diff --git a/doc/Security.xml b/doc/Security.xml
index cfd8c6535..811e57b90 100644
--- a/doc/Security.xml
+++ b/doc/Security.xml
@@ -4379,12 +4379,28 @@
       <title>Media Signing</title>
       <section xml:id="section_cfb_gy4_kwb">
         <title>Overview</title>
-        <para>Signing of media that is generated by the device is described in the [Media Signing
-          Specification]. Media is signed using a private key that is provisioned during factory
-          production that is stored in a specially protected hardware component (e.g., a trusted
-          platform module). This private key is associated with a certificate that holds the public
-          key. In addition to the factory provisioned key one additional private key can be used to
-          sign media. </para>
+        <para>Media authenticity data in the form of signatures is generated by the device and
+          included in the media stream as described in the [Media Signing Specification]. Media is
+          typically signed using a certificate based on the private key provisioned in one of the
+          below listed approaches</para>
+          <variablelist>
+            <varlistentry>
+              <term>Factory Provisioned Key</term>
+              <listitem>
+                <para>Private key provisioned into the device, during factory production, stored in
+                a specially protected hardware component (e.g., a trusted platform module). This
+                private key is associated with a certificate that holds the public key.</para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>User Provisioned Key</term>
+              <listitem>
+                <para>User can provision an additional private key and that private key is
+                associated with a certificate that holds the public key. </para>
+              </listitem>
+            </varlistentry>
+          </variablelist>
+
       </section>
       <section xml:id="section_dfb_gy4_kwb">
         <title>AddMediaSigningCertificateAssignment</title>
@@ -4402,8 +4418,8 @@
           <varlistentry>
             <term>request</term>
             <listitem>
-              <para role="param">CertificationPathID - [tas:CertificationPathID] The ID of the
-                certification path to assign for media signing.</para>
+              <para role="param">CertificationPathID - [tas:CertificationPathID]</para>
+              <para role="text">The ID of the certification path to assign for media signing.</para>
             </listitem>
           </varlistentry>
           <varlistentry>
@@ -4415,11 +4431,12 @@
           <varlistentry>
             <term>faults</term>
             <listitem>
-              <para role="param">env:Sender - ter:InvalidArgVal - ter:CertificationPathID No
+              <para role="param">env:Sender - ter:InvalidArgVal - ter:CertificationPathID </para>
+              <para role="text">No
                 certification path is stored in the keystore under the given certification path
                 ID.</para>
-              <para role="param">env:Sender - ter:InvalidArgVal - ter:NoPrivateKey The key pair that
-                is associated with the leaf certificate in the certificate chain does not have an
+              <para role="param">env:Sender - ter:InvalidArgVal - ter:NoPrivateKey </para>
+               <para role="text"> The key pair that is associated with the leaf certificate in the certificate chain does not have an
                 associated private key.</para>
             </listitem>
           </varlistentry>
@@ -4444,8 +4461,8 @@
           <varlistentry>
             <term>request</term>
             <listitem>
-              <para role="param">CertificationPathID - [tas:CertificationPathID] The ID of the
-                certification path to remove.</para>
+              <para role="param">CertificationPathID - [tas:CertificationPathID]</para>
+              <para>The ID of the certification path to remove.</para>
             </listitem>
           </varlistentry>
           <varlistentry>
@@ -4474,6 +4491,43 @@
       </section>
       <section xml:id="section_ffb_gy4_kwb">
         <title>GetAssignedMediaSigningCertificates</title>
+        <para>This operation returns the IDs of the certification paths that are assigned for media
+          signing on the device. This operation will always return the factory provisioned
+          certification path and can additionally return a certification path that has been added by
+          AddMediaSigningCertificateAssignment.</para>
+        <para>This interface is deprecated due to the introduction of GetAssignedMediaSigningCertificationPaths.</para>
+        <variablelist role="op">
+          <varlistentry>
+            <term>request</term>
+            <listitem>
+              <para role="text">This message is empty.</para>
+            </listitem>
+          </varlistentry>
+          <varlistentry>
+            <term>response</term>
+            <listitem>
+              <para role="param">CertificationPathID - optional, max 2 [tas:CertificationPathID] </para>
+              <para role="text">List of certification path IDs assigned for media signing. At least
+                one certification path that includes the factory provisioned one shall be returned.
+                At most two certification paths will be returned.</para>
+            </listitem>
+          </varlistentry>
+          <varlistentry>
+            <term>faults</term>
+            <listitem>
+              <para role="text">None</para>
+            </listitem>
+          </varlistentry>
+          <varlistentry>
+            <term>access class</term>
+            <listitem>
+              <para role="access">READ_SYSTEM_SECRET</para>
+            </listitem>
+          </varlistentry>
+        </variablelist>
+      </section>
+      <section xml:id="u3w_brs_k3c">
+        <title>GetAssignedMediaSigningCertificationPaths</title>
         <para>This operation returns the IDs of the certification paths that are assigned for media
           signing on the device. This operation will always return the factory provisioned
           certification path and can additionally return a certification path that has been added by
@@ -4492,8 +4546,8 @@
             <listitem>
               <para role="param">CertificationPathID - optional, max 2 [tas:CertificationPathID] </para>
               <para role="text">List of certification path IDs assigned for media signing. At least
-                one certification path will be returned, the factory provisioned one. At most two
-                certification paths will be returned.</para>
+                one certification path that includes the factory provisioned one shall be returned.
