Skip to main content

CAWG identity assertions

The Creator Assertions Working Group (CAWG) identity assertion enables a credential holder to prove control over a digital identity and to use that identity to document a content creator’s role(s) in a C2PA asset’s lifecycle.

There are two different ways to provide identity assertions:

  • Using an X.509 certificate to sign the identity claims. Enterprises or large organizations can use this approach to assert their identity in a particular trust ecosystem; for example, a news organization or publisher. The SDK can validate and sign these claims.
  • Using an identity claim aggregator. Individuals can use this approach to document their role in creating an asset by using identity signals collected and verified by a third-party aggregator. The SDK can validate these claims only. Signing is not supported.
note

The SDK can validate claims for both kinds of identity assertions, but can only sign claims for identity assertions using an X.509 certificate.

Using an X.509 certificate

When providing an identity assertion by using an X.509 certificate, the value of signer_payload.sig_type must be cawg.x509.cose. The signature value must be a COSE signature as described in the CAWG Identity Assertion technical specification.

Using an identity claim aggregator

As defined in the CAWG Identity Assertion technical specification, content creators may wish to document their role in creating an asset using identity signals such as:

  • Verified web sites
  • Social media accounts
  • Official ID documentation
  • Professional accreditations
  • Organizational affiliations

To facilitate the use of such identity signals, the content creator may use the services of a trusted third-party intermediary known as a identity claims aggregator to gather these signals and to restate them on their behalf.

The identity claims aggregator:

  • Collects and verifies identity attestation claims from various identity providers such as social media sites and ID verification vendors.
  • Creates a unique asset-specific credential that binds the identity attestation claims to a specific asset.

Identity assertion

An identity assertion using an identity claims aggregator has this general form in JSON:

"assertions": [
  ...
  {
    "label": "cawg.identity",
    "data": {
      "@context": [
        "https://www.w3.org/ns/credentials/v2",
        "https://cawg.io/identity/1.1/ica/context/"
      ],
      "type": [
        "VerifiableCredential",
        "IdentityClaimsAggregationCredential"
      ],
      "issuer": "did:web:connected-identities.identity.adobe.com",
      "validFrom": "2025-04-29T17:34:44Z",
      "verifiedIdentities": [
        {
          "type": "cawg.<type>",
          "username": "<string>",
          "uri": "<uri>",
          "verifiedAt": "<DateTime>",
          "provider": {
            "id": "<string>",
            "name": "<string>"
          }
        },
        ...
      ]
    }
  }
]

Verified identity types

The following table describes the allowed values of the type property of verifiedIdentities array elements.

ValueMeaning
cawg.document_verificationThe identity provider verified one or more government-issued identity documents presented by the content creator.
cawg.web_siteThe content creator has proven control over a specific domain to the identity claims aggregator._
cawg.affiliationThe identity provider is attesting to the content creator’s membership in an organization. This could be a professional organization or an employment relationship.
cawg.social_mediaThe content creator has demonstrated control over an account (typically a social media account) hosted by the identity provider.
cawg.crypto_walletThe content creator has demonstrated control over an account (typically a crypto-wallet) hosted by the identity provider.
note

The above table is based on the CAWG identity assertion technical specifications.

Example

"assertions": [
  ...
  {
    "label": "cawg.identity",
    "data": {
      "@context": [
        "https://www.w3.org/ns/credentials/v2",
        "https://cawg.io/identity/1.1/ica/context/"
      ],
      "type": [
        "VerifiableCredential",
        "IdentityClaimsAggregationCredential"
      ],
      "issuer": "did:web:connected-identities.identity.adobe.com",
      "validFrom": "2025-04-29T17:34:44Z",
      "verifiedIdentities": [
        {
          "type": "cawg.social_media",
          "username": "xyz",
          "uri": "https://www.instagram.com/xyz",
          "verifiedAt": "2024-10-08T18:04:08Z",
          "provider": {
            "id": "https://instagram.com",
            "name": "instagram"
          }
        },
        {
          "type": "cawg.social_media",
          "username": "xyz",
          "uri": "https://www.behance.net/xyz",
          "verifiedAt": "2024-10-22T19:31:17Z",
          "provider": {
            "id": "https://behance.net",
            "name": "behance"
          }
        },
        {
          "type": "cawg.social_media",
          "username": "J Smith",
          "uri": "https://www.linkedin.com/in/jsmith",
          "verifiedAt": "2024-10-08T18:03:41Z",
          "provider": {
            "id": "https://linkedin.com",
            "name": "linkedin"
          }
        },
        {
          "type": "cawg.social_media",
          "username": "xyz",
          "uri": "https://twitter.com/xyz",
          "verifiedAt": "2024-10-08T18:03:49Z",
          "provider": {
            "id": "https://twitter.com",
            "name": "twitter"
          }
        }
      ],
      "credentialSchema": [
        {
          "id": "https://cawg.io/identity/1.1/ica/schema/",
          "type": "JSONSchema"
        }
      ]
    }
  }
  ...
]