verificationMethod

verificationMethod is the DID-document field that lists public keys the DID controls. Each entry has an id (the DID plus a fragment, like did:web:learncoin.me#tenant-ewance), a type (EcdsaSecp256k1VerificationKey2019, Ed25519VerificationKey2020, etc.), a controller (the DID that authoritatively controls this key), and the key material itself (typically publicKeyJwk).

In LearnCoin, each tenant has its own verificationMethod fragment inside the single LearnCoin DID document. That means credential signatures can be traced to a specific tenant's key without the DID itself fragmenting. Compromise of one tenant's key does not compromise another tenant's credentials.

A credential's proof.verificationMethod points at a specific fragment. A verifier resolves the DID, finds the fragment, and uses the declared public key to check the signature. If the DID document changes (for example, a key rotation), old credentials still verify against whatever fragment they referenced at issuance time, as long as the fragment isn't removed.