Update intro image, fix various references and links

Author: crandmck

docs/community.md

@@ -7,28 +7,30 @@ The Content Authenticity Initiative has an active and growing community of devel
 
 ## GitHub
 
-All the open-source CAI code is hosted in GitHub in the [CAI GitHub organization](https://github.com/contentauth) and we welcome input in the form of issues and pull requests in the repositories:
+All the open-source CAI code is hosted in GitHub in the [CAI GitHub organization](https://github.com/contentauth):
 
 - **Rust Library**: [c2pa-rs](https://github.com/contentauth/c2pa-rs)
 - **CLI tool**: [c2patool](https://github.com/contentauth/c2patool)
-- **JavaScript library**: [c2pa-js](https://github.com/contentauth/c2pa-js)
-- **Prerelease libraries**: 
-  - [c2pa-python](https://github.com/contentauth/c2pa-python)
-  - [c2pa-node](https://github.com/contentauth/c2pa-node)
-  - [c2pa-c](https://github.com/contentauth/c2pa-c)
-- **JavaScript examples**: [c2pa-js-examples](https://github.com/contentauth/c2pa-js-examples)
+- **JavaScript library**: [c2pa-web](https://github.com/contentauth/c2pa-web)
+- **Python library**: [c2pa-python](https://github.com/contentauth/c2pa-python)
+- **Node.js library**: [c2pa-node](https://github.com/contentauth/c2pa-node-v2)
+- **C++ library**: [c2pa-c](https://github.com/contentauth/c2pa-c)
 
 If you think you've found a bug or want to request a feature, please open an issue in the appropriate repository.
 
 :::note
-Do not create a public GitHub issue for suspected security vulnerabilities. Instead, please file an issue through [Adobe's HackerOne page](https://hackerone.com/adobe?type=team). 
+Do not create a public GitHub issue for **suspected security vulnerabilities**. Instead, please file an issue through [Adobe's HackerOne page](https://hackerone.com/adobe?type=team). 
 For more information on reporting security issues, see [SECURITY.md](https://github.com/contentauth/c2pa-rs/blob/main/SECURITY.md).
 :::
 
 We also welcome thoughtful pull requests (PRs) from the community, following the contribution guidelines provided out in each repository. The guidelines are generally the same for all the SDK repositories; for example. see the [c2pa-rs contribution guidelines](https://github.com/contentauth/c2pa-rs/blob/main/CONTRIBUTING.md).
 
 Participants are required to follow the [Adobe Code of Conduct](https://github.com/contentauth/c2pa-rs/blob/main/CODE_OF_CONDUCT.md) to maintain an open and welcoming environment for all.
 
+### Verify
+
+The code for the [C2PA Verify website](https://verify.contentauthenticity.org/) is open source.  For general information on using it, see [Using the Verify tool](verify.mdx).
+
 ### Related projects
 
 These related projects may be of interest, but the CAI team doesn't maintain or support them:
@@ -38,6 +40,10 @@ These related projects may be of interest, but the CAI team doesn't maintain or
 - [**TrustMark**](https://github.com/adobe/trustmark): Open-source Python implementation of watermarking for encoding, decoding and removing image watermarks. You can use TrustMark as part of providing [durable content credentials](durable-cr/index.md).
 - [**C2PA Security Testing Tool**](https://github.com/contentauth/c2pa-attacks): A CLI tool derived from [c2patool](https://github.com/contentauth/c2patool) that performs security testing on a Content Credentials application.  This tool is intended for use by software security professionals.
 
