From 2f9cc76757cd32a041b4ef9bf24eb02098865b69 Mon Sep 17 00:00:00 2001 From: Ottavio Campana Date: Tue, 7 Jan 2025 15:37:13 +0100 Subject: [PATCH 1/8] First proposal to signal that a video in a C2PA file conforms to the ONVIF digital media signing specs --- doc/MediaSigning.xml | 255 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 252 insertions(+), 3 deletions(-) diff --git a/doc/MediaSigning.xml b/doc/MediaSigning.xml index 9cd42f640..232276813 100644 --- a/doc/MediaSigning.xml +++ b/doc/MediaSigning.xml @@ -4,19 +4,19 @@ Media Signing Specification Media Signing - 24.12 + 25.06 ONVIF™ www.onvif.org - December, 2024 + June, 2025 - 2022-2024 + 2022-2025 ONVIF™ All rights reserved. @@ -48,6 +48,14 @@ First release + + 25.06 + Dec 2025 + + Ottavio Campana + + Added Annex D for C2PA interoperability + @@ -1379,5 +1387,246 @@ IETF RFC 3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 <> + C2PA Specifications Version 2.1 + <> + + + C2PA interoperability + In C2PA, provenance generally refers to the facts about the history of a piece of digital + content assets (image, video, audio recording, document). Content Credentials enables the + secure binding of statements of provenance data to instances of content. These provenance + statements are called assertions in a Content Credential. They may include assertions about + who created the content and how, when, and where it was created. + This Annex defines the assertions necessary to embed an ONVIF-compliant digitally singed + video feed into a C2PA complaint file. +
+ Overview + The ONVIF-defined assertion are slipt in two group in order to be able to keep track of + two possibiel use cases: + + + The video is generated and signed by a device, but the MP4 file is generated by a + client. + + + The video is generated and signed by a device that support local recording and that + generates the MP4 autonomously. + + + Therefore, the org.onvif.c2pa.device assertion must always be + populated by the device, while the org.onvif.c2pa.client assertion sall + be populated either by the client or by the device. +
+
+ C2PA assertions + The following C2PA assertions are defined to extend the standard C2PA ones: + + + ONVIF-defined C2PA assertions + + + + + + + + + Type + + + Assertion + + + Schema + + + Serialization + + + + + + + ONVIF device information + + + org.onvif.c2pa.device + + + ONVIF + + + JSON-LD + + + + + ONVIF client information + + + org.onvif.c2pa.recorder + + ONVIF + + JSON-LD + + + + +
+ +
+ ONVIF device information + This assertion is used to embed in teh C2PA file informtion about the device that generated the signed video feed. + + + ONVIF-defined C2PA device assertions + + + + + + + + + Name + + + Type + + + Required + + Property description + + + + + + FirmwareVersion + + + String + + + No + + + The version of the FW running on the device that generated the RTSP stream + with the digital signatures. + If this field is populated, it must match the value in the tag. + + + + SerialNumber + + + String + + No + + The serial number of the device that generated the RTSP stream with the + digital signatures. + If this field is populated, it must match the value in the tag. + + + + + Manufacturer + + + String + + No + + The manufacturer the device that generated the RTSP stream with the + digital signatures. + If this field is populated, it must match the value in the tag. + + + + + Certificate + + + String + + Yes + The certificate chain in PEM format + If this field is populated, it must match the value in the tag. + + + +
+ +
+
+ ONVIF client information + This assertion is used to embed in teh C2PA file informtion about the client that exported the signed video feed. + + + ONVIF-defined C2PA recorder assertions + + + + + + + + + Name + + + Type + + + Required + + Property description + + + + + + SoftwareVersion + + + String + + + No + + + The version of the software that generated the C2PA-compliant MP4 + file. + If this field is populated, it must match the value in the tag. + + + + Software + + + String + + No + The name of the software that generated the C2PA-compliant MP4 + file. + + + + ExportUnitMac + + + String + + Yes + The unique physical MAC address of the entity that generated the MP4 file. + + + +
+ +
+
From edf125c9a13833de1e89fc906426f0578e18999f Mon Sep 17 00:00:00 2001 From: Ottavio Campana <68333584+ocampana-videotec@users.noreply.github.com> Date: Thu, 6 Feb 2025 13:48:55 +0100 Subject: [PATCH 2/8] Update doc/MediaSigning.xml Co-authored-by: jmelancongen <115079765+jmelancongen@users.noreply.github.com> --- doc/MediaSigning.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/MediaSigning.xml b/doc/MediaSigning.xml index 232276813..9be5700cb 100644 --- a/doc/MediaSigning.xml +++ b/doc/MediaSigning.xml @@ -1397,7 +1397,7 @@ secure binding of statements of provenance data to instances of content. These provenance statements are called assertions in a Content Credential. They may include assertions about who created the content and how, when, and where it was created. - This Annex defines the assertions necessary to embed an ONVIF-compliant digitally singed + This Annex defines the assertions necessary to embed an ONVIF-compliant digitally signed video feed into a C2PA complaint file.
