From 3de855a3f5df3d86b3111b4130016be7fb61572f Mon Sep 17 00:00:00 2001
From: Michael Jones <michael_b_jones@hotmail.com>
Date: Tue, 19 Dec 2023 13:50:59 -0800
Subject: [PATCH 01/14] Correct layering violations related to the proof
 property

---
 index.html | 181 ++++++++++++++---------------------------------------
 terms.html |   2 +-
 2 files changed, 47 insertions(+), 136 deletions(-)

diff --git a/index.html b/index.html
index cf8c44543..caa1e7cad 100644
--- a/index.html
+++ b/index.html
@@ -632,7 +632,7 @@ <h3>Use Cases and Requirements</h3>
 Web Signature of a JSON Web Token for proofing a key holder), are an essential
 part of processing <a>verifiable credentials</a> and
 <a>verifiable presentations</a>. At the time of publication, Working Group
-members had implemented such protection using at least three proof mechanisms:
+members had implemented such protection using at least two proof mechanisms:
         </p>
 
         <ul>
@@ -800,7 +800,9 @@ <h3>Credentials</h3>
 <a>verifiable credential</a>, but abstracts the details about how <a>claims</a>
 are organized into information <a>graphs</a>, which are then organized into
 <a>verifiable credentials</a>. <a href="#info-graph-vc"></a> below shows a
-more complete depiction of a <a>verifiable credential</a>, which is normally
+more complete depiction of a <a>verifiable credential</a>
+secured with Data Integrity Proofs [[VC-DATA-INTEGRITY]].
+<a>Verifiable credentials</a> secured in this manner are
 composed of at least two information <a>graphs</a>. The first <a>graph</a>
 (the <a>verifiable credential graph</a>, in this case the <a>default graph</a>)
 expresses the <a>verifiable credential</a> itself, which contains credential
@@ -890,7 +892,10 @@ <h3>Presentations</h3>
         </p>
         <p>
 <a href="#info-graph-vp"></a> below shows a more complete depiction of a
-<a>verifiable presentation</a>, which is normally composed of at least four
+<a>verifiable presentation</a>
+secured with Data Integrity Proofs [[VC-DATA-INTEGRITY]].
+<a>Verifiable presentations</a>, secured in this manner are
+normally composed of at least four
 information <a>graphs</a>. The first of these <a>graphs</a>, the
 <a>verifiable presentation graph</a> (which is the <a>default graph</a>),
 expresses the <a>verifiable presentation</a> itself, and contains presentation
@@ -1175,7 +1180,7 @@ <h3>Contexts</h3>
           </dd>
         </dl>
         <p class="note">
-This specification requires for a <code>@context</code> <a>property</a>
+This specification requires a <code>@context</code> <a>property</a>
 to be present; this property is defined by [[JSON-LD]].
         </p>
         <pre class="example nohighlight" title="Usage of the @context property">
@@ -1194,8 +1199,7 @@ <h3>Contexts</h3>
       "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
       "name": "Example University"
     }
-  },
-  "proof": { <span class="comment">...</span> }
+  }
 }
         </pre>
 
@@ -1417,16 +1421,6 @@ <h3>Types</h3>
               </td>
             </tr>
 
-            <tr>
-              <td>
-<a href="#proofs-signatures">Proof</a>&nbsp;object
-              </td>
-              <td>
-A valid proof <a>type</a>. For example,<br>
-<code>"type": "DataIntegrityProof"</code>
-              </td>
-            </tr>
-
             <tr>
               <td>
 <a href="#status">credentialStatus</a>&nbsp;object
@@ -2048,7 +2042,9 @@ <h3>Securing Mechanisms</h3>
           </li>
           <li>
 MUST provide a verification mechanism that returns only the information in the
-<a>conforming document</a> that has been secured. It MAY provide an
+<a>conforming document</a> that has been secured.
+This does not include the proof and related data used to secure the information.
+It MAY provide an
 additional mechanism to receive other information that might be helpful
 during validation or for debugging purposes. The concrete interface that is
 expected to be provided is detailed in the
@@ -2066,72 +2062,21 @@ <h3>Securing Mechanisms</h3>
 
