relative DID url as a `kid` of a VC

[Sakurann]

Use relative DID URL instead of an absolute DID URL to prevent verifiers not checking iss in the body and only DID in kid. (cc @tplooker )

[troyronda]

@Sakurann @tplooker Do you have any updates on this topic?

The absolute DID URI vs relative DID URI for the kid is causing ambiguity. It would be good if this profile explicitly stated support for relative URIs (and any needed implementation guidance on how to support relative URIs for the kid).

[troyronda]

From the above, I assume there to be a preference for relative URI.

Is it also the case that absolute URIs continue to need acceptance? If so, should we restrict the absolute URIs to also contain (be prefixed by) the issuer URI.

Topics:

• Define handling for relative URI. For example:

The kid MAY be a relative URI. In this case, the kid is treated as being relative to the issuer URI contained within iss.

• Define recommendation for absolute vs relative URI. For example:

The kid SHOULD be a relative URI...

• Define handling for absolute URI. For example:

The kid MAY be an absolute URI. In this case, the kid MUST be a URI that is prefixed by the issuer URI contained within iss.

[tplooker]

Im in favour of less options here, the value of kid should be relative to the iss value, absolute urls is just a recipe for implementation mistakes, is there any reason we wouldn't just require relative URL's here?

[Sakurann]

I think we need to wait for a resolution on https://github.com/w3c/vc-data-model/issues/914 before we merge this PR.

FWIW, I agree with Tobias, it should be relative or absolute, not either. and I am personally in favor of relative URL

[Sakurann]

breaking change for the wallet, if we make this change, the header must change.