C2PA implementation for Media Campus Nederland (MCNL) using Digital Verifiable Credentials (DVC) and an independent trust list.
The goal of this project is to create a proof of concept C2PA (Coalition for Content Provenance and Authenticity) implementation for MCNL (Media Campus Nederland). The implementation focuses on the use of Digital Verifiable Credentials (DVC) within the C2PA Manifest, a feature currently absent from the specification. Additionally, the project aims to establish an independently hosted trust list, distinct from the C2PA Conformance Program.
The project is developed as an open-source initiative, allowing for community contributions and transparency. Furthermore, we hope to spread knowledge about C2PA and DVCs within the media industry.
An independently hosted trust list will be created to manage trusted issuers and signers for C2PA manifests. This trust list will be separate from the official C2PA Conformance Program, ensuring independence and flexibility from big tech organizations for Dutch media corporations regarding the entities included in the list.
The project utilizes JavaScript/TypeScript for the C2PA implementation, leveraging existing libraries and tools to facilitate development and integration.
Creating an SDK of the entire C2PA specification is a complex task. Therefore, the project focuses on using existing resources, such as:
- c2pa-ts: A TypeScript implementation of the C2PA specification maintained (indepentantly) by TrustNXT.
- c2pa-js: A C2PA JavaScript implementation maintained by the Content Authenticity Initiative, which wraps the Rust implementation in WebAssembly.
- c2pa-rs: The "official" C2PA Rust implementation maintained by the Content Authenticity Initiative
- c2patool: A command-line tool for working with C2PA manifests, built on top of the c2pa-rs library.
- c2pa-attacks: A repository containing various attack scenarios and test cases for C2PA implementations, useful for testing and validation. Maintained by the Content Authenticity Initiative.
- c2pa-explorations: Experimentation and prototyping done by Christian Paquin, a Microsoft engineer.
With these resources, the project aims to build a functional C2PA implementation that meets the specified goals.
A website similar to the Content Authenticity Initiative's verify.contentauthenticity.org that allows users to upload media files and verify their C2PA manifests. The main difference is that this website will use our own JavaScript/TypeScript implementation and trust list to verify the manifests.
A web-based signing tool that allows users to upload media files and attach C2PA manifests together with Digital Verifiable Credentials (DVC). Just like the verification website, this tool will use our own JavaScript/TypeScript implementation for the signing process. The main goal of the tool is to demonstrate the use of DVCs within C2PA manifests.
This tool will most likely not be served publicly, as it requires a x509 certificate to sign the manifests. Instead, it will be used for internal testing and demonstration purposes.
- CAWG: Building on the work of the C2PA, the CAWG defines technical standards that empower individuals and organizations to assert attribution of digital content while supporting privacy and transparency.
- C2PA n'est pas une pipe: Commissioned by NPO Innovatie (NPO), Media Campus NL, and Beeld & Geluid, this research investigated whether the C2PA specification is suitable to support NPO's objective in this study: "To combat disinformation by ensuring the authenticity of reporting through digital certificates." This investigation builds upon the previous Proof of Provenance project (2022) and considers the rapid developments surrounding C2PA and the EBU's call to support standards for origin verification.
The repository is structured as an Nx monorepo, which allows for efficient management of multiple projects, packages and libraries within a single codebase. The main components of the repository include:
./apps- verify-webapp: A verification website for C2PA manifests.
- signing-webapp: A web-based signing tool for attaching C2PA manifests to media files.
./libsverify-webapp/*: Grouping folder for libraries related to the verification webapp.signing-webapp/*: Grouping folder for libraries related to the signing webapp.shared/*: Grouping folder for shared libraries used across multiple apps.
./tools- did-generator: A CLI tool for generating Decentralized Identifiers (DIDs) for testing purposes.
- cert-generator: A CLI tool for generating x509 certificates for testing purposes.
With the help of the @nx/enforce-module-boundaries rule, this monorepo enforces strict boundaries between different projects and libraries. This ensures that each project only depends on the libraries it is allowed to use, promoting modularity and maintainability.
For more information, see the Nx documentation on module boundaries.
This repository is set up using Nx, a smart, fast and extensible build system.
Learn more:
- Learn more about this workspace setup
- Learn about Nx on CI
- Releasing Packages with Nx release
- What are Nx plugins?
- Enterprise Angular Monorepo Patterns
The project uses PNPM as the package manager. To install the dependencies, run the following command in the root directory:
pnpm install
TODO
Contributions are welcome! Please feel free to submit a Pull Request. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate and follow the existing code style.
Distributed under the Apache 2.0 License. See LICENSE.md for more information.