Reorg files and add some new files to cover all reading/writing cases separately

Author: crandmck

docs/manifest/ingredients.md

@@ -1,13 +1,13 @@
 ---
 id: reading-ingredients
-title: Reading ingredient data
+title: Reading ingredients
 ---
 
 ## Overview 
 
-The C2PA specification defines three kinds of ingredients:
-- V1, with label `c2pa.ingredient`.
-- V2, with label `c2pa.ingredient.v2`.
+Existing manifests may contain any of these three kinds of ingredients:
+- V1, with label `c2pa.ingredient` (deprecated).
+- V2, with label `c2pa.ingredient.v2` (deprecated).
 - V3, with label `c2pa.ingredient.v3`, which addresses the issue of validating ingredients after redaction.
 
 :::note
@@ -18,7 +18,7 @@ The C2PA Technical Specification describes _ingredient assertions_ but the CAI S
 
 The `ingredients` array contains an element for each ingredient used to create an asset.  When an ingredient itself has Content Credentials, those manifests are included in the composed asset's manifest store to keep the provenance data intact.
 
-The `ingredients` array contains an [ingredient object](json-ref/manifest-def.mdx#ingredient) for each ingredient.  The only required property of the `ingredient` object is the `title` property, which usually is the source file name.
+The `ingredients` array contains an [ingredient object](manifest/json-ref/manifest-def.mdx#ingredient) for each ingredient.  The only required property of the `ingredient` object is the `title` property, which usually is the source file name.
 
 Other important properties of the ingredient object include:
 - `format`: MIME type of the source file (optional).
@@ -58,9 +58,7 @@ The ingredient object's `relationship` property describes its relationship to th
 
 ## Validation results
 
-_This is now validation results_
-
-json-ref/reader#validationresults
+The [ValidationResults](/docs/manifest/json-ref/reader#validationresults) object contains the the validation results for the active manifest and any changes to ingredients.
 
 When ingredients are added, the SDK validates their Content Credentials (if any).  However, the validation status of an ingredient does not imply anything about the validation status of the composed asset containing the ingredient. In other words:
 - A composed asset's Content Credentials may be valid, but one or more of its ingredients may have invalid Content Credentials. For example, test file [adobe-20220124-XCA.jpg](https://contentcredentials.org/verify?source=https://c2pa.org/public-testfiles/image/jpeg/adobe-20220124-XCA.jpg)

docs/manifest/reading.md

@@ -130,4 +130,4 @@ Old manifests may have training and data mining assertions with the following en
 - `c2pa.ai_generative_training`
 - `c2pa.ai_inference`
 
-These assertions have been replaced by [CAWG training and data mining assertions](assertions-actions.md#cawg-training-and-data-mining-assertion) with `cawg.*` entry keys. 
+These assertions have been replaced by [CAWG training and data mining assertions](../writing/assertions-actions.md#cawg-training-and-data-mining-assertion) with `cawg.*` entry keys. 

docs/manifest/ingredients-reading.md renamed to docs/manifest/reading/ingredients-reading.md