Overview From 1ee6b03459228cedcf1f9cf4e997002e87b2a670 Mon Sep 17 00:00:00 2001 From: Ottavio Campana <68333584+ocampana-videotec@users.noreply.github.com> Date: Thu, 6 Feb 2025 13:49:04 +0100 Subject: [PATCH 3/8] Update doc/MediaSigning.xml Co-authored-by: jmelancongen <115079765+jmelancongen@users.noreply.github.com> --- doc/MediaSigning.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/MediaSigning.xml b/doc/MediaSigning.xml index 9be5700cb..1e9eb4cd0 100644 --- a/doc/MediaSigning.xml +++ b/doc/MediaSigning.xml @@ -1401,7 +1401,7 @@ video feed into a C2PA complaint file.
Overview - The ONVIF-defined assertion are slipt in two group in order to be able to keep track of + The ONVIF-defined assertion are split in two group in order to be able to keep track of two possibiel use cases: From 98b4ab974cf11c54131da7812f45636c53a4f7fe Mon Sep 17 00:00:00 2001 From: Ottavio Campana <68333584+ocampana-videotec@users.noreply.github.com> Date: Thu, 6 Feb 2025 13:49:12 +0100 Subject: [PATCH 4/8] Update doc/MediaSigning.xml Co-authored-by: jmelancongen <115079765+jmelancongen@users.noreply.github.com> --- doc/MediaSigning.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/MediaSigning.xml b/doc/MediaSigning.xml index 1e9eb4cd0..a2ed778fc 100644 --- a/doc/MediaSigning.xml +++ b/doc/MediaSigning.xml @@ -1402,7 +1402,7 @@
Overview The ONVIF-defined assertion are split in two group in order to be able to keep track of - two possibiel use cases: + two possible use cases: The video is generated and signed by a device, but the MP4 file is generated by a From f86186ebec9854b2fea8d760f3b9ce7ca9ece3d5 Mon Sep 17 00:00:00 2001 From: Ottavio Campana <68333584+ocampana-videotec@users.noreply.github.com> Date: Thu, 6 Feb 2025 13:49:18 +0100 Subject: [PATCH 5/8] Update doc/MediaSigning.xml Co-authored-by: jmelancongen <115079765+jmelancongen@users.noreply.github.com> --- doc/MediaSigning.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/MediaSigning.xml b/doc/MediaSigning.xml index a2ed778fc..2ec1e2ec0 100644 --- a/doc/MediaSigning.xml +++ b/doc/MediaSigning.xml @@ -1414,7 +1414,7 @@ Therefore, the org.onvif.c2pa.device assertion must always be - populated by the device, while the org.onvif.c2pa.client assertion sall + populated by the device, while the org.onvif.c2pa.client assertion shall be populated either by the client or by the device.
From 852d26458093a2353ba702240c1a09aa75eefad0 Mon Sep 17 00:00:00 2001 From: Ottavio Campana <68333584+ocampana-videotec@users.noreply.github.com> Date: Thu, 6 Feb 2025 13:49:24 +0100 Subject: [PATCH 6/8] Update doc/MediaSigning.xml Co-authored-by: jmelancongen <115079765+jmelancongen@users.noreply.github.com> --- doc/MediaSigning.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/MediaSigning.xml b/doc/MediaSigning.xml index 2ec1e2ec0..9f0ebf758 100644 --- a/doc/MediaSigning.xml +++ b/doc/MediaSigning.xml @@ -1398,7 +1398,7 @@ statements are called assertions in a Content Credential. They may include assertions about who created the content and how, when, and where it was created. This Annex defines the assertions necessary to embed an ONVIF-compliant digitally signed - video feed into a C2PA complaint file. + video feed into a C2PA compliant file.
Overview The ONVIF-defined assertion are split in two group in order to be able to keep track of From aa8d791efed480c94e7682af5fc7b7157811e29b Mon Sep 17 00:00:00 2001 From: Ottavio Campana <68333584+ocampana-videotec@users.noreply.github.com> Date: Thu, 6 Feb 2025 13:49:31 +0100 Subject: [PATCH 7/8] Update doc/MediaSigning.xml Co-authored-by: jmelancongen <115079765+jmelancongen@users.noreply.github.com> --- doc/MediaSigning.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/MediaSigning.xml b/doc/MediaSigning.xml index 9f0ebf758..9d128c41a 100644 --- a/doc/MediaSigning.xml +++ b/doc/MediaSigning.xml @@ -1539,7 +1539,7 @@ No - The manufacturer the device that generated the RTSP stream with the + The manufacturer of the device that generated the RTSP stream with the digital signatures. If this field is populated, it must match the value in the tag. From b3e12f2d6ce17f61fe54e7e096a8e4b178427aef Mon Sep 17 00:00:00 2001 From: Ottavio Campana <68333584+ocampana-videotec@users.noreply.github.com> Date: Thu, 6 Feb 2025 13:49:54 +0100 Subject: [PATCH 8/8] Update doc/MediaSigning.xml Co-authored-by: jmelancongen <115079765+jmelancongen@users.noreply.github.com> --- doc/MediaSigning.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/MediaSigning.xml b/doc/MediaSigning.xml index 9d128c41a..2c13ea45c 100644 --- a/doc/MediaSigning.xml +++ b/doc/MediaSigning.xml @@ -1562,7 +1562,7 @@
ONVIF client information - This assertion is used to embed in teh C2PA file informtion about the client that exported the signed video feed. + This assertion is used to embed in the C2PA file information about the client that exported the signed video feed. ONVIF-defined C2PA recorder assertions