Why for the mdoc cbor the format identifier is mso_mdoc?

[peppelinux]

In the current specs the format identifier for mdoc cbor is configured with mso_cbor.

actually MSO is a Cose Sign1 Document and the digital credential is an entire mdoc cbor with a MSO contained in it, according to the model defined in ISO 18013-5

since that we're dealing with many breaking changes for the first I-D, I'm wondering if this is the good moment to take a decision on this.

the digital credential format identifier for mdoc cbor should be set to mdoc_cbor.

[Sakurann]

we wanted parity with original credential format identifiers jwt_vc and ldp_vc, where the structure was <how credential is signed>_<credential format>. in the case of mdocs, MSO is the issuer-signed part and mdoc was the credential format, so it became mso_mdoc. (cc @awoie) same for ldp_vc, where ldp is an attached signature, similar to MSO.

_json was added to jwt_vc_json to differentiate from jwt_vc_json-ld, so I am hesitant to do vc+sd-jwt_json and ldp_vc_json-ld and mso_mdoc_cbor...

[Sakurann]

but this comment made me think if vc+sd-jwt format identifier we took from the media type that sd-jwt vc spec registers is consistent with the rest. maybe its not and its ok. cc @danielfett @bc-pi @tlodderstedt @awoie

[bc-pi]

I guess it's not entirely consistent but the structure seems like just a semi-convention so maybe it's fine?

[peppelinux]

Materially, the content is mdoc_cbor, but we refer to it as if it were mso_cbor. It's a semantic issue. I'm concerned about having incorrect semantics in ID1 and then facing a breaking change in the future if it's decided to correct this aspect bringing the right semantic

[Sakurann]

I don't think there is right semantic here. I would be pretty opposed having _cbor in the format name. and because every single format identifier seems to have "how it is signed (jwt, sd-jwt, mso)" and "format name (vc, mdoc), I personally don't think these are the most terrible identifiers.

[Sakurann]

let us know if there are still concerns, otherwise would close in a week.

[peppelinux]

I advocated for the bravery required to resist compromises, despite the clear semantic inaccuracies in these identifiers. Words carry meanings. Semi-conventions or assumptions about the implicit meaning gathering from the parts that are signed versus what constitutes a digital credential in its entirety, still sounds weak to me. These are elusive methods, which I justify recognizing their practical nature, but we know that these are errors. We understand its history, and it falls upon us to narrate its origin to future generations that will approach these technologies and find these semantic errors.

[peppelinux]

or, to avoid abandoning the discussion in an uncomfortable sense of despondency (!) WDYT about adding clarity to the "Appendix A. Credential Format Profiles" section by proposing a rationale for the creation of credential identifiers. The suggested pattern <how credential is signed><credential format> aims to offer a systematic approach to naming, with an openness to future applicability and adjustments, providing a foundation for evolving discussions on credential identifiers.

come on, optimism.

[Sakurann]

discussed during the WG call - discussed to add a short text on naming guidance for new formats. general guidance to use media types (like for vcdm 2.0 probably #194) and add a note next to mso_mdoc describing why it is mso_mdoc.