+## Browser extension
+
+The free [browser extension for Google Chrome](https://chromewebstore.google.com/detail/c2pa-content-credentials/mjkaocdlpjmphfkjndocehcdhbigaafp?hl=en) enables you to verify and display manifests for images, audio and videos which have C2PA Content Credentials.
+
 ## Discussions on Discord
 
 The CAI maintains a [Discord server](https://discord.gg/CAI) for open technical discussions within the developer community, with channels focused on different projects and topics.

docs/getting-started.mdx

@@ -90,33 +90,33 @@ In practice, to use a certificate with the CAI SDK, follow this process:
 For more information on getting and using certificates, see [Signing and certificates](signing/index.md).
 :::
 
-### Verify known certificate list
+### Verify trust list
 
 import verify_unknown_source from '../static/img/verify-cc-unknown-source.png';
 
-The C2PA [Verify tool](https://verify.contentauthenticity.org) uses a list of _known certificates_ (sometimes referred to as a "trust list") to determine whether a Content Credential was issued by a known source. The known certificate list applies only to [Verify](https://verify.contentauthenticity.org). For more information, see [Verify tool known certificate list](verify-known-cert-list)
+The C2PA [Verify tool](https://verify.contentauthenticity.org) uses a list of _known certificates_ (sometimes referred to as a "trust list") to determine whether a Content Credential was issued by a known source. Currently, it uses the [interim trust list](verify-known-cert-list) but it will be updated soon to use the official [C2PA trust list](conformance.mdx#c2pa-trust-lists).
 
 ## Identity
 
-To identify who created or modified an asset, identity needs to be verifiable and bound to an asset and its manifest store. The CAI SDK supports the [W3C verifiable credentials](https://c2pa.org/specifications/specifications/1.4/specs/C2PA_Specification.html#_w3c_verifiable_credentials) standard recommendation (part of the C2PA v1.4 specification), but doesn't currently have a way to validate these credentials or ensure that they properly reflect authorship of the content. An actor can add one or more identities to a manifest using the W3C verifiable credentials data model. Currently, a verifier must trust the manifest signer to properly authenticate the identity.
-
-Identity can be bolstered with other kinds of evidence such as _Adobe connected accounts_. In the future, the identity credentials will be separately verifiable. In the future, these verifiable credentials will be strongly bound to the manifest and media and be independently verifiable.
-
-In addition to simply adding a name and organization, Adobe tools can use the [Connected Accounts service](https://connected-accounts.adobe.com/) to connect social media accounts such as Behance, Instagram, or Twitter to an identity in a manifest. This service uses OAuth, so a user must be able to log in to the account to connect it.
+To identify who created or modified an asset, identity needs to be verifiable and bound to an asset and its manifest store.
 
 :::info
-The [Creator Assertions Working Group (CAWG)](https://creator-assertions.github.io/) is developing a technical specification for an identity assertion for use in the C2PA ecosystem. CAI expects to adopt and implement this specification in the SDK at some point in the future.
+The [Creator Assertions Working Group (CAWG)](https://creator-assertions.github.io/) provides a technical specification for an identity assertion for use in the C2PA ecosystem. For more information, see [Reading CAWG identity assertions](manifest/reading/reading-cawg-id.md).
 :::
 
+In addition, Adobe tools can use the [Connected Accounts service](https://connected-accounts.adobe.com/) to connect social media accounts such as Behance, Instagram, or Twitter to an identity in a manifest. This service uses OAuth, so a user must be able to log in to an Adobe account to connect it.
+
 ## How to use the SDK
 
 The CAI open-source SDK consist of:
 
-- **C2PA Tool**, a command-line tool for working with manifests and media. This tool is a wrapper around the Rust SDK and provides most of the same capabilities that it does.
-- **Language-specific libraries** in C/C++, Python, Node.js and client JavaScript. NOTE: The C/C++, Python, Node.js libraries are prerelease versions whose APIs are subject to change.
-- **The Rust library** enables a desktop, mobile, or embedded application to create and sign manifests, embed manifests in certain file formats, and parse and validate manifests.
+- [**C2PA Tool**](c2patool/readme.md), a command-line tool for working with manifests and media. This tool is a wrapper around the Rust SDK and provides most of the same capabilities that it does.
+- [**JavaScript library**](c2pa-js) that enables web pages to verify and read manifest data using client JavaScript.
+- **[C/C++](c2pa-c/readme.md), [Python](c2pa-python/readme.md), [Node.js](c2pa-node/readme.md) libraries** that enable applications to read and validate manifest data, create and sign manifest data and embed it supported asset files.
+- [**Mobile libraries**](mobile.md) that enable mobile applications for iOS and Android to to read and generate manifest data.
+- [**The Rust library**](rust-sdk/readme.md) that generates the other language bindings and can also be used directly to read and generate manifest data.
 