@@ -0,0 +1,155 @@
+---
+id: reading-cawg-id
+title: Reading CAWG identity assertions
+---
+
+The [Creator Assertions Working Group (CAWG)](https://cawg.io/) identity assertion enables a credential holder to prove control over a digital identity and to use that identity to document a content creator’s role(s) in a C2PA asset’s lifecycle.
+
+<div class="review-comment">
+Revise to focus on reading these assertions.
+</div>
+
+The SDK can read and validate CAWG identity assertions provided:
+
+- Using an [X.509 certificate](https://cawg.io/identity/1.1/#_x_509_certificates_and_cose_signatures) to sign the identity claims. Enterprises or large organizations can use this approach to assert their identity in a particular trust ecosystem; for example, a news organization or publisher. The SDK can validate and sign these claims.
+- Using an [identity claim aggregator](https://cawg.io/identity/1.1/#_identity_claims_aggregation).  Individuals can use this approach to document their role in creating an asset by using identity signals collected and verified by a third-party aggregator. The SDK can validate these claims only.  Signing is not supported.
+
+## Identity assertions provided using an X.509 certificate
+
+In an identity assertion by using an X.509 certificate, the value of `signer_payload.sig_type` is `cawg.x509.cose`. The signature value must be a COSE signature as described in the [CAWG Identity Assertion technical specification](https://cawg.io/identity/1.1/#_x_509_certificates_and_cose_signatures).
+
+## Identity assertions provided using a claim aggregator
+
+As defined in the [CAWG Identity Assertion technical specification](https://cawg.io/identity/1.1/#_identity_claims_aggregation), an identity assertion can be signed using a trusted third-party intermediary known as a _identity claims aggregator_ to gather these signals and to restate them on their behalf.
+
+The identity claims aggregator:
+
+- Collects and verifies identity attestation claims from various identity providers such as social media sites and ID verification vendors.
+- Creates a unique asset-specific credential that binds the identity attestation claims to a specific asset.
+
+## Identity assertion
+
+An identity assertion using an identity claims aggregator has this general form in JSON:
+
+```json
+"assertions": [
+  ...
+  {
+    "label": "cawg.identity",
+    "data": {
+      "@context": [
+        "https://www.w3.org/ns/credentials/v2",
+        "https://cawg.io/identity/1.1/ica/context/"
+      ],
+      "type": [
+        "VerifiableCredential",
+        "IdentityClaimsAggregationCredential"
+      ],
+      "issuer": "did:web:connected-identities.identity.adobe.com",
+      "validFrom": "2025-04-29T17:34:44Z",
+      "verifiedIdentities": [
+        {
+          "type": "cawg.<type>",
+          "username": "<string>",
+          "uri": "<uri>",
+          "verifiedAt": "<DateTime>",
+          "provider": {
+            "id": "<string>",
+            "name": "<string>"
+          }
+        },
+        ...
+      ]
+    }
+  }
+]
+```
+
+### Verified identity types
+
+The following table describes the allowed values of the `type` property of `verifiedIdentities` array elements.
+
+| Value        |  Meaning |
+|--------------|----------|
+| `cawg.document_verification` | The identity provider verified one or more government-issued identity documents presented by the content creator.
+| `cawg.web_site` | The content creator has proven control over a specific domain to the identity claims aggregator._
+| `cawg.affiliation` | The identity provider is attesting to the content creator’s membership in an organization. This could be a professional organization or an employment relationship.
+| `cawg.social_media` | The content creator has demonstrated control over an account (typically a social media account) hosted by the identity provider.
+| `cawg.crypto_wallet` | The content creator has demonstrated control over an account (typically a crypto-wallet) hosted by the identity provider.
+
+:::note
+The above table is based on the [CAWG identity assertion technical specifications](https://cawg.io/identity/1.1/#vc-credentialsubject-verifiedidentity-type).
+:::
+
+### Example
+
+```json
+"assertions": [
+  ...
+  {
+    "label": "cawg.identity",
+    "data": {
+      "@context": [
+        "https://www.w3.org/ns/credentials/v2",
+        "https://cawg.io/identity/1.1/ica/context/"
+      ],
+      "type": [
+        "VerifiableCredential",
+        "IdentityClaimsAggregationCredential"
+      ],
+      "issuer": "did:web:connected-identities.identity.adobe.com",
+      "validFrom": "2025-04-29T17:34:44Z",
+      "verifiedIdentities": [
+        {
+          "type": "cawg.social_media",
+          "username": "xyz",
+          "uri": "https://www.instagram.com/xyz",
+          "verifiedAt": "2024-10-08T18:04:08Z",
+          "provider": {
+            "id": "https://instagram.com",
+            "name": "instagram"
+          }
+        },
+        {
+          "type": "cawg.social_media",
+          "username": "xyz",
+          "uri": "https://www.behance.net/xyz",
+          "verifiedAt": "2024-10-22T19:31:17Z",
+          "provider": {
+            "id": "https://behance.net",
+            "name": "behance"
+          }
+        },
+        {
+          "type": "cawg.social_media",
+          "username": "J Smith",
+          "uri": "https://www.linkedin.com/in/jsmith",
+          "verifiedAt": "2024-10-08T18:03:41Z",
+          "provider": {
+            "id": "https://linkedin.com",
+            "name": "linkedin"
+          }
+        },
+        {
+          "type": "cawg.social_media",
+          "username": "xyz",
+          "uri": "https://twitter.com/xyz",
+          "verifiedAt": "2024-10-08T18:03:49Z",
+          "provider": {
+            "id": "https://twitter.com",
+            "name": "twitter"
+          }
+        }
+      ],
+      "credentialSchema": [
+        {
+          "id": "https://cawg.io/identity/1.1/ica/schema/",
+          "type": "JSONSchema"
+        }
+      ]
+    }
+  }
+  ...
+]
+```
+

