AuthorizationCredential: "subjectDID"

[llorllale]

Does the subject have to be a DID?

This field is supposed to hold an identifier - nothing more.

• It doesn't need service endpoints because none of the parties involved will be communicating with this identifier.
• Creating keys for each of these new identifiers adds extra burden on their creator

I suggest we rename this to "subject" and remove any constraints on it being a DID.