Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define identity assertion trust model #99

Merged
merged 26 commits into from
Jun 9, 2024
Merged

Define identity assertion trust model #99

merged 26 commits into from
Jun 9, 2024

Conversation

scouten-adobe
Copy link
Contributor

No description provided.

@scouten-adobe scouten-adobe self-assigned this Apr 27, 2024
@scouten-adobe scouten-adobe added this to the 1.0 milestone Apr 27, 2024
@scouten-adobe scouten-adobe mentioned this pull request Apr 27, 2024
Closed
lrosenthol
lrosenthol requested changes Apr 28, 2024
View reviewed changes
docs/modules/ROOT/pages/index.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/index.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/index.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/index.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/index.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/index.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/index.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/index.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/index.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/index.adoc Outdated Show resolved Hide resolved
scouten-adobe and others added 4 commits April 28, 2024 13:43
@scouten-adobe @lrosenthol
Wording correction suggested by @lrosenthol
d8dfda3 
Co-authored-by: Leonard Rosenthol <leonardr@lazerware.com>
@scouten-adobe @lrosenthol
Accept proofreading suggestion
d433929 
Co-authored-by: Leonard Rosenthol <leonardr@lazerware.com>
@scouten-adobe
Introduce new term "identity assertion consumer" which derives from C…
347bc20 
…2PA Manifest Consumer but adds interpretation of CAWG identity assertion content
@scouten-adobe
Also use IAC in scope section
5991027
@scouten-adobe
Copy link
Contributor Author

@lrosenthol instead of "CAWG-aware C2PA Manifest Consumer," I've defined a new term "identity assertion consumer" which starts from the C2PA Manifest Consumer and adds an interest in consuming/interpreting CAWG identity assertion(s) within a C2PA Manifest.

lrosenthol
lrosenthol approved these changes Apr 28, 2024
View reviewed changes
Copy link
Collaborator

@lrosenthol lrosenthol left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks - works for me!

@scouten-adobe
Copy link
Contributor Author

Closes #97, though new (smaller-in-scope) issues will need to be created.

This was referenced Apr 28, 2024
Closed
Closed
@scouten-adobe scouten-adobe mentioned this pull request Apr 28, 2024
Closed
scouten-adobe
scouten-adobe commented Apr 29, 2024
View reviewed changes
docs/modules/ROOT/pages/index.adoc Outdated
.Basic trust triangle
image::trust-model/basic-trust-triangle.drawio.svg[Basic trust triangle,width=400,height=130,align="center"]

The three roles depicted can each be performed by a human, organization, machine, or some combination thereof. A _credential holder_ establishes a relationship with a _credential issuer._ If the issuer trusts the credential holder, it will then issue a digital credential which makes statements about the credential holder and is signed by the issuer.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Be clear about distinction btw subject and holder. Reference W3C discussion.

In basic trust triangle discussion, need to restate to say "verifies identity of subject, issues credential to holder."

scouten-adobe
scouten-adobe commented Apr 29, 2024
View reviewed changes
docs/modules/ROOT/pages/index.adoc

==== Re-signing by an adversarial claim generator

NOTE: TO DO: Update following discussion based on link:https://github.com/creator-assertions/identity-assertion/issues/95[#95: Security fixes to identity map] and subsequent related discussion in link:https://github.com/creator-assertions/identity-assertion/issues/97[#97: Create a CAWG identity threat model].

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@puhley to write a new section regarding modification of identity assertion itself. Should be mitigated by C2PA assertion hashing, etc., but need to describe it nonetheless.

scouten-adobe added a commit that referenced this pull request May 9, 2024
@scouten-adobe
Introduce new terms: named actor and identity assertion consumer
248796c 
Split off from #99
@scouten-adobe scouten-adobe mentioned this pull request May 9, 2024
Merged
This was referenced May 30, 2024
Open
Open
Open
@scouten-adobe scouten-adobe merged commit 92b4061 into main Jun 9, 2024
1 check passed
@scouten-adobe scouten-adobe deleted the trust-model branch June 9, 2024 21:53
@github-actions github-actions bot locked and limited conversation to collaborators Jun 9, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@puhley puhley puhley left review comments

@lrosenthol lrosenthol lrosenthol approved these changes

@christianpaquin christianpaquin christianpaquin approved these changes

Assignees

@scouten-adobe scouten-adobe

Labels
None yet
Projects
None yet
Milestone
1.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@scouten-adobe @puhley @lrosenthol @christianpaquin