Closed TallTed closed 1 year ago
I agree this issue blocks CR.
I recommend we say the following:
kid
MUST be an absolute URL.
kid
MUST start with the issuer identifier used in the verifiable credential, or the holder identifier in a verifiable presentation.
I don't believe DIDs should be mentioned at all, since they are not mentioned in https://w3c.github.io/vc-data-integrity/#verification-methods
The value of the id property for a verification method MUST be a string that conforms to the conforms to the [URL] syntax.
Agree with @OR13's suggested normative language above.
I disagree with the assertion that kid
must be an absolute URL. I'm fine with it being an absolute URL when the key is being retrieved from a DID (or more generally, a controller document). But when retrieving keys from JWK Sets, the kid
needs to be able to be any string, since the JWK Set authors get to choose their kid
values.
@selfissued can you revise your suggestion and address the example in the spec: https://w3c.github.io/vc-data-model/#example-a-simple-example-of-a-verifiable-credential
I think has been handled by:
_Originally posted by @msporny in https://github.com/w3c/vc-jose-cose/pull/153#discussion_r1326169335_
I opened this fresh issue because it's a better home for this discussion than a comment on a pull request.