Implementing Adobe’s CAI Open-Source Tools for Digital Content Provenance: Workshop Recap
By Noga Hurwitz, CAI Advocacy & Product Intern
On June 16, we hosted an in-depth workshop exploring our newly launched open-source toolkit for content provenance. Read more about what this launch means for our work in our Senior Director Andy Parsons’ blog post here. Attendees from around the world joined us as we dove into technical details—with a good number of you joining from many time zones beyond our team. Releasing these open-source tools marks the next phase of our work, and a milestone along the way to broad adoption through community engagement with you, CAI members concerned about preserving trust in media.
Last Thursday’s event featured Adobe CAI team members sharing insights into UI/UX guidelines for provenance implementations, as well as overviews of our Rust Toolkit, Command Line Utility, and JavaScript Software Developer Kit. Below are some highlights from the presentations by my CAI product and engineering colleagues, as well as a replay of the full event, including demos.
Pia Blumenthal, CAI Lead Product Designer and C2PA UX Task Force Co-Chair unpacked some of the UX guidance documentation that accompanies the C2PA specification.
“We believe that exposing provenance and attribution data about digital content will empower viewers to better understand where it came from and what happened along the way, thereby engendering a greater sense of trust in the content seen online.”
Highlights from Pia’s presentation:
Capturing provenance data: At the moment of creation, users are empowered to choose what information to attach to content through cryptographic asset hashing to provide verifiable, tamper-evident signatures. During the editing process, existing metadata will be preserved and extended with the recorded history of any alterations. Then, at the point of publishing or sharing, provenance information is preserved and displayed, allowing consumers to view a summary of historical information about what happened, where, when, and by whom. Presenting all this data might be overwhelming, so we’ve opted to provide you with the ability to indicate different levels of disclosure.
Trust signals: We have carefully identified certain trust signals, pieces of provenance data that are tantamount to people trusting the system. These include (at minimum) the signer, the entity responsible for verifying manifest data, the timestamp when the data was signed, and, when possible, a thumbnail representation of the content at the time of signing.
Verify: Provenance history can be thought of as an ancestry tree. Verify gives users a bird’s eye view of how ingredients came together to form the content in its current state, as well as a way to perform visual inspections of images and videos.
Next Steps: We’ve started with image provenance, which our open-source products all readily support. Now we’re working on video and audio experiences, which will present a different set of UX challenges–there may be a larger amount of provenance data generated for temporal media, and non-visual media like audio will require different methods to explore and compare.
Eric Scouten, Adobe Sr. Engineering Manager for CAI Libraries and Services, presented the Rust toolkit.
“We're attempting to build an ecosystem of content provenance that extends well beyond Adobe's products, services, and customers. We're excited to see what you build with these tools. We expect that many of you have similar license requirements, and we want to enable your creativity with C2PA as much as possible.”
About the Rust SDK:
Licensing: Our products are MIT licensed, a permissive license that should enable users to incorporate our tools into most products and services. Additionally, some of our tools are also available under the Apache 2.0 license (see more in the video below).
C2PA Rust SDK (Rust Software Developer Kit): Our newly published APIs that supports the development of custom applications across desktop, mobile, and services that create, verify, and display content credentials. Learn more about Rust: rust-lang.org.
Adobe Principal Scientist Gavin Peacock, who worked previously on GridPad, Apple Newton, Palm Pilot and MobiTV before joining the company 14 years ago, spoke about the CLI tool.
“I’ve learned that the products we make have an impact on people’s lives, for good and sometimes not so good. I feel that those of us creating technology should be part of the solution to the problems that arise from that technology. So, I was one of the first [here at Adobe] involved in the Content Authenticity Initiative.”
About the C2PA tool:
C2PA tool (Command Line Interface): A utility to create, verify, and explore content credentials on the command line. Can also be wrapped to equip existing processes with the ability to interact with content provenance.
Validation: The tool doesn’t just show the content, it also validates it, and will include a detailed validation report on any errors it finds; it can also add signed manifests to files.
Example: Adobe Stock adds manifests to every exported image using the C2PA Tool.
Dave Kozma, Mgr. Software Development, demoed the JS SDK.
“We wanted to create a set of libraries that made it as easy as possible to combine some of the capabilities of our comprehensive and well-tested Rust SDK with the user experience best practices Pia mentioned for use in a browser environment.”
About the JavaScript SDK:
JS SDK (JavaScript Software Developer Kit): Provides what you need to develop rich, browser-based experiences with content credentials, including the ability to display or link to Verify.
Styling: We've added customization options to easily style the components to match the look and feel of your site or to add views for your own custom assertions.
Application: Internally, we use our JavaScript SDK to power all the core logic of our Verify site. Our library is fully compatible with TypeScript, which helps developers to accelerate their workflow by getting handy code completion and API documentation in their editor.
Thanks to all who attended, submitted questions in advance, and who participated in the open Q&A period at the end of this workshop. We’re so grateful for your participation and look to you for feedback as well, which is not only welcome but critical to our development process. As you begin to use these tools, we invite you to get in touch via Discord or GitHub and share your experiences with us. If you are not yet a member of the CAI member community, we invite you to join here.
Where to start for implementers:
Adobe’s CAI Open-Source Tools for Digital Content Provenance