added example of issuer with object as value

[brentzundel]

Addresses issue #709
Signed-off-by: Brent brent.zundel@gmail.com

---

Preview | Diff

[msporny]

We need to define this in the JSON-LD context or use something like urn:example:jwk.

[brentzundel]

changed in 3c5b319

[brentzundel]

Let me know if this change works.

[msporny]

I've been thinking about this PR over the last week or so as I was on the fence about it. Fundamentally, I think the example is an anti-pattern that we don't want people to use, for the following reason:

The PR suggests that people should use public keys to identify issuers. This is a bad practice because you don't get key rotation when you do this, which is one of the things that DIDs achieved (and why so many of us are proceeding along those lines).

We had started a few years ago ago by using keys as issuers, but we've gone away from doing that over the years because of the bind it puts issuers and verifiers in. Everyone needs to track whose keys are whose and that leads to complex and fragile systems (as exemplified by some of the systems utilizing JWKs as ways to identify issuers).

As such, we came up with the controller pattern, where (at least in LD Proofs) the key is associated with a proof, which points to the key via something like (in the Verifiable Credential LD Proof):

    "verificationMethod": "did:example:1234567#key-1",

When you go and look at that key (in the DID Document), it's expected that it has a controller or some way of associating it with the entity that controls the key. These keys are usually tied to entities in the DID Document, and thus it enables you to do stuff like this (in the Verifiable Credential):

  "issuer": "did:example:1234567"

... which is great for issuers and verifiers, because that's a long lived identifier that doesn't break when you rotate keys.

This example goes against that very hard earned lesson, and thus I think we should defer pulling this example into the specification.

[msporny]

Overcome by PR #715, which has been merged.