Using verification method id to identify keys to sign creds in vc api

hyperledger / aries-cloudagent-python

Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments.

https://wiki.hyperledger.org/display/aries

Apache License 2.0

404 stars 511 forks source link

Using verification method id to identify keys to sign creds in vc api #3078

Open dbluhm opened 2 months ago

dbluhm commented 2 months ago

Related to #2991; this issue tracks our intent to be able to use verification method ids to sign JSON-LD credentials.

Support for identifying keys by verification method ID was recently merged in #2959. The support needs to be augmented to enable associating multiple kids with a key to better support the use case outlined in #2991.

cc @PatStLouis

PatStLouis commented 3 weeks ago

@dbluhm from that pr, is the reverse possible, identify a verificationMethod.id from a registered did?

dbluhm commented 3 weeks ago

No; the challenge with this is that there is potentially more than one VM ID per DID. When signing a VC (either through the VC API or when issuing using DIDComm), what we really need is a clear unambiguous declaration of which VM should be used. I think this is best achieved by using the assertion verification relationship. If a specific verification method is not specified and just a DID is given, we can/should default to selecting the first valid VM (supporting the crypto type we're using) in the assertion list.