Merge pull request #168 from contentauth/cleanup-edits

Cleanup edits

Author: crandmck

docs/getting-started.mdx

@@ -84,10 +84,10 @@ In practice, to use a certificate with the CAI SDK, follow this process:
 
 1. Purchase security credentials (certificate and key) from a certificate authority. Either email protection or document signing certificates are valid.
 2. Extract the certificate by using a tool such as OpenSSL. You could also host the certificate in a secure environment like a hardware security module (HSM).
-3. Use one of the supporting CAI libraries or C2PA Tool to sign manifests using the certificate. 
+3. Use one of the supporting CAI libraries or C2PA Tool to sign manifests using the certificate.
 
 :::tip
-For more details and a short tutorial example, see [Signing manifests](manifest/signing-manifests.md).
+For a short tutorial example, see [Signing manifests](manifest/signing-manifests.md). For more information on how to get and use a signing certificate in production, see [Getting and using a signing certificate](prod-cert.mdx).
 :::
 
 ### Getting a security certificate
@@ -159,25 +159,17 @@ The following diagram provides a high-level view of how to use the open-source C
 Applications can use the CAI SDK in several different ways:
 
 - Web pages can use the JavaScript library to display Content Credentials.
-- Applications written in C++, Python, or Node.js can call C2PA Tool directly or use the APIs of the corresponding language libraries to:
+- Applications can "shell out" to call C2PA Tool directly.
+- Applications written in C++, Python, or Node.js can use the APIs of the corresponding language libraries to:
   - Create, modify, and sign manifests.
   - Embed manifests into media files.
   - Parse and validate manifests.
 
 Similarly, applications written in many programming languages can use the Rust Foreign Function Interface to call the Rust API and perform those same functions.
 
-<!--
-
-The ability for the JavaScript SDK to write manifests via Wasm may be released in the future to empower and broaden JavaScript development.
-
-This table summarizes the capabilities of the SDKs and C2PA Tool.
-
-<img src={cai_os_tools_table} width="900" />
--->
-
 ### Native desktop or mobile applications
 
-Applications written in C++, Python, or Node.js can call C2PA Tool directly or use the corresponding language library APIs. CAI has prerelease versions of C++/C, Python, and Node.js libraries. As prerelease versions, these APIs are subject to change.
+Applications written in C++, Python, or Node.js can use the corresponding prerelease library APIs. Applications written in any language call C2PA Tool directly, though doing so is not highly scalable.
 
 Alternatively, native applications can use Rust's _Foreign Function Interface_ (FFI) to call functions in the Rust library. The FFI enables interoperability between Rust and code written in other languages.
 

docs/manifest/understanding.md

@@ -43,7 +43,7 @@ Manifests without time-stamps cease to be valid when the signing credential expi
 
 An RFC 3161 time-stamp enables you to prove the existence of a particular piece of data at a particular time. Think of it as a notary service for data. You present a piece of data (in this case, the C2PA claim data structure) and the third-party TSA verifies that it saw that data at a time that can be audited and is independently verifiable.
 
-The time-stamp is typically defined as part of the signing information. You can set this via the c2patool `ta_url` field or by using the API. The time-stamp then appears in the `SignatureInfo` JSON object when reading the manifest store.
+The time-stamp is typically defined as part of the signing information. You can set this by using C2PA Tool in the `ta_url` field or by using the SDK. The time-stamp then appears in the `SignatureInfo` JSON object when reading the manifest store.
 
 ## References