Having read (I think) the essentials of your work, I still think simple provenance scenarios work.
1. Nadia works for BigPub, which wants to use C2PA
2. BigPub tells Tania "take a selfie this morning on your C2PA-equipped camera and send it to us"
3. Nadia does so. Now BigPub knows Nadia's public key.
4. In future, when a pic comes in from Nadia, they check the C2PA against the remembered public key.
All this establishes is provenance, but I think it works fine?