Incorrect support for "other" assertion metadata #1243
Description
According to the specification, I believe the CDDL is very restrictive of what the metadata can be:
;Describes additional information about an assertion, including a hashed-uri reference to it. We use a socket/plug here to allow hashed-uri-map to be used in individual files without having the map defined in the same file
$assertion-metadata-map /= {
? "dateTime": tdate, ; The RFC 3339 date-time string when the assertion was created/generated
? "reviewRatings": [1* rating-map], ; Ratings given to the assertion (may be empty)
? "reference": $hashed-uri-map, ;hashed_uri reference to another assertion that this review is about
? "dataSource": source-map, ; A description of the source of the assertion data, selected from a predefined list
? "localizations" : [1* localization-data-entry] ; localizations for strings in the assertion
? "regionOfInterest" : $region-map ; describes a region of the asset where this assertion is relevant
}
But the SDK currently allows for other metadata:
c2pa-rs/sdk/src/assertions/metadata.rs
Line 47 in c72f746
I believe this to be erroneous and can lead to invalid content credentials.