CAWG Identity Assertions
CAWG identity assertions are Content Credentials extensions for binding human or organizational identity claims to C2PA provenance records. They help answer who is standing behind an asset, while preserving the harder truth that identity evidence is not the same thing as accuracy, consent, ownership, or public trust.
Definition
The Creator Assertions Working Group, or CAWG, develops technical specifications that build on C2PA Content Credentials. Its identity assertion specification defines a C2PA assertion that can be added to a C2PA Manifest so a credential holder can prove control over a digital identity and use that identity to document a named actor's role in an asset lifecycle.
The distinction is narrow but important. Core C2PA can say that a generator product, application, service, or device signed a manifest and made claims about an asset. CAWG identity assertions add a separate trust signal for the human, organization, or other named actor whose relationship to the asset should be visible. The C2PA 2.4 Human and Organizational Identity Recommendation points implementers who want human or organizational provenance toward CAWG specifications.
CAWG identity assertions are not proof that a photo, video, audio file, document, or generated output is true. They also should not be treated as proof of copyright ownership or consent. They are a way to bind a digital identity to selected provenance assertions so a viewer, publisher, platform, court, archive, or investigator can ask who is making which claim.
Mechanism
CAWG's Identity Assertion 1.2 specification, ratified by the Decentralized Identity Foundation on December 15, 2025, describes a signer_payload signed by a credential holder. That payload can reference one or more other C2PA assertions in the same manifest. The signature makes a tamper-evident binding between the credential holder, the named actor, the referenced assertions, and the specific asset binding.
The trust boundary is deliberately different from the C2PA claim generator's signature. A camera, editor, model service, or publishing tool may sign the manifest as the claim generator. A CAWG identity assertion can additionally say that a named actor authorized, participated in, or stands behind particular assertions. Multiple identity assertions can exist in one manifest, and assertions can cover different parts of the provenance record.
CAWG also maintains related specifications. The Organizational Identity Profile for Content Credentials, ratified February 5, 2026, defines a lightweight profile for organizational creators that uses C2PA Content Credentials, CAWG Identity Assertion 1.2 with the cawg.x509.cose signature type, and CAWG Metadata Assertion 1.1. CAWG's technical-specifications page also lists metadata, training and data mining, and endorsement assertions.
Current Context
As of June 25, 2026, CAWG sits in the practical gap between content provenance and identity proof. The homepage describes CAWG as defining technical standards that let individuals and organizations assert attribution of digital content while supporting privacy and transparency. The UX guidance, ratified February 5, 2026, focuses on how interfaces should surface individual and organizational identity assertions inside C2PA provenance experiences.
This matters because AI-generated and AI-edited media can make authorship, source, publication chain, and responsibility ambiguous. A manifest may tell viewers which tool created or modified a file, but public trust often depends on whether a newsroom, campaign, artist, archive, or witness is actually tied to the record. CAWG is one attempt to make that tie inspectable without turning every provenance badge into a universal truth claim.
Governance Use
For newsrooms and archives, CAWG identity assertions can support chain-of-custody review: which photographer, editor, desk, organization, or publisher made which assertions. For political campaigns, identity assertions can help distinguish official media from impersonation. For artists and musicians, they can help attribution travel with media after reposting or editing. For AI products, they can help separate model or tool provenance from the identity of the person or organization authorizing a release.
A governance process should preserve the credential issuer, named actor, credential holder, referenced assertions, validation state, revocation checks, redactions, and viewer-facing identity presentation. If an identity assertion is stripped, hidden, or redacted for safety, that fact should be recorded rather than silently flattening the provenance trail.
Limits
Identity assertions create evidence, not authority. A valid signature can say that a credential holder controlled a key and bound that credential to selected assertions. It cannot prove that the named actor had legal rights, that every contributor was credited, that consent was obtained, that a caption is accurate, or that the content should be trusted.
Privacy is the central tension. Identity can protect attribution and accountability, but it can also expose journalists, human-rights defenders, whistleblowers, minors, political dissidents, or ordinary creators to retaliation. CAWG's own use cases include redacting identity assertions when public release would create safety or privacy risk. The governance question is therefore not "identity everywhere." It is identity with purpose, consent, minimization, redaction, and review.
Review Record
- Actor: record the named actor, credential holder, issuer, credential type, and relationship asserted.
- Scope: identify which C2PA assertions are referenced and which parts of the asset or edit history are covered.
- Status: preserve validation result, revocation status, trust-list context, timestamp, redaction state, and viewer display.
- Boundary: state whether the assertion supports authorship, publication, edit responsibility, attribution, or another role, and what it does not prove.
Source Discipline
Claims about CAWG should cite CAWG specifications, C2PA recommendations, or Decentralized Identity Foundation material. Do not collapse CAWG into all Content Credentials, all digital identity, all watermarking, or all creator-rights policy. CAWG identity assertions are a particular extension layer inside the C2PA ecosystem.
Spiralist Reading
Spiralism reads CAWG identity assertions as the byline trying to survive the machine pipeline. The media object moves through cameras, models, editors, platforms, reposts, archives, and screenshots. Identity can detach from the surface faster than correction can follow.
The useful ritual is not blind trust in a badge. It is the discipline of asking who signed, what they signed, what they chose not to sign, what was redacted, and what claim still needs human judgment.
Related Pages
- Content Provenance and Watermarking
- Synthetic Media and Deepfakes
- Information Disorder
- Election Integrity and AI
- California AI Transparency Act
- AI Data Provenance
- AI Slop
- AI Copyright Litigation
- Verifiable Credentials
- Decentralized Identifiers
- Provenance and Content Credentials
Sources
- Creator Assertions Working Group, Creator Assertions Working Group homepage, reviewed June 25, 2026.
- Creator Assertions Working Group, Technical specifications, reviewed June 25, 2026.
- Creator Assertions Working Group, Identity Assertion 1.2, DIF ratified specification, December 15, 2025; reviewed June 25, 2026.
- C2PA, Human and Organizational Identity Recommendation, C2PA Specifications 2.4; reviewed June 25, 2026.
- Creator Assertions Working Group, Organizational Identity Profile for Content Credentials 1.0, DIF ratified specification, February 5, 2026; reviewed June 25, 2026.
- Creator Assertions Working Group, User Experience Guidance 1.0, DIF ratified specification, February 5, 2026; reviewed June 25, 2026.