         <p>
 Methods of securing <a>verifiable credentials</a> or
-<a>verifiable presentations</a> that embed a proof in the data model MUST use
-the <code>proof</code> <a>property</a>.
+<a>verifiable presentations</a> that embed a proof in the data model MAY use a
+the <code>proof</code> <a>property</a>,
+when specified by the securing mechanism.
         </p>
         <p>
 Methods of securing <a>verifiable credentials</a> or <a>verifiable
-presentations</a> that use an external proof MAY use the <code>proof</code>
+presentations</a> that use an external proof MAY include a <code>proof</code>
 <a>property</a>.
         </p>
-        <dl>
-          <dt><var>proof</var></dt>
-          <dd>
-            <p>
-One or more cryptographic proofs that can be used to detect tampering and verify
-the authorship of a <a>verifiable credential</a> or a <a>verifiable
-presentation</a>. Each proof is a separate <a>named graph</a>
-(referred to as a <dfn class="export">proof graph</dfn>) containing a single
-proof. The specific method used for an <a>embedded proof</a> MUST be identified
-using the <code>type</code> <a>property</a>.
-            </p>
             <p>
 A proof for a <a>verifiable credential</a> covers all <a>claims</a>
 included in the corresponding <a>verifiable credential graph</a>.
 See <a href="#presentations-0"></a> for the case when the property is used for a
 <a>verifiable presentation</a>.
             </p>
-          </dd>
-        </dl>
-
-        <p>
-Because the method used for a mathematical proof varies by representation
-language and the technology used, the set of name-value pairs that is expected
-as the value of the <code>proof</code> <a>property</a> will vary accordingly.
-For example, if digital signatures are used for the proof mechanism, the
-<code>proof</code> <a>property</a> is expected to have name-value pairs that
-include a signature, a reference to the signing entity, and a representation of
-the signing date. The example below uses Ed25519 digital signatures.
-        </p>
-
-        <pre class="example nohighlight"
-          title="Usage of the proof property on a verifiable credential">
-{
-  "@context": [
-    "https://www.w3.org/ns/credentials/v2",
-    "https://www.w3.org/ns/credentials/examples/v2"
-  ],
-  "id": "http://example.gov/credentials/3732",
-  "type": ["VerifiableCredential", "ExampleDegreeCredential"],
-  "issuer": "https://university.example",
-  "validFrom": "2010-01-01T19:23:24Z",
-  "credentialSubject": {
-    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
-    "degree": {
-      "type": "ExampleBachelorDegree",
-      "name": "Bachelor of Science and Arts"
-    }
-  },
-  <span class="highlight">"proof": {
-    "type": "Ed25519Signature2020",
-    "created": "2021-11-13T18:19:39Z",
-    "verificationMethod": "https://university.example/issuers/14#key-1",
-    "proofPurpose": "assertionMethod",
-    "proofValue": "z58DAdFfa9SkqZMVPxAQpic7ndSayn1PzZs6ZjWp1CktyGesjuTSwRdo
-                   WhAfGFCF5bppETSTojQCrfFPP2oumHKtz"
-  }</span>
-}
-        </pre>
 
         <p class="note">
 As discussed in Section <a href="#conformance"></a>, there are multiple viable
@@ -2308,26 +2253,18 @@ <h3>Presentations</h3>
           <dd>
             <p>
                 The <a>verifiable presentation</a> MAY include a <code>proof</code>
-                <a>property</a>, which refers to a separate <a>named graph</a> containing a single proof.
-                The specific method used for the MUST be
-                identified using the <code>type</code> <a>property</a>.
-                <!-- If present, the value SHOULD be used to express a securing
-                mechanism, such as those listed in the
-                Verifiable Credentials Specifications Directory [[?VC-SPECS]]. -->
-                The proof covers of all claims in the following <a>graphs</a>:
+                <a>property</a>
+		when its use is specified by the securing mechanism used.
             </p>
-            <ul>
-              <li>the <a>verifiable presentation graph</a>;</li>
-              <li>all <a>verifiable credential graphs</a> referred to by the <code>verifiableCredential</code> property of the presentation, as well as their corresponding <a>proof graphs</a>.</li>
-            </ul>
           </dd>
         </dl>
 
         <p>
-The example below shows a <a>verifiable presentation</a>:
+The example below shows a <a>verifiable presentation</a>
+secured with Data Integrity Proofs [[VC-DATA-INTEGRITY]]:
         </p>
 
