Address kid

index.html

@@ -384,11 +384,97 @@ <h2>Key Discovery</h2>
       <p class="issue">
         The working group is still discussing how to close many related issues.
       </p>
-      <p class="issue" data-number="117"></p>
-      <p class="issue" data-number="106"></p>
-      <p class="issue" data-number="31"></p>
-      <p class="issue" data-number="30"></p>
-      <p class="issue" data-number="15"></p>
+
+      <!-- DID URLS via "issuer" and "holder" -->
+      <p>
+        When <a href="iss">iss</a> is absent, and the <a data-cite="VC-DATA-MODEL#dfn-issuers">issuer</a> 
+        is identified as a <a data-cite="DID-CORE#did-subject">DID Subject</a>, 
+        the <a href="#kid">kid</a> MUST be an absolute <a data-cite="DID-CORE#relative-did-urls">DID URL</a>.
+      </p>
+<pre class="example" title="An issuer identified by a DID">
+{
+  "issuer": "did:example:123"
+  // ...
+}
+</pre>
+<pre class="example" title="An absolute DID URL as a kid">
+{
+  "alg": "ES384",
+  "kid": "did:example:123#key-456
+}
+</pre>
+      <p>
+        When <a href="iss">iss</a> is absent, and the <a data-cite="VC-DATA-MODEL#dfn-holders">holder</a> 
+        is identified as a <a data-cite="DID-CORE#did-subject">DID Subject</a>, 
+        the <a href="#kid">kid</a> MUST be an absolute <a data-cite="DID-CORE#relative-did-urls">DID URL</a>.
+      </p>
+<pre class="example" title="A holder identified by a DID">
+{
+  "holder": "did:example:abc"
+  // ...
+}
+</pre>
+<pre class="example" title="An kid as an absolute DID URL">
+{
+  "alg": "ES384",
+  "kid": "did:example:abc#key-456
+}
+</pre>
+
+      <!-- REGULAR URLS via "issuer" and "holder" -->
+      <p>
+        When <a href="iss">iss</a> is absent, and the <a data-cite="VC-DATA-MODEL#dfn-issuers">issuer</a> is identified as a [[URL]],
+        the <a href="#kid">kid</a> MUST be an absolute [[URL]] to a verification method listed in a controller document.
+      </p>
+
+<pre class="example" title="An issuer identified by a controller document identifier">
+{
+  "issuer": {
+    "id": "https://university.example/issuers/565049"
+  }
+  // ...
+}
+</pre>
+<pre class="example" title="A kid as a controller document verificaton method identifier">
+{
+  "alg": "ES384",
+  "kid": "https://university.example/issuers/565049#key-123
+}
+</pre>
+
+      <p>
+        When the <a data-cite="VC-DATA-MODEL#dfn-holders">holder</a> is identified as a [[URL]], 
+        and <a href="iss">iss</a> is absent,
+        the <a href="#kid">kid</a> MUST be an absolute [[URL]] to a verification method listed in a controller document.
+      </p>
+<pre class="example" title="A holder identified by a controller document identifier">
+{
+  "holder": {
+    "id": "https://university.example/issuers/565049"
+  }
+  // ...
+}
+</pre>
+<pre class="example" title="A kid as a controller document verificaton method identifier">
+{
+  "alg": "ES384",
+  "kid": "https://university.example/issuers/565049#key-123
+}
+</pre>
+
+      <!-- REGULAR URLS via "iss" -->
+
+      <p>
+        When <a href="iss">iss</a> is a present, and is a [[URL]], 
+        the <a href="#kid">kid</a> MUST match a key discovered via <a href="https://datatracker.ietf.org/doc/html/draft-ietf-oauth-sd-jwt-vc-00#name-jwt-issuer-metadata">JWT Issuer Metadata Request</a>
+      </p>
+
+      <p class="issue" title="(AT RISK) Feature depends on demonstration of independent implementations">
+        This normative statement depends on a -00 IETF OAUTH WG Adopted draft.
+        This feature is at risk and will be removed from the specification if at least
+        two independent, interoperable implementations are not demonstrated.
+      </p>
+
       <p>
     In order to complete the <a data-cite="VC-DATA-MODEL#dfn-verify">verification</a> process, 
     a <a data-cite="VC-DATA-MODEL#dfn-verifier">verifier</a> needs to obtain the cryptographic keys used to secure the