Room 405: TPAC in Anaheim... And we would like to have further discussion about the internet reliability and trustworthiness. Here's the agenda that we were going to have today. First, we would like to recap what Originator Profile is, and then we just opened our GitHub repository today, yay! And you can play around! What's coming next is, CA Test Server for experiment use, and let's talk it about later. So then, OP's latest progress will be introduced, which includes heated discussion over information uncertainty that you can see on the newspaper, and we will be having two POCs in this fiscal year of 2025. And also, Tori Prefectural government is implementing Originator Profile for their website in order to make announcements to their residents. Then, we'd like to talk about our next step and Q and A session.

Room 405: As you all recognize, the spread of false data and manipulation is a global challenge. Fraudulent website mimicking legitimate legitimate organizations and real individuals. And with the rise of generative AI, creating a convincing fraudulent website has become much easier than ever, making it extremely difficult to distinguish legitimate websites from false websites. What's bad about those mimicking websites is that they copy reputable media outlets and propagate false news during natural disasters, or circulate deceptive investment information to manipulate markets. Overall, consuming the internet content is becoming a risk of facing scams, poopings, phishing, ad fraud, disinformation during elections, and serious disaster periods. I know no one likes this situation in the room, and we are the people capable of solving this problem.

Room 405: What OP does for this problem is that we have 3 main technologies.

Room 405: (Please mute if you're not speaking. I don't support.)

Room 405: First, we verify the origin of content, which is extremely important, and next, the originator is verified as existent… it's existent through the third-party verification, which is not self-declaration. And digital signatures confirm the content has not been tampered with and remains the same as when it was originally published. So this is the three key functions that Originator Profile provide.

Room 405: Then we would like to introduce our document, which is just made public today. We get… We had in September, maybe Chris knows, and… The architecture overview and OP Blueprints have been available since the mini-workshop, and this is the URL that you can access whenever you like. And the topic that we had in the mini-workshop was mainly the three topics that we normally argue, and the technology issues was mainly divided into three. One is signing the visible text, and challenging… the challenge against the key theft, and introducing visual hint using emoji, and we then argued governance issues as well. So, ethical issues, non-originator redistributions would be a issue as well, and the governance entity would be, I can like international structure, maybe, and that was one of the discussion. And social and political consequences would include freedom of speech and financial scams and spoofing.

Room 405: And this is the POC code via GitHavy, which is just opened today. Maybe you can access via the PDF that I just uploaded at the… It have issued maybe… 20 minutes ago. So, please give us feedback, and refer to the documents for details in licensing, which will be under CCBY in principle.

Room 405: Demo? This is, Yomi Online, newspaper site, the article, overview. It's talking about the original profile, and if you install original profile example extension, you can add this icon. In the location part, when you click the original profile extension bottom, the window like this will be pop-up. This upper part includes this site and content information. If you click the organization name, detailed information about the organization, including territorial guidelines for privacy policy, or information transmission policy, or if the organization has autopilot fee, certificate, or some other procure annotation, that will be included, like, this… oops.

Room 405: Any user can check which organization is publishing this content, which organization is managing this site, and how organized the organization is, used to publish this. Like this. In the browser main contents window, you can see which part is a target of the content. In this part, title part and text body part is target of content attestation, and we can check every text story is not tempered, not modified after publish. That is our current web extension, sample web extension of Original profile now.

Room 405: Okay, thank you. If you have any question, let's do it later, maybe? And with the OP certification, that the water, OP water is turnout rate of something.

Room 405: Currently, we keep the green icon for every site. Of course, we are discussing to change icon color to gray to… without all this item, or red icon for error page, but currently, almost all page is not the original profile site, so I will add it to indicate red icon, or a gray icon, that's the kind of discussion. We are not branding, of course. Of course, we can show another information on location. Also discussing.

Room 405: Okay, Chris, if you have anything. Just to understand how this is working, The extension is showing something at the site level at the domain… About the entire website.

Room 405: All site review information, website will include the site profile, sp.json, which is signed by the site organizer. Extension can show other part like this. as for content publish, originator profile extension will find... Like this. Like this. (Could you zoom a little bit? Or a lot?) This part will include the… It has, content title, description, seminar image, URL, etc. Original profile extension can find, which photo is contents, and it is not a modifier.

Room 405: For example, this, of the incorrect target of property, which, say… this, This content is selected by this CSS selector. item for, attribute to the equal, article body H1, replace.

