• Start recording
• Welcome & antitrust notice
• Introduction of new members
• Agenda review

• Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
• New Members:

• Neil Thomson emphasized exploring the C2PA as a sophisticated mechanism for verifying information about predominantly media content, including texts, photos, and videos. He raised concerns about the comprehensiveness and clarity of the documentation, highlighting issues with model descriptions and the consistent use of terminology within the C2PA specifications.

• Discussion on C2PA's Implementation and Concerns: The conversation critically evaluated the C2PA model's reliance on third-party certificate authorities for signing digital content, expressing worries over the potential for misuse, lack of direct provenance by all tools and persons who touch/change the media, and issues of trust and verification. The absence of direct actor (e.g., camera, transformation/editing applications, or individual) digital signatures on content was identified as a significant flaw in establishing indisputable content authenticity.

• Potential for Content Manipulation and Privacy Risks: The group discussed the C2PA model's provisions for redaction, which could potentially allow for manipulation of the content verification trail while still maintaining a veneer of validity. Concerns were raised about privacy risks associated with accessing verification metadata stored externally, e.g., via URLs, which could inadvertently reveal the identities of those querying the data. The lack of discussion or tools to automatically assess the verifiability/provenance of a C2PA document was noted.

• Technical and Ethical Implications: The discussion also touched upon the technical complexity of the C2PA's approach to documenting and verifying media transformations, as well as ethical considerations concerning who has the authority to verify content via cryptographic signing of components/sections of the document as well as the entire document, and the barriers to adoption due to potential patent encumbrances.

Agreed Actions and Considerations:

• Further Analysis and Discussion: The participants agreed on the need for a deeper dive into the C2PA documentation and its implications for digital identity and media verification, suggesting a collaborative effort to critically evaluate the framework's utility and reliability.

• Engagement with Broader Community: There was a consensus on the importance of engaging with the broader digital identity and security community to gather insights and feedback on the C2PA framework, particularly from those with experience in implementing similar systems.

• Documentation and Sharing: Neil Thomson committed to compiling and sharing an analysis document, incorporating insights from the discussion and external expert opinions, to foster a broader understanding and critique of the C2PA model within relevant forums and groups.

• Risk Assessment: It was suggested that the DMRWG do a formal ToIP Governance Framework Risk Assessment of C2PA, leveraging the mechanisms that are included in the ACDC specification/technology and its rationale (and risk discussions) with regards to Authentic Data and Provenance of Data where raw data may undergo multiple transformations over time. 

Burak Serdar discussed the technical aspects of data schemas, selective disclosure, and the integration of data transformation pipelines. He focused on the application of schema and overlays in managing data privacy and governance.Selective Disclosure:

• • Introduced the concept of selective disclosure using data schemas and overlays. This involves defining sensitive data elements that need to be protected or hidden based on user permissions or other criteria.
  • Demonstrated how data can be filtered and transformed as it passes through a pipeline, ensuring only authorized data is exposed.

• Schema and Overlays:

  • Described the use of JSON schemas and overlays to manage data attributes and privacy settings. Overlays are used to mark certain data fields as sensitive within the schema, controlling visibility based on the overlay settings.
  • Explained how these schemas and overlays are bundled together to form a comprehensive rule set that governs data access and transformation.

• Data Transformation Pipeline:

  • Detailed the operational mechanism of data transformation pipelines which ingest, transform, and export data according to the defined schemas and overlays.
  • Showcased how these pipelines are configured to handle data selectively, applying filters and transformations to ensure data privacy and compliance with governance models.

• Practical Applications:

  • Highlighted the application of this technology in API interoperability, where data needs to be exchanged between systems securely and efficiently.
  • Stressed the importance of translating user-defined data access rules into machine-readable formats using schemas and overlays, allowing dynamic data handling and transformation based on specific use cases.

Technical Insights:

• Graph Data Models: Discussed the representation of data using graph models which enhance the ability to query and manage complex data relationships.
• Pipeline Configurations: Mentioned the use of YAML files for defining pipeline operations, which improves readability and ease of configuration.
• Dynamic Schema Application: Talked about how applications can dynamically generate overlays and schema bundles based on real-time data requirements and governance rules.

Steven Milstein: Asked about the functionality and extendibility of pipelines, the feasibility of multiple disclosure levels through the pipeline, and how new data fields are governed under existing data agreements.

Carly Huitema: We discussed "governance as overlay," for example, defining a query to filter/sub-set the data.