-Behind the scenes, C2PA Tool and language-specific libraries are built using the Rust library to ensure consistency.
+C2PA Tool and language-specific libraries are built using the Rust library to ensure consistency.
 
 The following diagram provides a high-level view of how to use the open-source CAI SDK.
 
@@ -125,36 +125,22 @@ The following diagram provides a high-level view of how to use the open-source C
 Applications can use the CAI SDK in several different ways:
 
 - Web pages can use the JavaScript library to display Content Credentials.
-- Applications can "shell out" to call C2PA Tool directly.
-- Applications written in C++, Python, or Node.js can use the APIs of the corresponding language libraries to:
+- Applications can "shell out" to call C2PA Tool directly, though doing so is not highly scalable.
+- Applications written in C++, Python, or Node.js can use the corresponding language libraries to:
   - Create, modify, and sign manifests.
   - Embed manifests into media files.
   - Parse and validate manifests.
+- Mobile apps can use the iOS and Android libraries do all the above.
 
-Similarly, applications written in many programming languages can use the Rust Foreign Function Interface to call the Rust API and perform those same functions.
-
-### Native desktop or mobile applications
-
-Applications written in C++, Python, or Node.js can use the corresponding prerelease library APIs. Applications written in any language call C2PA Tool directly, though doing so is not highly scalable.
-
-Alternatively, native applications can use Rust's _Foreign Function Interface_ (FFI) to call functions in the Rust library. The FFI enables interoperability between Rust and code written in other languages.
-
-Although the underlying technology of the Rust library supports all major programming languages, the bindings and APIs to make all of them workable and easy to use are still in development.
-
-A Windows application can use the FFI to call Rust functions from languages such as C++ or C#. For an example, see the [c2c2pa repository](https://github.com/contentauth/c2c2pa).
-
-An Android application can use JNI (Java Native Interface) to call Rust functions from Java or Kotlin code. This requires creating a shared library (a .so file) with Rust code that exposes functions with `#[no_mangle]` attribute and an `extern "C"` keyword. Java and Kotlin code can load and invoke the shared library using `System.loadLibrary()` and native methods.
-
-An iOS application can use the C-ABI (C Application Binary Interface) to call Rust functions from Swift or Objective-C code. This also requires creating a shared library (a .dylib file) with Rust code that exposes functions with `#[no_mangle]` attribute and `extern "C"` keyword. For a simple example, see [`lib.rs` in the c2c2pa repository](https://github.com/contentauth/c2c2pa/blob/main/src/lib.rs). Swift or Objective-C code can link and invoke the shared library using the `@_silgen_name` attribute and unsafe blocks.
+Alternatively, native applications can use Rust's _Foreign Function Interface_ (FFI) to call functions in the Rust library. The FFI enables interoperability between Rust and code written in other languages. For example, a Windows application can use the FFI to call Rust functions from languages such as C++ or C#. For an example, see the [c2c2pa repository](https://github.com/contentauth/c2c2pa).
 
 ### Websites
 
-A website can serve web pages that use the JavaScript library to display manifest data using client JavaScript. The ability to create and sign manifests from JavaScript via [WebAssembly](https://webassembly.org/) is under consideration and may be released in the future.
-
+A website can serve web pages that use the JavaScript library to display manifest data using client JavaScript.
 A server-side web application can create, modify, and sign claims (and view them) by:
 
 - Executing a shell command to invoke C2PA Tool. For an example, see the [c2patool Node.js service example](c2pa-service-example). While this approach works, it is not highly scalable.
-- Use the prerelease [Node.js](c2pa-node), [Python](c2pa-python), or [C++/C](c2pa-c) libraries.
+- Use the [Node.js](c2pa-node), [Python](c2pa-python), or [C++/C](c2pa-c) libraries.
 - Bind to the Rust library and use it, similarly to native applications.
 
