-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define identity assertion trust model #99
Conversation
… to the asset is documented by the identity assertion
Co-authored-by: Leonard Rosenthol <leonardr@lazerware.com>
Co-authored-by: Leonard Rosenthol <leonardr@lazerware.com>
…2PA Manifest Consumer but adds interpretation of CAWG identity assertion content
@lrosenthol instead of "CAWG-aware C2PA Manifest Consumer," I've defined a new term "identity assertion consumer" which starts from the C2PA Manifest Consumer and adds an interest in consuming/interpreting CAWG identity assertion(s) within a C2PA Manifest. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks - works for me!
Closes #97, though new (smaller-in-scope) issues will need to be created. |
docs/modules/ROOT/pages/index.adoc
Outdated
.Basic trust triangle | ||
image::trust-model/basic-trust-triangle.drawio.svg[Basic trust triangle,width=400,height=130,align="center"] | ||
|
||
The three roles depicted can each be performed by a human, organization, machine, or some combination thereof. A _credential holder_ establishes a relationship with a _credential issuer._ If the issuer trusts the credential holder, it will then issue a digital credential which makes statements about the credential holder and is signed by the issuer. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Be clear about distinction btw subject and holder. Reference W3C discussion.
In basic trust triangle discussion, need to restate to say "verifies identity of subject, issues credential to holder."
|
||
==== Re-signing by an adversarial claim generator | ||
|
||
NOTE: TO DO: Update following discussion based on link:https://github.com/creator-assertions/identity-assertion/issues/95[#95: Security fixes to identity map] and subsequent related discussion in link:https://github.com/creator-assertions/identity-assertion/issues/97[#97: Create a CAWG identity threat model]. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@puhley to write a new section regarding modification of identity assertion itself. Should be mitigated by C2PA assertion hashing, etc., but need to describe it nonetheless.
# Conflicts: # docs/modules/ROOT/pages/index.adoc # docs/modules/ROOT/partials/version-history.adoc
No description provided.