contentauth
Claim instanceID field handling
The spec has a required instanceID field in the claim. It is described as follows:
If the asset contains XMP, then the asset’s xmpMM:InstanceID should be used as the instanceID. When no XMP is available, then some other unique identifier for the asset shall be used as the value for instanceID.
There isn't clear guidance on what "the asset" refers to here. One might assume it means the asset that the claim is signed for. In the relatively unusual case where no change has been made to the asset in question, then the xmpMM:InstanceID of that asset could be used. But if we change the asset in the process of signing it, then presumably it becomes a different instance of that asset and would require a new instanceID.
As it is, we tend to copy whatever the source file had in XMP to our destination signed file, sometimes adding or removing the remote URL data but otherwise not modifying the XMP. But, in theory, maybe we should be generating and writing a new instanceID. However, the cases where this change is required are, at least in my mind, a bit foggy. Does one update the xmp instanceID when just adding a remote URL? What if the only changes to the asset other than the c2pa manifest, were XMP changes? Does that require an new instanceID?
Not really knowing how to handle all this, I settled on just generating a new instanceID for each new claim. But currently we don't write that instanceID to the file's XMP. In fact, it would need to work the other way around, like we do for the remote URL, where we must embed that before we hash the asset and then sign the claim.
So do we do anything? if so, what?
:white_check_mark: Jira issue https://jira.corp.adobe.com/browse/CAI-10476 is successfully created for this GitHub issue.
