Prevent collisions when people extend IAE interaction types

[jogu]

The "type" field defined here https://openid.github.io/OpenID4VCI/openid-4-verifiable-credential-issuance-1_1-wg-draft.html#section-6.2.1 we expect people to define extra values potentially custom to ecosystems.

We probably need to document an approach for avoiding collisions.

One approach would be an IANA registry (though OIDF specs cannot create IANA registries). Another approach would be saying that non-OIDF definitions should use a urn format that presents collisions, e.g. incorporating a reverse domain name.

[Sakurann]

WG discussion:

• there most likely will be a lot of extensions to the type field, so would be beneficial to have type value structured. apply to existing values openid4vp and redirect-to-web too

[gffletch]

Just adding some existing references that discuss collision-resistant naming...

OpenID Connect - Section 5.1.2

“When using such Claims, it is RECOMMENDED that collision-resistant names be used for the Claim Names, as described in the JSON Web Token (JWT) [JWT] specification.”

JSON Web Token Spec - Section 2

Collision-Resistant Name
A name in a namespace that enables names to be allocated in a
manner such that they are highly unlikely to collide with other
names. Examples of collision-resistant namespaces include: Domain
Names, Object Identifiers (OIDs) as defined in the ITU-T X.660 and
X.670 Recommendation series, and Universally Unique IDentifiers
(UUIDs) [RFC4122]. When using an administratively delegated
namespace, the definer of a name needs to take reasonable
precautions to ensure they are in control of the portion of the
namespace they use to define the name.