Milestones in digital content provenance: v.1.0 specification and open-source projects
By Andy Parsons
In our year-end wrap up, I wrote about the strides the CAI community has made in our work to address misinformation and empower creatives to use powerful tools responsibly. Today, we are announcing what is perhaps the most important milestone to date: the launch of the technical specification, and supporting guidance documents from our sister organization, the Coalition for Content Provenance and Authenticity (C2PA). And we’re announcing Adobe’s plans to provide open-source developer tools that will help foster a vibrant ecosystem of C2PA implementations, for creators and consumers.
The C2PA is the independent, non-profit standards development organization Adobe co-founded under the auspices of the Linux Foundation. It is led by a group of industry leaders including Adobe, Arm, BBC, Intel, Microsoft, Truepic, and Twitter, and boasts a broad membership of organizations interested in the creation of the content provenance technical standard. Representatives from human rights, publishing, hardware, software, cloud infrastructure, and many other industries have collaborated to write the specification and study its use cases. During a period of public comment, the C2PA honed the draft and produced the full 1.0 version being released today. As the C2PA moves forward, public review and feedback will continue to be an essential part of how this work gets done.
Notably, the C2PA has done an unprecedented amount of work in less than a year. While we began with a head start, utilizing the ideas shared in the 2020 CAI white paper, the drafting of the specification moved at a remarkable pace without compromising careful considerations of security or user experience. This is the result of the urgency motivating C2PA members to create technology to restore trust and transparency. I could not be more proud of the tremendous effort the specification represents.
The C2PA is hosting an event today, January 26, marking the release. There will be a set of discussions on the path forward and a comprehensive demonstration of what is available now. The event is open to all with registration.
Along with the technical specification, you’ll find guidance documents which provide critical recommendations and best practices in these early days of implementation.
The Implementation Guidance documentation outlines the architecture of content provenance, trust models, and specifics on usage of content bindings;
The User Experience Guidance for Implementers includes specific examples and visuals for photos and videos, as well as notations of communication and language usage;
Harms Modeling and Security Considerations take into account potential misuse, human rights perspectives, and countermeasures.
Specifications like C2PA 1.0 do not see broad adoption without the critical work of advocates and implementers, who build inspired products from the document. And this is best catalyzed through open source, where code can be shared and evolved without licensing or intellectual property concerns. On the heels of the C2PA release today, any interested individual, organization, or company will be able to access three open-source offerings from the CAI team.
The three products will allow those interested in provenance to utilize our code across a range of applications — likely including ones we have not even considered. We plan to release these through Adobe’s Open Source libraries in the coming months. First, we’ll release a JavaScript UI kit that will power verification and display of content credentials-enabled assets in the browser. Then, we will release a utility (CLI) that will allow creation, verification, and viewing of content credentials on the command line with no coding necessary. Finally, we’ll release a full Rust-based developer SDK that will allow creation of custom applications and services that create, verify, and display content credentials.
With the 1.0 specification live, we’re entering the next phase in digital content provenance, that will see the growing CAI community advocate and push the ideas of trust and authenticity from theory to reality — by building. As this new chapter for Content Authenticity begins, it is the perfect time to get involved. You can sign up to receive updates on open-source products and other news. We have much more coming from the CAI team, including events and community engagement around the implementation of the C2PA 1.0 standard. Please join us!