aries-cloudagent-python icon indicating copy to clipboard operation
aries-cloudagent-python copied to clipboard
verified publisher icon hyperledger

Using verification method id to identify keys to sign creds in vc api

Open dbluhm opened this issue 1 year ago • 2 comments

Related to #2991; this issue tracks our intent to be able to use verification method ids to sign JSON-LD credentials.

Support for identifying keys by verification method ID was recently merged in #2959. The support needs to be augmented to enable associating multiple kids with a key to better support the use case outlined in #2991.

cc @PatStLouis

dbluhm avatar Jul 02 '24 16:07 dbluhm

@dbluhm from that pr, is the reverse possible, identify a verificationMethod.id from a registered did?

PatStLouis avatar Aug 19 '24 22:08 PatStLouis

No; the challenge with this is that there is potentially more than one VM ID per DID. When signing a VC (either through the VC API or when issuing using DIDComm), what we really need is a clear unambiguous declaration of which VM should be used. I think this is best achieved by using the assertion verification relationship. If a specific verification method is not specified and just a DID is given, we can/should default to selecting the first valid VM (supporting the crypto type we're using) in the assertion list.

dbluhm avatar Aug 20 '24 14:08 dbluhm