-        <pre class="example nohighlight" title="Basic structure of a presentation">
+        <pre class="example nohighlight" title="Basic structure of a presentation secured with Data Integrity">
 {
   "@context": [
     "https://www.w3.org/ns/credentials/v2",
@@ -2475,7 +2412,7 @@ <h4>Presentations Including Holder Claims</h4>
 mechanism as the <a>verifiable presentation</a>.
           </p>
 
-          <pre class="example nohighlight" title="A verifiable presentation, secured with an embedded proof, with a self-asserted verifiable credential">
+          <pre class="example nohighlight" title="A verifiable presentation, secured with an embedded Data Integrity proof, with a self-asserted verifiable credential">
 {
   "@context": [
     "https://www.w3.org/ns/credentials/v2",
@@ -2502,7 +2439,7 @@ <h4>Presentations Including Holder Claims</h4>
 <a>verifiable presentation</a>.
           </p>
 
-          <pre class="example nohighlight" title="A verifiable presentation, secured with an embedded proof, with a self-asserted verifiable credential about the verifiable presentation">
+          <pre class="example nohighlight" title="A verifiable presentation, secured with an embedded Data Integrity proof, with a self-asserted verifiable credential about the verifiable presentation">
 {
   "@context": [
     "https://www.w3.org/ns/credentials/v2",
@@ -2664,8 +2601,7 @@ <h3>Data Schemas</h3>
   <span class="highlight">"credentialSchema": {
     "id": "https://example.org/examples/degree",
     "type": "ZkpExampleSchema2018"
-  }</span>,
-  "proof": { <span class="comment">...</span> }
+  }</span>
 }
         </pre>
 
@@ -2843,7 +2779,8 @@ <h3>Trust Model</h3>
 it received. To establish this trust, a <a>credential</a> is expected to either:
             <ul>
               <li>
-Include a <a href="#proofs-signatures">proof</a> establishing that the
+Secure the <a>credential</a> with
+a <a href="#proofs-signatures">proof</a> establishing that the
 <a>issuer</a> generated the <a>credential</a> (that is, it is a
 <a>verifiable credential</a>), or
               </li>
@@ -3470,9 +3407,8 @@ <h3>Terms of Use</h3>
       "degree": {
       "type": "ExampleBachelorDegree",
       "name": "Bachelor of Science and Arts"
+      }
     }
-    },
-    "proof": { <span class="comment">...</span> }
   }],
   <span class="highlight">"termsOfUse": [{
     "type": "HolderPolicy",
@@ -3484,8 +3420,7 @@ <h3>Terms of Use</h3>
       "target": "http://university.example/credentials/3732",
       "action": ["3rdPartyCorrelation"]
     }]
-  }]</span>,
-  "proof": [ ... ]
+  }]</span>
 }
         </pre>
 
@@ -3591,8 +3526,7 @@ <h3>Evidence</h3>
     "subjectPresence": "Physical",
     "documentPresence": "Physical",
     "licenseNumber": "123AB4567"
-  }]</span>,
-  "proof": { <span class="comment">...</span> }
+  }]</span>
 }
         </pre>
 
@@ -3607,13 +3541,13 @@ <h3>Evidence</h3>
 
         <p class="note">
 The <code>evidence</code> <a>property</a> provides different and complementary
-information to the <code>proof</code> <a>property</a>. The <code>evidence</code>
+information to the securing mechanism utlized. The <code>evidence</code>
 <a>property</a> is used to express supporting information, such as documentary
 evidence, related to the integrity of the <a>verifiable credential</a>. In
-contrast, the <code>proof</code> <a>property</a> is used to express
+contrast, the securing mechanism is used to express
 machine-verifiable mathematical proofs related to the authenticity of the
 <a>issuer</a> and integrity of the <a>verifiable credential</a>. For more
-information about the <code>proof</code> <a>property</a>, see Section
+information about securing mechanisms, see Section
 <a href="#proofs-signatures"></a>.
         </p>
 
