As we look at the the Conformulator to add interrogation and assessment capabilities, the following are known issues from a history of applicant samples that the Conformulator product should flag:
- Deprecated use of URN (current has c2pa in the body of the identifier)
- Deprecated use of c2pa.ingredient.v2 (c2pa.ingredient.v3 pegs to v2.2 of spec)
- Deprecated us of stds.schema-org.CreativeWork (now using CAWG)
- Deprecated us of c2pa.actions (now using c2pa.actions.v2
- Lack of a c2pa inception action (either open or created)
- Lack of a DigitalSourcetype for a created action
- Deprecated use of an assertions array not grouped by created and gathered assertions (current version groups them)
- Placement of standard c2pa assertions in gathered assertions array
- Placement of non-generator product claims (CAWG, custom attribution assertions) in created assertions array.
- Lack of inclusion of the C2PA Trust List to validate certificate trust (don't know where that occurs but I flag this when applicants show c2pa conformant google files as untrusted.
- Lack of evaluating timestamping certificate to indicate that signing cert was valid at time of signing.
- (when in use against 2.4 manifests) Empty or missing specversion key. (Conformulator cannot reference the Applicant';s asserted conformance spec level - that still requires manual inspection)
- An ingested ingredient that has any of these issues.
As we look at the the Conformulator to add interrogation and assessment capabilities, the following are known issues from a history of applicant samples that the Conformulator product should flag: