I am working on a new revision of FEP-8b32:
https://codeberg.org/fediverse/fep/pulls/527
There are many editorial changes, such as replacing Controller Documents with Controlled Identifiers, new implementation (apsig), and one new requirement:
>The identifier of the verification method MUST have the same origin as the identifier of the secured document, or have a different origin, but with an established cross-origin trust relationship to the identifier of the secured document.
This is related to today's FEP-fe34 update and should cover all possible uses of integrity proofs, including regular objects signed with DID keys, and portable objects (FEP-ef61). I expect that all existing implementations of FEP-8b32 already meet this new requirement, but if not, please let me know. I'll keep this PR open / WIP for a couple of days.