 ### Embedded applications

docs/introduction.mdx

@@ -4,7 +4,7 @@ title: CAI open source SDK
 ---
 
 import cr_pin from '../static/img/cr-pin.png';
-import cai_open_source_red from '../static/img/cai-open-source-red.jpg';
+import cai_open_source_red from '../static/img/cai-open-source.jpg';
 
 :::tip
 You're strongly encouraged to read this introduction and [Getting started](getting-started.mdx) to give you some basic background and context, before you dive right into development. [Working with manifests](manifest/understanding.md) also has some crucial information, regardless of which language and library you use.
@@ -37,20 +37,16 @@ To see a summary of what each tool and library can do, see [Which tool is right
 
 ### JavaScript library
 
-The client [JavaScript library](js-sdk/getting-started/overview.mdx) enables **working with manifest data in the browser**. Use this library to:
+The client [JavaScript library](js-sdk/js-landing.md) enables **working with manifest data in the browser**. Use this library to:
 
 - Verify and display manifest data on a website or web application.
 - Link manifest data displayed on your site to [Verify](https://verify.contentauthenticity.org/).
 - Easily add user interface elements to your website that display manifest data while following the [C2PA user experience recommendations](https://c2pa.org/specifications/specifications/1.0/ux/UX_Recommendations.html).
 
-### Prerelease libraries
+### Other language libraries
 
 The [C++/C](c2pa-c/readme.md), [Python](c2pa-python/readme.md), and [Node.js](c2pa-node/readme.md) libraries enable applications written in those languages to **create, verify, and display Content Credentials**.
 
-:::warning Warning
-These libraries are all early prerelease versions. They may have bugs and unimplemented features, and their APIs are subject to change.
-:::
-
 ### Rust library
 
 The [Rust library](rust-sdk/readme.md) enables **adding C2PA capabilities to a desktop, mobile, or embedded application**. The Rust library is the fundamental system underlying everything else. C2PA Tool uses it "under the hood" and language-specific APIs are generated from it.

docs/js-sdk/getting-started/legacy-js-sdk-redirect.mdx

@@ -0,0 +1,10 @@
+---
+id: overview
+title: Redirect
+---
+
+import { Redirect } from '@docusaurus/router';
+
+<Redirect to="../js-landing/" />
+
+This page will be redirected to `https://opensource.contentauthenticity.org/docs/js-sdk/js-landing`.

docs/manifest/reading/validation.md

@@ -39,9 +39,7 @@ Manifest validation errors can occur, for example, when:
 
 ## Validation errors in ingredients
 
-Ingredients are validated when they are imported into an asset and the result is stored in the ingredient's `validation_results` object.
-
-Only errors that are not already recorded in the `validation_status` of an ingredient are reported. See [ValidationStatus](./json-ref/manifest-def.mdx#validationstatus) object in Manifest store reference.
+Ingredients are validated when they are imported into an asset and the result is stored in the [ValidationResults](./manifest/json-ref/reader#validationresults) object.
 
 ## Error status codes
 

docs/verify.mdx

@@ -56,6 +56,14 @@ To use Verify on an asset URL, the URL must not require any authentication and t
 
 The [example-assets](https://contentauth.github.io/example-assets/) repository contains some sample assets that demonstrate Content Credentials, including links to view the corresponding manifest reports from the [C2PA Tool](c2patool) and to inspect the assets using Verify. See [the README as rendered in GitHub Pages](https://contentauth.github.io/example-assets/).
 
+### Source code
+
+The code for the Verify site is open source and is available at <https://github.com/contentauth/verify-site/>.
+
+:::warning Warning
+Verify uses the [legacy JavaScript library](js-sdk/getting-started/overview.mdx), which is deprecated and unsupported. For new projects, use the [new JavaScript library](c2pa-js/readme.md) instead.
+:::
+
 ## Information displayed
 
 Once you've uploaded an asset or entered an asset URL, if the asset:
@@ -195,7 +203,7 @@ If the issuer string is too long, then the date might be truncated or not shown
 
 ### Validation status
 
-If the manifest has [validation errors](manifest/validation.md), then Verify displays this notice:
+If the manifest has [validation errors](manifest/reading/validation.md), then Verify displays this notice:
 
 import verify_validation_error from '../static/img/verify-validation-error.png';