+                At most two certification paths will be returned.</para>
             </listitem>
           </varlistentry>
           <varlistentry>
@@ -5541,7 +5595,7 @@
                   <para>MediaSigningSupported</para>
                 </entry>
                 <entry>
-                  <para>If true, GetAssignedMediaSigningCertificates shall be supported.</para>
+                  <para>If true, GetAssignedMediaSigningCertificationPaths shall be supported.</para>
                 </entry>
               </row>
               <row>
diff --git a/wsdl/ver10/advancedsecurity/wsdl/advancedsecurity.wsdl b/wsdl/ver10/advancedsecurity/wsdl/advancedsecurity.wsdl
index 163f9eb90..2a02ea4cc 100644
--- a/wsdl/ver10/advancedsecurity/wsdl/advancedsecurity.wsdl
+++ b/wsdl/ver10/advancedsecurity/wsdl/advancedsecurity.wsdl
@@ -2463,6 +2463,23 @@
 				</xs:complexType>
 			</xs:element>
 			<!--===============================-->
+			<xs:element name="GetAssignedMediaSigningCertificationPaths">
+				<xs:complexType>
+					<xs:sequence/>
+				</xs:complexType>
+			</xs:element>
+			<xs:element name="GetAssignedMediaSigningCertificationPathsResponse">
+				<xs:complexType>
+					<xs:sequence>
+						<xs:element name="CertificationPathID" type="tas:CertificationPathID" minOccurs="0" maxOccurs="2">
+							<xs:annotation>
+								<xs:documentation>The IDs of all certification paths that are assigned for media signing.</xs:documentation>
+							</xs:annotation>
+						</xs:element>
+					</xs:sequence>
+				</xs:complexType>
+			</xs:element>
+			<!--===============================-->
 			<xs:element name="GetAssignedMediaSigningCertificates">
 				<xs:complexType>
 					<xs:sequence/>
@@ -2881,7 +2898,13 @@
 	<wsdl:message name="RemoveMediaSigningCertificateAssignmentResponse">
 		<wsdl:part name="parameters" element="tas:RemoveMediaSigningCertificateAssignmentResponse"/>
 	</wsdl:message>
-	<wsdl:message name="GetAssignedMediaSigningCertificatesRequest">
+	<wsdl:message name="GetAssignedMediaSigningCertificationPathsRequest">
+		<wsdl:part name="parameters" element="tas:GetAssignedMediaSigningCertificationPaths"/>
+	</wsdl:message>
+	<wsdl:message name="GetAssignedMediaSigningCertificationPathsResponse">
+		<wsdl:part name="parameters" element="tas:GetAssignedMediaSigningCertificationPathsResponse"/>
+	</wsdl:message>
+		<wsdl:message name="GetAssignedMediaSigningCertificatesRequest">
 		<wsdl:part name="parameters" element="tas:GetAssignedMediaSigningCertificates"/>
 	</wsdl:message>
 	<wsdl:message name="GetAssignedMediaSigningCertificatesResponse">
@@ -3563,6 +3586,14 @@
 			<wsdl:input message="tas:RemoveMediaSigningCertificateAssignmentRequest"/>
 			<wsdl:output message="tas:RemoveMediaSigningCertificateAssignmentResponse"/>
 		</wsdl:operation>
+		<wsdl:operation name="GetAssignedMediaSigningCertificationPaths">
+			<wsdl:documentation>
+				This operation returns the IDs of the certification paths that are assigned for media signing on the device. This operation will always return the factory provisioned certification path and can additionally return a certification path that has been added by AddMediaSigningCertificateAssignment.<br/>
+				A device shall support this command if the MediaSigningSupported capability is true.
+			</wsdl:documentation>
+			<wsdl:input message="tas:GetAssignedMediaSigningCertificationPathsRequest"/>
+			<wsdl:output message="tas:GetAssignedMediaSigningCertificationPathsResponse"/>
+		</wsdl:operation>
 		<wsdl:operation name="GetAssignedMediaSigningCertificates">
 			<wsdl:documentation>
 				This operation returns the IDs of the certification paths that are assigned for media signing on the device. This operation will always return the factory provisioned certification path and can additionally return a certification path that has been added by AddMediaSigningCertificateAssignment.<br/>
@@ -4186,7 +4217,16 @@
 				<soap:body use="literal"/>
 			</wsdl:output>
 		</wsdl:operation>
-		<wsdl:operation name="GetAssignedMediaSigningCertificates">
+		<wsdl:operation name="GetAssignedMediaSigningCertificationPaths">
+			<soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/GetAssignedMediaSigningCertificationPaths"/>
+			<wsdl:input>
+				<soap:body use="literal"/>
+			</wsdl:input>
+			<wsdl:output>
+				<soap:body use="literal"/>
+			</wsdl:output>
+		</wsdl:operation>
+				<wsdl:operation name="GetAssignedMediaSigningCertificates">
 			<soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/GetAssignedMediaSigningCertificates"/>
 			<wsdl:input>
 				<soap:body use="literal"/>