@@ -4182,10 +4116,10 @@ <h3>Syntactic Sugar</h3>
 require them.
             </li>
             <li>
-The <code>verifiableCredential</code> and <code>proof</code> <a>properties</a>
-are defined as
-<a href="https://www.w3.org/TR/json-ld11/#graph-containers">JSON-LD 1.1 graph containers</a>.
-This means the creation of <a>named graphs</a> used to isolate sets of data
+The <code>verifiableCredential</code> <a>property</a>
+is defined as
+a <a href="https://www.w3.org/TR/json-ld11/#graph-containers">JSON-LD 1.1 graph container</a>.
+This means the creation of <a>named graphs</a> can be used to isolate sets of data
 asserted by different entities. This ensures, for example, proper cryptographic
 separation between the data graph provided by each <a>issuer</a>
 and the one provided by the <a>holder</a> presenting the <a>verifiable
@@ -4648,7 +4582,7 @@ <h3>Verify Securing Mechanism</h3>
 If the <var>inputMediaType</var> is `application/vc+ld+json` or
 `application/vp+ld+json`, the <var>extractDocument</var> function takes
 <var>inputBytes</var> as an input parameter, parses the value as JSON into
-an object, removes the `proof` property, and returns the result as an object.
+an object, removes any `proof` property, if present, and returns the result as a JSON object.
 If JSON parsing fails, a <a href="#PARSING_ERROR">PARSING_ERROR</a> is appended
 to <var>result</var>.<var>errors</var>.
               </li>
@@ -4698,13 +4632,7 @@ <h3>Verify Securing Mechanism</h3>
 If <var>securedDocument</var> was successfully set in the previous step, set
 <var>result</var>.<var>status</var> to the result of passing
 <var>securedDocument</var>, along with any relevant function-specific options,
-to the <var>verifyProof</var> function. For example, the
-<var>expectedProofPurpose</var> option is set to `assertionMethod` when
-the conforming document is expected to be a <a>verifiable credential</a>,
-and if the <a>conforming document</a> is expected to be a
-<a>verifiable presentation</a>, the <var>expectedProofPurpose</var> option
-is set to `authentication` and the <var>domain</var> and <var>challenge</var>
-are also provided as options.
+to the <var>verifyProof</var> function.
                   </li>
                 </ol>
               </li>
@@ -5060,12 +4988,10 @@ <h3>Identifier-Based Correlation</h3>
         <h3>Signature-Based Correlation</h3>
 
         <p>
-The contents of <a>verifiable credentials</a> are secured using the
-<code>credential.proof</code> field. The <a>properties</a> in this field
+The contents of <a>verifiable credentials</a> are secured using a securing method.
+Values used to represent the securing method
 create a greater risk of correlation when the same values are used across more
-than one session or domain and the value does not change. Examples include the
-<code>verificationMethod</code>, <code>created</code>,
-<code>proofPurpose</code>, and <code>jws</code> fields.
+than one session or domain and the value does not change.
         </p>
 
         <p>
@@ -5893,8 +5819,7 @@ <h3>Content Integrity Protection</h3>
       "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
       "name": "Example University"
     }
-  },
-  "proof": { <span class="comment">...</span> }
+  }
 }
         </pre>
 
@@ -5919,8 +5844,7 @@ <h3>Content Integrity Protection</h3>
       "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
       "name": "Example University"
     }
-  },
-  "proof": { <span class="comment">...</span> }
+  }
 }
         </pre>
 
@@ -5944,7 +5868,7 @@ <h3>Content Integrity Protection</h3>
         <h3>Unsigned Claims</h3>
 
         <p>
-This specification allows <a>credentials</a> to be produced that do not contain
+This specification allows <a>credentials</a> to be produced that are not secured by
 signatures or proofs of any kind. These types of <a>credentials</a> are often
 useful for intermediate storage, or self-asserted information, which is
 analogous to filling out a form on a web page. Implementers should be aware that
@@ -6554,11 +6478,6 @@ <h3>Proofs (Signatures)</h3>
           <li>
 The cryptographic signature is expected to verify.
           </li>
-          <li>
-If the cryptographic suite expects a <code>proofPurpose</code> <a>property</a>,
-it is expected to exist and be a valid value, such as
-<code>assertionMethod</code>.
-          </li>
         </ul>
 