Room 405: The originator in this case, it's still Yo Miuri. So each one is always the same. So you would expect that the paragraph level will actually match the site… the site level, because you've got the wrong… It's actually the article level, I think. So, so each of the articles is signed with a… and the result is, stored as a content session. And at that, it's assigned by that site's owner's keys. And, that matches to its website profile. And the… you can find that the data… it… the… top level of the extension webpage says that it is that the purpose of this article has reliability information, and the topmost part is, mentioning about Yamili Shimbo. And the lower part, It's, would you please scroll down a little bit? To, to show… would you please show the profile attestation? Yes, there are multiple profile attestations added and issued from the lower four organizations, issuing, each of the profile attestations. That is independent from the mute symbol. So that is, together, provide that original profile.

Room 405: So, in what circumstances Are they different, those that are lining the attestations?

Room 405: It is, actually, this whole organization is providing, Profile annotation to the key of the… that your meeting is using. It provides information about the signer that is the mill shaper. And each content is signed by using that key of the humidity shaper to provide the information, provide the originating proveness. So, that is the content attestation matched to the article, each of the articles within the body. And also, if there are multiple articles, or article with the other advertisement, of course, advertisement is signed by different advertisers of course. This will appear in the extension pane as a different… from the issuer. No, the content provider is different, and perform different originators, and each of those originators will be, information can be appeared in the extension window.

Room 405: So there's an advertisement on the right here. and you're saying that you could highlight this?

Room 405: Verify, yes. Of course, if your music issued multiple content signing, then it will appear in the main pane, and you can click on each of the content to pick up which part of the content appears in the extension window. In this window, it's showing two, left and right, each of the articles is coming from different origins. And if you're clicking on one of them, then it's showing, there are two icons in the left-hand side. So each has the origin, and clicking on this can show each of the origins of each of the articles. It is possible to include multiple origin originated information in a single page.

Room 405: In the advertising case, typically, you're embedding third-party generated content. I'm wondering about the news aggregator use case where you might have multiple articles coming from different newspapers into an aggregation site.

Room 405: We are currently designing about that, but anyway, the… of course, the aggregator itself, all the information is up here, on the top, maybe, and the following, with multiple sources, originator profiles, is presented in an extension. Like, for example, the Yahoo is aggregating Yomiuri and other newspapers' information onto their site. So, first thing will be maybe the Yahoo originator profile. Then you'll move it on the other unit papers. These appear on the same page, since news aggregator is composing the articles into the single page, so it can be shown as a part of this extension. And it is already implemented somewhere. This is a demonstration page, which will include multiple origin articles.

Room 405: How is that implemented? Because there's a…

Room 405: Of course, each of the articles it's signed by somebody, and somebody… you can find the origin of the information from the somebody, but it's a key delivery information. Actually, it is a domain name, actually. So, each of the domains has an originator profile encoded at the website. So… incorporating under the mashing up every information it can retrieve, then it can… change that this amount of information in a descriptive way. So that's what it is happening. But the origin of that kind of information is that it started from the contents itself. Since the contents each has a, of course, a signing. Who is the signing? Kind of the information is included in the part of the contents on the station. That's the reason why.

Room 405: I have a question related to that. Regarding the contents of multiple sources, how about the advertisement? The newspaper, or any such article which requires the authenticity, but often things increase as a part of the page, but don't bias the content. Oh, advertisement? What about IS purposes. How do we manage it?

Room 405: What do you mean, monishing? Well, I mean, the… The thing who pays? But a part of it, with Rifa, too, maybe Jaya, Beirai, or… Yeah. Maybe…

Room 405: You know… Each of this article comes from the advertisers, for example. So it depends on how the advertiser provides the actual contents. That's a law of advertiser too much? Yes, yes. So, each of the content signing is embedded in part of the HTML. So it is possible to include a content attestation as a part of the HTML. Each of the articles, from the starting point of the signed article, has a content attestation as part of the article. It is possible to find out who is signing, sort of thing. So, it is chained. Information available, starting from the content itself.

Room 405: Perspective, then how users can see it? So, so…

Room 405: If you're not pressing this extension button. this window will not appear, so nothing appears there for the current design. Of course, in the future, somebody's suggestion, we agreed to do that, we can change the behavior, but at this moment, until you press the green button, this window will not appear. And that there's no change, no difference appears on a window, unless you press a button.

Room 405: Yeah, just from my, humble suggestion, from my law at NTT Docomo, to protect users from phishing, not only passkey, but phishing emails, phishing sites, users don't care about it. UX! Which probably should be on the agenda, maybe. Thank you for that.

Room 405: But, on the advertisement, how to detect fraudulent advertisement, for example, is a different thing. And if it can judge, then you… in the browser side, I mean, the user side, the com… some of the protection mechanisms can inhibit, can eliminate such kind of articles. That is possible by using that such kind of signals provided by an originator profile. So, the thing we are doing at this moment is providing a signal to the end user, that this article is coming from here, and this originator has this kind of attributes. That's what we are doing.

