How to indicate which DID a credential should be bound to if using key attestations?

[TimoGlastra]

There seems to be a somewhat unspecified gap as to how DID-based cryptographic binding methods and key attestations should/can work together.

• For JWT proof type without key attestations you'd sign the JWT with a did. This proves control over the/a key associated with the did, as well as the did.
• For JWT proof type with key attestation you could do this with one of the keys, to share which did to use. But there's a gap how to associate a did with attested_keys.
• For attestation proof type there is no way to share which did to use.

One option I see is to specify that an attested key can have a kid parameter to identity the did url associated with the attested key. This does require the wallet provider to also attest to the DID being used. While maybe the wallet provider should focus more on attesting the key, and less whether that key is used with a specific did. I see key attestations valuable for DIDs as well, especially in the context of organizational wallets, so it would be great if there's a way to allow a wallet to indicate which dids are associated with the attested keys.

[Sakurann]

this can be clarified in a non-breaking manner in 1.1, right?