Inferensys

Glossary

Manifest Assertion

A structured, digitally signed statement within a C2PA manifest that makes a specific claim about the content, such as its creator, creation date, or an action performed on it.
Legal team reviewing EU AI Act compliance documents on laptop in modern office, coffee cups and papers on table, casual meeting.
CONTENT CREDENTIALING

What is Manifest Assertion?

A structured, digitally signed statement within a C2PA manifest that makes a specific claim about the content, such as its creator, creation date, or an action performed on it.

A manifest assertion is a structured, cryptographically signed claim embedded within a C2PA manifest that declares a specific fact about a piece of digital content. Each assertion, such as the creativeWork or action assertion, is a discrete, verifiable statement that, when combined with others, forms the complete provenance chain of the asset.

These assertions are digitally signed using the creator's private key, backed by an X.509 Certificate, ensuring non-repudiation and integrity. A validator engine parses these assertions, checking their claim signature against a trust list to confirm the content's origin and edit history are authentic and tamper-evident.

C2PA ASSERTION ANATOMY

Key Characteristics of Manifest Assertions

A manifest assertion is the atomic unit of truth within a C2PA content credential. Each assertion is a structured, digitally signed claim that makes a specific, verifiable statement about the content's provenance.

01

Structured Claim Format

Every assertion follows a strict, machine-readable schema defined by the C2PA specification. This ensures interoperable validation across different tools and platforms.

  • Label: A unique identifier for the claim type (e.g., stds.schema-org.CreativeWork)
  • Data: The payload containing the actual claim, formatted as a JSON-LD object
  • Schema Reference: A pointer to the formal definition that governs the data structure

This structure allows validators to programmatically parse and verify claims without human interpretation.

02

Cryptographic Binding

An assertion is not merely a text tag; it is cryptographically bound to the content and the signer's identity through a digital signature.

  • The assertion data is hashed and included in the manifest's claim signature
  • The signature is generated using the private key associated with an X.509 certificate
  • Any post-signing modification to the assertion data invalidates the signature

This creates a non-repudiable link between the claim, the content, and the identified party making the assertion.

03

Assertion Types & Hierarchy

C2PA defines a taxonomy of assertion types to cover the full content lifecycle. Key categories include:

  • Creative Work Assertions: Claims about authorship, copyright, and the nature of the work itself, often using schema.org vocabularies
  • Action Assertions: Document specific edits performed, such as c2pa.cropped or c2pa.color_adjusted, including software agent and parameters
  • Ingredient Assertions: Reference source media used in composites, forming the backbone of the provenance chain
  • Identity Assertions: Link the content to a verified real-world identity via a trusted certificate chain
04

Hard vs. Soft Binding

Assertions can be attached to content using two distinct methods, each with different resilience characteristics:

  • Hard Binding: The manifest containing all assertions is embedded directly into the asset's binary file structure using the JUMBF container format. This ensures the provenance data travels with the file but increases file size.
  • Soft Binding: The manifest is stored externally as a sidecar file or cloud URL, referenced by a content hash. This is lighter but risks metadata stripping if the asset is transferred without its sidecar.

The choice depends on the distribution pipeline and resilience requirements.

05

Trust List Validation

An assertion's credibility is only as strong as the signer's identity. Validation relies on a Trust List—a cryptographically signed roster of approved issuers and Certificate Authorities.

  • The validator engine checks the signer's X.509 certificate chain against the trust list
  • It performs a revocation check via OCSP to ensure the certificate hasn't been invalidated
  • Only assertions signed by entities on the trust list are displayed as verified

This prevents self-signed or compromised certificates from producing convincing but fraudulent provenance claims.

06

Redaction & Privacy Controls

Assertions support selective disclosure to balance transparency with privacy. Sensitive metadata can be redacted without breaking the cryptographic chain.

  • A pre-redaction hash is included in the signed manifest
  • Redacted fields are replaced with a placeholder, and a zero-knowledge proof can optionally demonstrate the redaction was valid
  • This allows, for example, a photojournalist to assert their identity while redacting the exact GPS coordinates of a sensitive location

The verifier can still confirm the manifest's integrity even with redacted fields.

MANIFEST ASSERTION

Frequently Asked Questions

Clear answers to common questions about the structured, digitally signed statements that form the backbone of C2PA content credentials.

A manifest assertion is a structured, digitally signed statement within a C2PA manifest that makes a specific, verifiable claim about a piece of digital content. It is the atomic unit of provenance, carrying a single fact such as the creator's identity, the creation date, or a specific edit action performed. Each assertion is a JSON-LD data object that is cryptographically hashed and then signed by the actor making the claim, using their private key. This signature binds the claim to a specific identity backed by an X.509 Certificate, ensuring non-repudiation. When a validator processes the manifest, it checks the signature on each assertion against the signer's public key and verifies the certificate chain against a Trust List. This mechanism creates a tamper-evident record: any modification to the assertion's data after signing will invalidate the cryptographic hash, immediately alerting the verifier to potential manipulation.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.