You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/conformance.mdx
+26-4Lines changed: 26 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,18 +17,40 @@ The C2PA conformance program covers:
17
17
-_Generator products_ that create Content Credentials and add them to a digital asset.
18
18
- Certificate authorities (CAs).
19
19
20
-
## Validator products
20
+
## Products
21
+
22
+
### Validator products
21
23
22
24
A _validator product_ can read and validate a manifest store for a digital asset.
23
25
A conforming validator product produces correct validation results according to the C2PA Content Credentials specification.
24
26
25
-
For more details, see [C2PA conformance program](https://github.com/c2pa-org/conformance-public/blob/main/docs/current/C2PA%20Conformance%20Program.pdf).
27
+
For more information, see [C2PA conformance program](https://github.com/c2pa-org/conformance-public/blob/main/docs/current/C2PA%20Conformance%20Program.pdf).
26
28
27
-
## Generator products
29
+
###Generator products
28
30
29
31
A _generator product_ can generate manifest data for a digital asset. A conforming generator product produces manifest data that conforms to the C2PA Content Credentials specification, creates assertions in the asset's active manifest and signs a claim using a valid X.509 certificate on the C2PA trust list.
30
32
31
-
For more details, see [C2PA conformance program](https://github.com/c2pa-org/conformance-public/blob/main/docs/current/C2PA%20Conformance%20Program.pdf).
When you apply to the conformance program, you must fill out the information required in the **product security architecture template** in Appendix C of the [C2PA Generator Product Security
42
+
Requirements](https://github.com/c2pa-org/conformance-public/blob/main/docs/current/C2PA%20Generator%20Product%20Security%20Requirements.pdf), providing details on:
43
+
44
+
- The organization submitting the application.
45
+
- The product, its capabilities, and the systems it uses or relies upon.
46
+
- The product's security architecture, including methods for key generation and storage, and protections against various kinds of misconfiguration, abuse, and exploitations.
47
+
48
+
### Assurance levels
49
+
50
+
A conforming product's _assurance level_ indicates the level of confidence that claims it signs reflect its intended behavior. A higher assurance level indicates a greater level of confidence. Currently, the conformance program has two assurance levels: level 1 and level 2. The [C2PA Generator Product Security
51
+
Requirements](https://github.com/c2pa-org/conformance-public/blob/main/docs/current/C2PA%20Generator%20Product%20Security%20Requirements.pdf) details the security requirements for each assurance level.
52
+
53
+
The assurance level is encoded as the value of a custom X.509 v3 certificate extension in the product's claim signing certificate. The C2PA defines the _max assurance level_ of a generator product based on the security attributes of its overall implementation architecture. The assurance level in the certificate issued to a particular instance of a conforming generator product may be lower than the max assurance level.
0 commit comments