docs/manifest/legacy.md renamed to docs/manifest/reading/legacy.md

@@ -0,0 +1,12 @@
+---
+id: reading-index
+title: Reading and validating manifest data
+---
+
+Use a [Reader](manifest/json-ref/reader.mdx) structure to read and validate manifest data. The Rust library and other language libraries provide methods and objects for working with this structure.
+
+- [Reading ingredients](ingredients-reading.md)
+- [Reading CAWG identity assertions](reading-cawg-id.md)
+- [Reading legacy manifest data](legacy.md)
+- [Validating manifests](validation.md)
+- [Reader JSON reference](manifest/json-ref/reader.mdx) generated from the JSON schema for [Reader](https://docs.rs/c2pa/latest/c2pa/struct.Reader.html) object (_struct_ in Rust terminology).

docs/manifest/reading/reading-cawg-id.md

@@ -3,11 +3,11 @@ id: manifest-validation
 title: Validating manifests
 ---
 
-Processing an asset includes [validating the manifests](https://c2pa.org/specifications/specifications/1.4/specs/C2PA_Specification.html#_validation) in the associated manifest store. During validation, errors can occur in the active manifest and in ingredients.
+Processing an asset includes [validating the manifests](https://c2pa.org/specifications/specifications/2.2/specs/C2PA_Specification.html#_validation) in the associated manifest store. During validation, errors can occur in the active manifest and in ingredients.
 
 ## Validation errors in manifests
 
-When you load an asset, all the manifests in the manifest store are validated and any [failure codes](https://c2pa.org/specifications/specifications/1.4/specs/C2PA_Specification.html#_failure_codes) are assigned to the `validation_status` array. Inspect the array to find the validation errors. 
+When you load an asset, all the manifests in the manifest store are validated and any [failure codes](https://c2pa.org/specifications/specifications/2.2/specs/C2PA_Specification.html#_failure_codes) are assigned to the `validation_status` array. Inspect the array to find the validation errors. 
 
 :::tip
 Validation returns ONLY error codes; success is not explicitly indicated. If there are no validation errors, then the manifest won't have the `validation_status` element.
@@ -27,11 +27,11 @@ Don't assume that just because you didn't get an error from the function return
 
 Ingredients are validated when they are imported into an asset and the result is stored in the ingredient's `validation_status` array.
 
-Only errors that are not already recorded in the `validation_status` of an ingredient are reported. See [ValidationStatus](./manifest-ref.mdx#validationstatus) object in Manifest store reference.
+Only errors that are not already recorded in the `validation_status` of an ingredient are reported. See [ValidationStatus](../json-ref/manifest-def.mdx#validationstatus) object in Manifest store reference.
 
 ## Error status codes
 
-The following table describes some common validation error status codes. Refer to the [C2PA Technical Specification](https://c2pa.org/specifications/specifications/1.4/specs/C2PA_Specification.html#_failure_codes) for the full list.
+The following table describes some common validation error status codes. Refer to the [C2PA Technical Specification](https://c2pa.org/specifications/specification2.2/specs/C2PA_Specification.html#_failure_codes) for the full list.
 
 | Validation Status Code| Description  | Type of URI |
 | --------------------- | ------------ | ----------- |
@@ -51,7 +51,7 @@ Validation error status codes can contain JUMBF URIs that reference assertions o
 - **Assertion URI**: A URI like `self#jumbf=c2pa.assertions/<ASSERTION>` where `<ASSERTION>` is either `stds.schema-org.*` or `c2pa.*`.
 - **Signature Box URI**: A URI like `self#jumbf=c2pa.signature`.
 
-For more information, see the [C2PA Technical Specification](https://c2pa.org/specifications/specifications/1.4/specs/C2PA_Specification.html#_uri_references).
+For more information, see the [C2PA Technical Specification](https://c2pa.org/specifications/specifications/2.2/specs/C2PA_Specification.html#_uri_references).
 
 <!--
 Actions and assertions:
@@ -73,7 +73,5 @@ Assertions
 - DNT - Special assertion
 - EXIF
 
-Verify has a URL - how do I put it in?
-
 User-defined assertion
 -->