I think the MVP / Separation of Concerns model is consistent with this thread.
- Alice can self-host a hub as well as an authorization server.
- Any hub, no matter who hosts it can authenticate Alice with her DID, true to SSI principles.
- Any RqP / Bob or Carol can bring a capability to any hub. That capability might be in the form of a Verifiable Presentation.
- How Alice’s DID or Bob’s VP are managed are transported to the hub is a SHOULD, not a MUST.