Room 405: Yeah, the user experience is very important. With the C2PA approach at the moment, they have a little overlay… 200, which is a little overlay IHOP, which is the place. So it's in the page. aggregate to website, including the script, And you can understand the metadata to show in the input of brands, then… Sounds really making sense to me. So you could do that approach here, right? You could have some kind of overlap.

Room 405: Okay, let me move on to the next slide. Yes, it's okay, thank you for the questions. I would like to introduce our latest progress. We are having… No, we just had the symposium last month, and you have the report on the newspaper, and I also will prepare the video. And this is the 5-minute video, which is made from 4-hour symposium, so let's check.

Room 405: In October 2025, a symposium was held in Japan. A heated discussion was had about digital technology for enhancing the safety of online information.

Room 405: Because it is a free space where anyone can share information, fake sources impersonating real organizations or individuals spread unverified and erroneous information. The spread of false information during disasters, phishing scams, and ad fraud have become major social problems. One of the most effective countermeasures is…

Room 405: Introducing the Originator Profile. This mechanism enables the verification of digital content, such as news articles and advertisements, including the content itself and information about its creator or source using digital signatures. This technology helps users assess the reliability of information in front of them in the digital space by enabling them to verify who actually published online information. And whether it reached them untampered. Sender information is digitally signed for each verification of its authenticity through third-party organizations like industry associations and confirming qualification through certification bodies. Furthermore, visual signatures guarantee that information is displayed without tampering from the moment it is transmitted, ensuring the content is authentic. Users can easily view information about the sender and simultaneously verify that it has not been tampered with. This allows users to easily distinguish between content that has been responsibly published and content that has not. As a result, it is expected to have a significant effect, such as suppressing the spread of fake news and fake advertisements disguised as news outlets, as well as ad fraud, phishing scams, and more. The originator Profile aims to achieve a safe and secure online space. Now, with government backing, major Japanese newspapers and advertisers are beginning to implement the technology.

Room 405: For a healthier future of the internet.

Room 405: Okay, that was the video about the symposium that we had, and the main discussion was about constitutional information constitutional and information and media law experts gathered there and discussed that ensuring the trustworthiness of information sources is crucial for enhancing the safety of cyberspace. There was a government official in the symposium as well, and he introduced the institutional measures, information literacy initiatives, and technological developments, which include OP, being implemented in Japan's policies. But I would like to note that we are working on deployment for local governments to enable OP to work on their contents to public… for public services in a way that is not under their control, so we are independently working.

Room 405: These are our two POCs in fiscal year of 2025. The first one is to implement OP to content management systems of news media outlets. Two major Japanese national newspapers that includes Yomi Shinbun and Asa Shinbun will implementing the OP to their new site, and as well as OPCIP membership companies. Working on governance of the third-party verification system to build trustworthiness framework in terms of social credibility instead of technological authenticity is very important that we are thinking, as Siga-san mentioned.

Room 405: And secondly, we'd like to confirm that ad creatives with OP can be distributed in actual advertising auction system. This is to ensure that the metadata, including the OP for advertising creative is not lost during distribution, from bidding to display.

Room 405: In the advertising context, who's signing as the originator? Is it, like, the ad network that presents it? Or is it the upstream advertiser?

Room 405: Currently, two possibility. One is, DSP. DSP, sign, instead of advertiser itself. One advertiser itself can sign and upload to the DSP. We are currently discussing with DSP, FSB, and so on, how to implement is better for advertiser or better for ecosystem. And we're also implementing, as mentioned before, we will implement to Totoi Prefecture Government's pages. So, Totoi Prefecture's office in Japan will start using OP for public announcements following its implementation in the staging environment in previous year.

Room 405: Next step, I think we are having… a topic table? Tomorrow? Tomorrow, yeah.

Room 405: So, we will have a topic table during lunch. I applied by using the term authenticity. Authenticity on web content, sort of the discussion title. We will have our lunch during lunch. Each of the table has topics to discuss, so we propose to do that tomorrow lunchtime.

Room 405: Please join. And this is what we expect for W3C. So, OP is for web media, so that to discuss ours is discuss our topic in W3C with PE… so natural, and we would like to standardize our technology within W3C. And, the unavailability of content attestation fragments for text objects, and capability of building a network of trustworthiness make OP different from C2PA, and we'd like to discuss the possibility of allocation of collaboration of our functions as part of our architecture, if there's such a space. Please consider, and other parts may remain, and the parties such as the originator resolution mechanism using DNS might be standardized at IETF.

Room 405: That is the presentation. Thank you.