         <p class="note">
@@ -6568,15 +6487,7 @@ <h3>Proofs (Signatures)</h3>
 before which the <a>credential</a> should not be considered <a>verified</a>,
 distinct from the validity period of the credential. This property describes the
 validity of the proof, not of the credential.
-<br/><br/>
-The <code>verificationMethod</code> <a>property</a> specifies, for example, the
-public key that can be used to verify the digital signature. Dereferencing a
-public key URL reveals information about the controller of the key, which can
-be checked against the issuer of the <a>credential</a>. The
-<code>proofPurpose</code> <a>property</a> clearly expresses the purpose for
-the proof and ensures this information is protected by the signature. A proof is
-typically attached to a <a>verifiable presentation</a> for authentication
-purposes and to a <a>verifiable credential</a> as a method of assertion.
+The JWT <code>iat</code> claim likewise provides the time that the signature was made.
         </p>
       </section>
 
diff --git a/terms.html b/terms.html
index 052a962ab..d3775289d 100644
--- a/terms.html
+++ b/terms.html
@@ -116,7 +116,7 @@
   <dt><dfn data-lt="named graphs">named graph</dfn></dt>
   <dd>
 A <a>graph</a> associated with specific properties, such as
-`verifiableCredential` or `proof`. These properties
+`verifiableCredential`. These properties
 result in separate <a>graphs</a> that contain all <a>claims</a> defined in the
 corresponding JSON objects.
   </dd>

From 5604b061b66d6eed376b75439c4b156220d4b946 Mon Sep 17 00:00:00 2001
From: "Michael B. Jones" <michael_b_jones@hotmail.com>
Date: Fri, 12 Jan 2024 12:56:50 -0800
Subject: [PATCH 02/14] Applied Ted's suggestion

Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index edf574060..938c337b2 100644
--- a/index.html
+++ b/index.html
@@ -3586,7 +3586,7 @@ <h3>Evidence</h3>
         </p>
 
         <p class="note">
-The `evidence` [=property=] provides different and complementary
+The `evidence` [=property=] provides information that is different from and
 information to the securing mechanism utlized. The `evidence`
 [=property=] is used to express supporting information, such as documentary
 evidence, related to the integrity of the [=verifiable credential=]. In

From 1be081b10a53c787cdd1cc0297879f1f2133475f Mon Sep 17 00:00:00 2001
From: "Michael B. Jones" <michael_b_jones@hotmail.com>
Date: Fri, 12 Jan 2024 12:57:10 -0800
Subject: [PATCH 03/14] Applied Ted's suggestion

Co-authored-by: Manu Sporny <msporny@digitalbazaar.com>
---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 938c337b2..8fa78224c 100644
--- a/index.html
+++ b/index.html
@@ -3587,7 +3587,7 @@ <h3>Evidence</h3>
 
         <p class="note">
 The `evidence` [=property=] provides information that is different from and
-information to the securing mechanism utlized. The `evidence`
+information to the securing mechanism utilized. The `evidence`
 [=property=] is used to express supporting information, such as documentary
 evidence, related to the integrity of the [=verifiable credential=]. In
 contrast, the `proof` [=property=] is used to express

From 57f8238f04b2f663f4b6aa4b4b7e4b7dbc6a2ced Mon Sep 17 00:00:00 2001
From: "Michael B. Jones" <michael_b_jones@hotmail.com>
Date: Fri, 12 Jan 2024 12:57:51 -0800
Subject: [PATCH 04/14] Applied Ted's suggestion

Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 8fa78224c..6178d074e 100644
--- a/index.html
+++ b/index.html
@@ -3590,7 +3590,7 @@ <h3>Evidence</h3>
 information to the securing mechanism utilized. The `evidence`
 [=property=] is used to express supporting information, such as documentary
 evidence, related to the integrity of the [=verifiable credential=]. In
-contrast, the `proof` [=property=] is used to express
+contrast, the securing mechanism is used to express
 machine-verifiable mathematical proofs related to the authenticity of the
 [=issuer=] and integrity of the [=verifiable credential=]. For more
 information about securing mechanisms, see Section

From 349c53f8ab9c3a3d97df7ddb70474650239bd1b7 Mon Sep 17 00:00:00 2001
From: "Michael B. Jones" <michael_b_jones@hotmail.com>
Date: Fri, 12 Jan 2024 12:58:11 -0800
Subject: [PATCH 05/14] Applied Ted's suggestion

Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 6178d074e..4d195656a 100644
--- a/index.html
+++ b/index.html
@@ -4278,7 +4278,7 @@ <h3>Syntactic Sugar</h3>
 The `verifiableCredential` [=property=]
 is defined as a
 <a href="https://www.w3.org/TR/json-ld11/#graph-containers">JSON-LD 1.1 graph
-container</a>. This means the creation of [=named graphs=] used to isolate
+container</a>. This requires the creation of [=named graphs=], used to isolate
 sets of data asserted by different entities. This ensures, for example, proper
 cryptographic separation between the data graph provided by each [=issuer=]
 and the one provided by the [=holder=] presenting the <a>verifiable

From b5f633d51551a64981248f8f58b6a2e5319a7812 Mon Sep 17 00:00:00 2001
From: "Michael B. Jones" <michael_b_jones@hotmail.com>
Date: Fri, 12 Jan 2024 12:58:43 -0800
Subject: [PATCH 06/14] Applied Ted's suggestion

Co-authored-by: Manu Sporny <msporny@digitalbazaar.com>
---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 4d195656a..2c65e3fab 100644
--- a/index.html
+++ b/index.html
@@ -4983,7 +4983,7 @@ <h3>Identifier-Based Correlation</h3>
         <h3>Signature-Based Correlation</h3>
 
         <p>
-The contents of a [=credential=] are secured using a securing method.
+The contents of a [=credential=] are secured using a securing mechanism.
 Values used to represent the securing method
 create a greater risk of correlation when the same values are used across more
 than one session or domain and the value does not change.

From f4148b3d0679dfb5cf699a859fec91ee51d8047d Mon Sep 17 00:00:00 2001
From: "Michael B. Jones" <michael_b_jones@hotmail.com>
Date: Fri, 12 Jan 2024 12:59:04 -0800
Subject: [PATCH 07/14] Applied Ted's suggestion

Co-authored-by: Brent Zundel <brent.zundel@gmail.com>
---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 2c65e3fab..3a7b2e21e 100644
--- a/index.html
+++ b/index.html
@@ -6487,7 +6487,7 @@ <h3>Proofs (Signatures)</h3>
 The cryptographic signature is expected to verify.
           </li>
           <li>
-Any additional requirements defined by the securing method are satisfied.
+Any additional requirements defined by the securing mechanism are satisfied.
           </li>
         </ul>
 

From 122c1b2c26eb7b6e6f221bb9960ceaae4cbac5d7 Mon Sep 17 00:00:00 2001
From: "Michael B. Jones" <michael_b_jones@hotmail.com>
Date: Fri, 12 Jan 2024 13:05:41 -0800
Subject: [PATCH 08/14] Applied Ted's suggestion

Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
---
 index.html | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/index.html b/index.html
index 3a7b2e21e..099b348b2 100644
--- a/index.html
+++ b/index.html
@@ -6499,6 +6499,15 @@ <h3>Proofs (Signatures)</h3>
 distinct from the validity period of the credential. This property describes the
 validity of the proof, not of the credential.
 The JWT <code>iat</code> claim likewise provides the time that the signature was made.
+<br/><br/>
+The `verificationMethod` [=property=] specifies, for example, the
+public key that can be used to verify the digital signature. Dereferencing a
+public key URL reveals information about the controller of the key, which can
+be checked against the issuer of the [=credential=]. The
+`proofPurpose` [=property=] clearly expresses the purpose for
+the proof and ensures this information is protected by the signature. A proof is
+typically attached to a [=verifiable presentation=] for authentication
+purposes and to a [=verifiable credential=] as a method of assertion.
         </p>
       </section>
 

From 1bf153b96662d38157470d754ac6a9cbb28d63eb Mon Sep 17 00:00:00 2001
From: "Michael B. Jones" <michael_b_jones@hotmail.com>
Date: Fri, 12 Jan 2024 13:07:37 -0800
Subject: [PATCH 09/14] Applied suggestions by Manu and Brent

---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 099b348b2..984e8d6c1 100644
--- a/index.html
+++ b/index.html
@@ -2071,7 +2071,7 @@ <h3>Securing Mechanisms</h3>
 
         <p>
 An <dfn class="export">embedded proof</dfn> is a mechanism where the proof is
-included in the serialization of the data model. One such embedded
+included in the serialization of the data model. One such RECOMMENDED embedded
 proof mechanism is defined in [[[VC-DATA-INTEGRITY]]] [[VC-DATA-INTEGRITY]].
         </p>
 

