You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/manifest/cawg-id.md
+7-3Lines changed: 7 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,6 +10,10 @@ There are two different ways to provide identity assertions:
10
10
- Using an [X.509 certificate](https://cawg.io/identity/1.1/#_x_509_certificates_and_cose_signatures) to sign the identity claims. Enterprises or large organizations can use this approach to assert their identity in a particular trust ecosystem; for example, a news organization or publisher. The SDK can validate and sign these claims.
11
11
- Using an [identity claim aggregator](https://cawg.io/identity/1.1/#_identity_claims_aggregation). Individuals can use this approach to document their role in creating an asset by using identity signals collected and verified by a third-party aggregator. The SDK can validate these claims only. Signing is not supported.
12
12
13
+
:::note
14
+
The SDK can validate claims for both kinds of identity assertions, but can only sign claims for identity assertions using an X.509 certificate.
15
+
:::
16
+
13
17
## Using an X.509 certificate
14
18
15
19
When providing an identity assertion by using an X.509 certificate, the value of `signer_payload.sig_type` must be `cawg.x509.cose`. The signature value must be a COSE signature as described in the [CAWG Identity Assertion technical specification](https://cawg.io/identity/1.1/#_x_509_certificates_and_cose_signatures).
@@ -25,10 +29,10 @@ As defined in the [CAWG Identity Assertion technical specification](https://cawg
25
29
26
30
To facilitate the use of such identity signals, the content creator may use the services of a trusted third-party intermediary known as a _identity claims aggregator_ to gather these signals and to restate them on their behalf.
27
31
28
-
The identity claims aggregator performs two important roles:
32
+
The identity claims aggregator:
29
33
30
-
-It collects and verifies identity attestation claims from various identity providers such as social media sites and ID verification vendors.
31
-
-It creates a unique asset-specific credential that binds the identity attestation claims to a specific C2PA asset.
34
+
-Collects and verifies identity attestation claims from various identity providers such as social media sites and ID verification vendors.
35
+
-Creates a unique asset-specific credential that binds the identity attestation claims to a specific asset.
0 commit comments