Cleanup edits

crandmck · crandmck · commit 16129fbe50a7 · 2025-05-16T14:23:57.000-07:00
diff --git a/docs/manifest/cawg-id.md b/docs/manifest/cawg-id.md
@@ -3,22 +3,20 @@ id: cawg-id
 title: CAWG identity assertions
 ---
 
-The [Creator Assertions Working Group (CAWG)](https://cawg.io/) defines assertions that enable content creators to express individual and organizational intent about their content.
-The CAWG identity assertion enables a credential holder to prove control over a digital identity and to use that identity to document the content creator’s role(s) in a C2PA asset’s lifecycle.
+The [Creator Assertions Working Group (CAWG)](https://cawg.io/) identity assertion enables a credential holder to prove control over a digital identity and to use that identity to document a content creator’s role(s) in a C2PA asset’s lifecycle.
 
 There are two different ways to provide identity assertions:
 
 - Using an [X.509 certificate](https://cawg.io/identity/1.1/#_x_509_certificates_and_cose_signatures) to sign the identity claims. Enterprises or large organizations can use this approach to assert their identity in a particular trust ecosystem; for example, a news organization or publisher. The SDK can validate and sign these claims.
 - Using an [identity claim aggregator](https://cawg.io/identity/1.1/#_identity_claims_aggregation).  Individuals can use this approach to document their role in creating an asset by using identity signals collected and verified by a third-party aggregator. The SDK can validate these claims only.  Signing is not supported.
 
-
 ## Using an X.509 certificate
 
-TBD
+When providing an identity assertion by using an X.509 certificate, the value of `signer_payload.sig_type` must be `cawg.x509.cose`. The signature value must be a COSE signature as described in the [CAWG Identity Assertion technical specification](https://cawg.io/identity/1.1/#_x_509_certificates_and_cose_signatures).
 
 ## Using an identity claim aggregator
 
-As defined in the [CAWG Identity Assertion technical specification](https://cawg.io/identity/1.1/#_identity_claims_aggregation), content creators may wish to document their role in creating an asset using common identity signals such as:
+As defined in the [CAWG Identity Assertion technical specification](https://cawg.io/identity/1.1/#_identity_claims_aggregation), content creators may wish to document their role in creating an asset using identity signals such as:
 - Verified web sites
 - Social media accounts
 - Official ID documentation
@@ -32,6 +30,46 @@ The identity claims aggregator performs two important roles:
 - It collects and verifies identity attestation claims from various identity providers such as social media sites and ID verification vendors.
 - It creates a unique asset-specific credential that binds the identity attestation claims to a specific C2PA asset.
 
+## Identity assertion
+
+An identity assertion using an identity claims aggregator has this general form in JSON:
+
+```json
+"assertions": [
+  ...
+  {
+    "label": "cawg.identity",
+    "data": {
+      "@context": [
+        "https://www.w3.org/ns/credentials/v2",
+        "https://cawg.io/identity/1.1/ica/context/"
+      ],
+      "type": [
+        "VerifiableCredential",
+        "IdentityClaimsAggregationCredential"
+      ],
+      "issuer": "did:web:connected-identities.identity.adobe.com",
+      "validFrom": "2025-04-29T17:34:44Z",
+      "verifiedIdentities": [
+        {
+          "type": "cawg.<type>",
+          "username": "<string>",
+          "uri": "<uri>",
+          "verifiedAt": "<DateTime>",
+          "provider": {
+            "id": "<string>",
+            "name": "<string>"
+          }
+        },
+        ...
+      ]
+    }
+  }
+]
+```
+
+### Verified identity types
+
 The following table describes the allowed values of the `type` property of `verifiedIdentities` array elements.
 
 | Value        |  Meaning |
@@ -46,13 +84,7 @@ The following table describes the allowed values of the `type` property of `veri
 The above table is based on the [CAWG identity assertion technical specifications](https://cawg.io/identity/1.1/#vc-credentialsubject-verifiedidentity-type).
 :::
 
-Terms used in the above table:
-
-- **content creator**: The actor whose relationship to a C2PA asset is documented by an identity assertion. Typically, this will be the content creator or publisher, but not necessarily.  This is a simplified example of a _named actor_, meaning the person, device, or software whose relationship to a C2PA asset is documented by an identity assertion, also referred to as a _credential subject_ when identified by the subject field of a ToIP verifiable identifier.
--  **Identity provider**:  Organization or person that attests to the identity of the content creator; This may be the identity assertion generator, a third party contacted by the identity assertion generator, or the issuer of an identity credential that the identity assertion generator uses.
-- **Identity claims aggregator**: Collects identity claims (attestations) regarding a content creator from various identity providers and can replay those identity claims into identity assertions on behalf of the content creator. This actor MAY be the same as the identity assertion generator.
-
-## Example
+### Example
 
 ```json
 "assertions": [
@@ -94,7 +126,7 @@ Terms used in the above table:
         {
           "type": "cawg.social_media",
           "username": "J Smith",
-          "uri": "https://www.linkedin.com/in/xyz",
+          "uri": "https://www.linkedin.com/in/jsmith",
           "verifiedAt": "2024-10-08T18:03:41Z",
           "provider": {
             "id": "https://linkedin.com",
