HomeComparison

Format Comparison

Side-by-side comparison of W3C VCDM 2.0 and ISO mDOC formats, helping you choose the right format for your use case.

Architecture Overview

Both formats achieve similar goals through different technical approaches.

Detailed Comparison

AspectW3C VCDM 2.0ISO mDOCNotes
EncodingJSON / JSON-LD (text)CBOR (binary)CBOR is ~30-50% smaller, faster to parse on constrained devices
Signature FormatJWT (JOSE), SD-JWT, or Data IntegrityCOSE (CBOR equivalent of JOSE)Both support similar algorithms (ES256, EdDSA, etc.)
Selective DisclosureSD-JWT (hash-based) or BBS+ (ZKP)Salted hashes in MSOBoth achieve similar privacy; SD-JWT and mDOC use similar hash approach
Trust ModelDIDs, Web PKI, or customX.509 PKI with IACA hierarchymDOC designed for government use; VCDM more flexible
Device BindingOptional (cnf claim, holder proof in VP)Built-in (deviceKey in MSO)mDOC requires device auth for every presentation
Identifier TypeDIDs, URLs, URIsX.509 certificates, binary identifiersVCDM more web-native; mDOC more traditional PKI
MetadataJSON-LD @context for semanticsFixed namespaces (org.iso.18013.5.1)VCDM extensible; mDOC standardized per use case
Presentation ProtocolOID4VP, DIF Presentation ExchangeISO 18013-5 (proximity), ISO 18013-7 (online)Both converging on OID4VP for online scenarios
Primary Use CasesEmployment, education, memberships, generalGovernment ID, driver's license, travel docsmDOC optimized for high-assurance government credentials

Selective Disclosure Approaches

SD-JWT (VCDM)

Claims replaced with hash digests in JWT. Original values sent as separate disclosures. 

// JWT contains:
"_sd": ["hash1", "hash2", "hash3"]

// Disclosures (separate):
~WyJzYWx0IiwgImdpdmVuX25hbWUiLCAiQWxpY2UiXQ
~WyJzYWx0IiwgImZhbWlseV9uYW1lIiwgIlNtaXRoIl0
  • Holder selects which disclosures to include
  • Verifier can only see disclosed claims
  • Issuer signature covers all hashes
mDOC MSO

Each claim wrapped in IssuerSignedItem with random salt. MSO contains only hashes. 

// MSO valueDigests:
{
  0: h'sha256(IssuerSignedItem0)',
  1: h'sha256(IssuerSignedItem1)',
  2: h'sha256(IssuerSignedItem2)'
}

// Presentation includes only selected items
  • Holder includes only needed IssuerSignedItems
  • Verifier hashes and matches against MSO
  • Issuer signature covers MSO with all hashes
Same Privacy Properties
Both approaches provide equivalent privacy: undisclosed claims cannot be recovered from the hashes, and the issuer's signature still validates the disclosed claims.

Use Case Recommendations

The right choice depends on your specific requirements, ecosystem, and regulatory context.

Mobile Driver's License

mDOC

ISO 18013-5 specifically designed for mDL with proximity protocols, device binding, and government trust infrastructure

National ID / Travel Document

mDOC

ISO 23220 extends mDOC for general government documents with established PKI trust chains

University Degree / Diploma

W3C VCDM

Semantic richness of JSON-LD, flexibility in issuer identification, web-native verification

Employment Credential

W3C VCDM

Multiple claim types, easy integration with HR systems, DIDs for organization identification

Age Verification

Either

Both support derived claims (age_over_18). mDOC for government-backed, VCDM for general

Healthcare Credential

Either

Depends on regulation. US may lean VCDM (SMART Health Cards), EU may prefer mDOC alignment

Event Ticket / Membership

W3C VCDM

Lower assurance needs, easy issuer setup, JWT compatibility with existing systems

Professional License

W3C VCDM or mDOC

Depends on jurisdiction and whether government-backed verification is required

Interoperability via OpenID4VCI

OpenID4VCI serves as a common issuance protocol for both formats, enabling wallet developers to support multiple credential types with a unified approach.

Same Protocol

Authorization flows, token exchange, and proof of possession work identically for both formats.

Format in Metadata

Issuer declares supported formats in metadata. Wallet chooses based on capabilities.

Proof Types

JWT proofs for VCDM, CWT proofs for mDOC. Same key binding principles.

Multi-Format Wallet Strategy

  1. 1. Fetch issuer metadata to discover supported formats
  2. 2. Select credential configuration matching wallet capabilities
  3. 3. Use appropriate proof type (JWT or CWT) based on format
  4. 4. Store credential with format-specific handler

Decision Framework

Choose W3C VCDM When...

  • Building web-native applications
  • Need semantic interoperability (JSON-LD)
  • Using DID-based identity
  • Issuer flexibility is important
  • Non-government use cases
  • Need BBS+ for advanced ZKP

Choose ISO mDOC When...

  • Government-issued credentials
  • Need offline verification
  • Proximity presentation (NFC, BLE)
  • Existing X.509 PKI infrastructure
  • Constrained device environments
  • Regulatory requirement for ISO

Security Comparison

Both formats provide strong security but have different attack surfaces and considerations.

W3C VCDM Attack Surface

ISO mDOC Attack Surface

Security AspectW3C VCDMISO mDOC
Cryptographic AgilityHigh - supports many algorithmsLimited - specific cipher suites
Offline VerificationPossible with cached DIDsNative support with pre-loaded IACAs
Holder AuthenticationOptional (cnf claim, VP proof)Mandatory (deviceAuth)
Post-Quantum ReadinessExtensible via new cryptosuitesRequires standard updates
Proof of Possession Back to Overview