verify [C2PA](https://c2pa.org/) data. It performs only **read** operations on C2PA manifests.
 
 ## What you should already know