From 78d02e216e07acc91f5aadd158f731b94c81bdc0 Mon Sep 17 00:00:00 2001
From: "Michael B. Jones" <michael_b_jones@hotmail.com>
Date: Fri, 12 Jan 2024 13:08:02 -0800
Subject: [PATCH 10/14] Applied Manu's suggestion

Co-authored-by: Manu Sporny <msporny@digitalbazaar.com>
---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 984e8d6c1..e89bf8b17 100644
--- a/index.html
+++ b/index.html
@@ -3594,7 +3594,7 @@ <h3>Evidence</h3>
 machine-verifiable mathematical proofs related to the authenticity of the
 [=issuer=] and integrity of the [=verifiable credential=]. For more
 information about securing mechanisms, see Section
-<a href="#proofs-signatures"></a>.
+<a href="#securing-mechanisms"></a>.
         </p>
 
       </section>

From a2e1bfd81aba56defee5a3bbe224ec50881a4760 Mon Sep 17 00:00:00 2001
From: "Michael B. Jones" <michael_b_jones@hotmail.com>
Date: Fri, 12 Jan 2024 13:09:19 -0800
Subject: [PATCH 11/14] Applied Ivan's suggestion

---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index e89bf8b17..6e1ae1221 100644
--- a/index.html
+++ b/index.html
@@ -2321,7 +2321,7 @@ <h3>Presentations</h3>
 The example below shows a [=verifiable presentation=]:
         </p>
 
-        <pre class="example nohighlight" title="Basic structure of a presentation secured with Data Integrity">
+        <pre class="example nohighlight" title="Basic structure of a presentation">
 {
   "@context": [
     "https://www.w3.org/ns/credentials/v2",

From 1dc53197cf96dc30551378ffacc0d474ad8ea5ab Mon Sep 17 00:00:00 2001
From: "Michael B. Jones" <michael_b_jones@hotmail.com>
Date: Fri, 12 Jan 2024 13:11:22 -0800
Subject: [PATCH 12/14] Applied Manu's suggestion

Co-authored-by: Manu Sporny <msporny@digitalbazaar.com>
---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 6e1ae1221..82e5352b7 100644
--- a/index.html
+++ b/index.html
@@ -4984,7 +4984,7 @@ <h3>Signature-Based Correlation</h3>
 
         <p>
 The contents of a [=credential=] are secured using a securing mechanism.
-Values used to represent the securing method
+Values used to represent the securing mechanism
 create a greater risk of correlation when the same values are used across more
 than one session or domain and the value does not change.
         </p>

From c52fd5304c70241f9ddc4f26b8b44630b85753e9 Mon Sep 17 00:00:00 2001
From: "Michael B. Jones" <michael_b_jones@hotmail.com>
Date: Fri, 12 Jan 2024 13:14:41 -0800
Subject: [PATCH 13/14] Applied Manu's suggestion to delete controller DT

---
 index.html | 1 -
 1 file changed, 1 deletion(-)

diff --git a/index.html b/index.html
index 82e5352b7..64645750a 100644
--- a/index.html
+++ b/index.html
@@ -4044,7 +4044,6 @@ <h3>Securing Mechanism Specifications</h3>
           <dd>
 A media type as defined in [[RFC6838]].
           </dd>
-          <dt>[=string=] |controller|</dt>
         </dl>
 
         <p class="issue atrisk"

From 7e1e1c80dcd25600fdef0b7f62b8f3ec1f0501f2 Mon Sep 17 00:00:00 2001
From: "Michael B. Jones" <michael_b_jones@hotmail.com>
Date: Fri, 12 Jan 2024 13:15:55 -0800
Subject: [PATCH 14/14] Applied Manu's suggestion

Co-authored-by: Manu Sporny <msporny@digitalbazaar.com>
---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 64645750a..aef86b14f 100644
--- a/index.html
+++ b/index.html
@@ -2834,7 +2834,7 @@ <h3>Trust Model</h3>
 it received. To establish this trust, a [=credential=] is expected to either:
             <ul>
               <li>
-Secure the [=credential=] with a <a href="#proofs-signatures">proof</a> establishing that the
+Secure the [=credential=] with a <a href="#securing-mechanisms">securing mechanism</a> establishing that the
 [=issuer=] generated the [=credential=] (that is, it is a
 [=verifiable credential=]), or
               </li>