IPTC Media Provenance Policy Overview

The below diagram illustrates the steps involved in obtaining and using an IPTC Verified News Publisher certificate during Phase 1 of the project.

1. News outlet requests Verified News Publisher approval from IPTC. For more info, see Application procedure.
2. IPTC verifies that the news outlet is eligible. See credential policy for details.
3. IPTC issues a Credential confirming verification, either to the news outlet (3a) or directly to the Certificate Authority (3b)
4. News outlet generates a private/public key pair and a certificate signing request (CSR) to send to the Certificate Authority. The CA can help with this process.
5. The Certificate Authority generates a certificate based on the news outlets public key and credential details, and issues the certificate to the News Outlet.
6. The CA informs IPTC that the certificate was issued.
7. IPTC adds the news outlet’s certificate to the Verified News Publishers list.
8. The News Outlet signs content (images and video files for now) with their private key. See the IPTC Media Provenance wiki for more information and options on how to do this.
9. Consumer views content – either on the News Outlet’s web site or on a third-party platform such as a social media site
10. The Consumer decides to check the integrity and provenance of the content using an online validator
11. The Validator inspects the content and extracts the certificate used for signing. The Validator also checks that the certificate has not been revoked. If the validator supports the IPTC list, then it will check that the certificate is on the IPTC Verified News Publisher list.
12. Validator returns validation status to consumer, including information on whether the content had been tampered with after signing, information on metadata that was included by the publisher at signing time, and details of who signed the content.