Updates for reading old and writing new manifests #217
Conversation
|
🚀 Deployed on https://deploy-preview-217--cai-open-source.netlify.app |
|
|
||
| ## Legacy ingredients | ||
|
|
||
| Old manifests may contain these kinds of deprecated ingredient data: |
There was a problem hiding this comment.
While these labels will show up so they can detect them, the API will return the same ingredient option for any of them. But the field contents may vary depending on the version.
There was a problem hiding this comment.
"...the API will return the same ingredient option ..."
I think this should be "...same ingredient OBJECT..." right?
| @@ -0,0 +1,141 @@ | |||
| --- | |||
| id: cawg-id | |||
| title: Writing CAWG identity assertions | |||
There was a problem hiding this comment.
I think it is ok to explain how CAWG identity will look when reading manifests, but we have some work to do to define how you will create them. Eric has been reconstructing this api.
docs/manifest/writing/ingredients.md
Outdated
|
|
||
| The `ingredients` array contains an [ingredient object](manifest/json-ref/manifest-def.mdx#ingredient) for each ingredient. The only required property of the `ingredient` object is the `title` property, which usually is the source file name. | ||
|
|
||
| The `label` property for the first ingredient in a manifest is `c2pa.ingredient.v3` When there is more than one ingredient, subsequent labels have a monotonically increasing index: `c2pa.ingredient.v3__1`, `c2pa.ingredient.v3__2`, and so on. |
There was a problem hiding this comment.
Note that this only applies when reading, you can use your own labels when creating new ingredients, but those labels are only temporary and will be replaced
| See [Validation results](json-ref/reader#validationresults) in the manifest JSON reference. | ||
|
|
||
| When ingredients are added, the SDK validates their Content Credentials (if any). However, the validation status of an ingredient does not imply anything about the validation status of the composed asset containing the ingredient. In other words: | ||
| - A composed asset's Content Credentials may be valid, but one or more of its ingredients may have invalid Content Credentials. For example, test file [adobe-20220124-XCA.jpg](https://contentcredentials.org/verify?source=https://c2pa.org/public-testfiles/image/jpeg/adobe-20220124-XCA.jpg) |
There was a problem hiding this comment.
I don't think these are the right examples. XCA has a hard binding error in the active manifest but is otherwise valid. The A, ingredient is fine and has no manifest.
The CIE-sig-CA file has an invalid signature in an ingredient but active manifest is valid and identifies that that ingredients error were known when signed.
There was a problem hiding this comment.
I need correct examples here.
org.cai.ingredientIdstoingredientIds.See also Changes in the v1.0 SDK release.
Review questions:
WIP Notes:
New assertion types: