Txn-Token Service Unique keys

[PieterKas]

This text suggests that a trasnactiontoken service may use unique keys, but it is unclear if this means each transaction token is signed with a uunique key, or if the jeys are rotated periodically etc.

The iss claim MUST be used in cases where the signing keys are not predetermined or it is desired that the Txn-Token Service signs with unique keys.

Proposed changes:

Option 1:
The iss claim MUST be used in cases where the signing keys are not predetermined. The iss claim MUST be used when the Txn-Token Service signs each Txn-Token with a unique key."

Option 2:
Don't mention unique keys as we don't really expand on it elsewhere. Since the keys are unique, they are by definition not predetermined.

I am inclined to go with option 2?

@gffletch @tulshi - thoughts?

[gffletch]

I think the second clause was really just intended to be a clarification of the first clause. So I think it's fine to just say that the iss claim MUST be present when the signing keys are not predetermined. If we want to add anything it should probably be something to the effect that the necessary key material MUST be discovered via the normal iss discovery methods.

[PieterKas]

Thanks @gffletch - I will prepare a PR.