From 5aba5c538ab107e79ecfa65a8c15cd6013964c5d Mon Sep 17 00:00:00 2001
From: Manu Sporny Controller Documents
A string or a
set of
-strings that conform to the URL syntax
+strings, each of which conforms to the URL syntax
defined in the [[[URL]]] as defined in Section [[[#controllers]]].
@@ -540,9 +540,9 @@ Controller Documents
A set of
[=verification method=] maps
-that conform to the rules in Section [[[#authentication]]] or a
+that conform to the rules in Section [[[#authentication]]]; or a
a set of
-strings that conform to the URL syntax
+strings, each of which conforms to the URL syntax
defined in the [[[URL]]].
@@ -614,15 +614,15 @@ Controllers
@@ -631,7 +631,7 @@ Controllers
value expresses one or more identifiers. Any [=verification methods=] contained
in the [=controller documents=] for those identifiers SHOULD
be accepted as authoritative, such that proofs that satisfy those
-[=verification methods=] are to be considered equivalent to proofs provided
+[=verification methods=] are considered equivalent to proofs provided
by the [=subject=].
Note that authorization provided by the value of `controller` is separate from authentication as described in Section [[[#authentication]]]. -This is particularly important for key recovery in the case of cryptographic key -loss, where the [=subject=] no longer has access to their keys, or key -compromise, where the [=controller=]'s trusted third parties need to +This is particularly important for key recovery in the cases of cryptographic key +loss, where the [=subject=] no longer has access to their keys, or cryptographic +key compromise, where the [=controller=]'s trusted third parties need to override malicious activity by an attacker. See [[[#security-considerations]]] for information related to threat models and attack vectors.
@@ -659,8 +659,8 @@-A [=subject=] can have multiple identifiers for different purposes, or -at different times. The assertion that two or more identifiers (or other types +A [=subject=] can have multiple identifiers that are used for different purposes +or at different times. The assertion that two or more identifiers (or other types of URI) refer to the same [=subject=] can be made using the `alsoKnownAs` property.
@@ -668,7 +668,7 @@Applications might choose to consider two identifiers related by `alsoKnownAs` -to be equivalent if the `alsoKnownAs` relationship is reciprocated in -the reverse direction. It is best practice not to consider them -equivalent in the absence of this inverse relationship. In other words, the -presence of an `alsoKnownAs` assertion does not prove that this assertion is -true. Therefore, it is strongly advised that a requesting party obtain +to be equivalent if the `alsoKnownAs` relationship expressed in the +controller document of one [=subject=] is also expressed in the reverse direction +(i.e., reciprocated) in the controller document of the other [=subject=]. It is +best practice not to consider them +equivalent in the absence of this reciprocating relationship. In other words, +the presence of an `alsoKnownAs` assertion does not prove that this assertion +is true. Therefore, it is strongly advised that a requesting party obtain independent verification of an `alsoKnownAs` assertion.
Given that the [=subject=] might use different identifiers for different -purposes, an expectation of strong equivalence between the two identifiers, or -merging the information of the two corresponding [=controller documents=], is +purposes, such as enhanced privacy protection, an expectation of strong +equivalence between the two identifiers, or taking action to +merge the information from the two corresponding [=controller documents=], is not necessarily appropriate, even with a reciprocal relationship.
Context injection is expected to be unnecessary sometimes, such as when the Verifiable Credential Data Model v2.0 context (`https://www.w3.org/ns/credentials/v2`) -exists as a value in the `@context` property, as that context map all of the +exists as a value in the `@context` property, as that context maps all of the necessary Data Integrity terms that were previously mapped by `https://w3id.org/security/data-integrity/v2`.