Fix description of deviceauth_alg_values for mdoc + add examples (#650)

Merging now we have all the reviews as per agreement on yesterday's WG call. Thanks to Tobias for doing all the work!

* Grammar fixes to sentence about deviceauth_alg_values for mdoc

As per Oliver's suggestion on the issue

closes #644

* updates to PR

* Update openid-4-verifiable-presentations-1_0.md

Co-authored-by: Christian Bormann <8774236+c2bo@users.noreply.github.com>

* Apply MikeJ's suggestions

Co-authored-by: Michael B. Jones <michael_b_jones@hotmail.com>

---------

Co-authored-by: Tobias Looker <tobias.looker@mattr.global>
Co-authored-by: Tobias Looker <tplooker@gmail.com>
Co-authored-by: Christian Bormann <8774236+c2bo@users.noreply.github.com>
Co-authored-by: Michael B. Jones <michael_b_jones@hotmail.com>

Author: 4 people

openid-4-verifiable-presentations-1_0.md

@@ -2751,23 +2751,41 @@ Some document types support some transaction data ((#transaction_data)) to be pr
 The `vp_formats_supported` parameter of the Verifier metadata or Wallet metadata MUST have the Credential Format Identifier as a key, and the value MUST be an object consisting of the following name/value pairs:
 
 * `issuerauth_alg_values`: OPTIONAL. A non-empty array containing cryptographic algorithm identifiers. The Credential MUST be considered to fulfill the requirement(s) expressed in this parameter if one of the following is true: 1) The value in the array matches the 'alg' value in the IssuerAuth COSE header. 2) The value in the array is a fully specified algorithm according to [@!I-D.ietf-jose-fully-specified-algorithms] and the combination of the `alg` value in the `IssuerAuth` COSE header and the curve used by the signing key of the COSE structure matches the combination of the algorithm and curve identified by the fully specified algorithm. As an example, if the `IssuerAuth` structure contains an `alg` header with value `-7` (which stands for ECDSA with SHA-256 in [@IANA.COSE]) and is signed by a P-256 key, then it matches an `issuerauth_alg_values` element of `-7` and `-9` (which stands for ECDSA using P-256 curve and SHA-256 in [@!I-D.ietf-jose-fully-specified-algorithms]).
-* `deviceauth_alg_values`: OPTIONAL. A non-empty array containing cryptographic algorithm identifiers. The Credential MUST be considered to fulfill requirement(s) expressed in this parameter if one of the following is true: 1) The value in the array matches the 'alg' value in the `DeviceSignature` or `DeviceMac` COSE header. 2) The value in the array is a fully specified algorithm according to [@!I-D.ietf-jose-fully-specified-algorithms] and the combination of the `alg` value in the `DeviceSignature` COSE header and the curve used by the signing key of the COSE structure matches the combination of the algorithm and curve identified by the fully specified algorithm. 3) The value in the array is the `alg` of the `DeviceMac` COSE header is `HMAC 256/256` (as described in Section 9.1.3.5 of [@ISO.18013-5]) and the curve of the device key (from Table 22 of [@ISO.18013-5]) matches one of the values defined in the following table:
+* `deviceauth_alg_values`: OPTIONAL. A non-empty array containing cryptographic algorithm identifiers. The Credential MUST be considered to fulfill the requirement(s) expressed in this parameter if one of the following is true: 1) The value in the array matches the 'alg' value in the `DeviceSignature` or `DeviceMac` COSE header. 2) The value in the array is a fully-specified algorithm according to [@!I-D.ietf-jose-fully-specified-algorithms] and the combination of the `alg` value in the `DeviceSignature` COSE header and the curve used by the signing key of the COSE structure matches the combination of the algorithm and curve identified by the fully-specified algorithm. 3) The `alg` of the `DeviceMac` COSE header is `HMAC 256/256` (as described in Section 9.1.3.5 of [@ISO.18013-5]) and the curve of the device key (from Table 22 of [@ISO.18013-5]) matches a value in the array using the identifiers defined in the following table:
 
-| Curve Name | Value |
+| Algorithm Name | Algorithm Value |
 |:--- |:--- |
-| Curve P-256 | -65537 |
-| Curve P-384 | -65538 |
-| Curve P-521 | -65539 |
-| X25519 | -65540 |
-| X448 | -65541 |
-| brainpoolP256r1 | -65542 |
-| brainpoolP320r1 | -65543 |
-| brainpoolP384r1 | -65544 |
-| brainpoolP512r1 | -65545 |
+| HMAC 256/256 using ECDH with Curve P-256 | -65537 |
+| HMAC 256/256 using ECDH with Curve P-384 | -65538 |
+| HMAC 256/256 using ECDH with Curve P-521 | -65539 |
+| HMAC 256/256 using ECDH with X25519 | -65540 |
+| HMAC 256/256 using ECDH with X448 | -65541 |
+| HMAC 256/256 using ECDH with brainpoolP256r1 | -65542 |
+| HMAC 256/256 using ECDH with brainpoolP320r1 | -65543 |
+| HMAC 256/256 using ECDH with brainpoolP384r1 | -65544 |
+| HMAC 256/256 using ECDH with brainpoolP512r1 | -65545 |
 Table: Mapping of curves to `alg` identifiers used for the `HMAC 256/256` case
 
 Note: These are specified in OpenID4VP only for private use in this parameter in this specification, and might be superseded by a future registration in IANA.
 
+For clarity, the following is a couple of non-normative examples of the `deviceauth_alg_values` parameter
+
+The example below indicates the verifier supports DeviceMac with HMAC 256/256, where the MAC key is established via ECDH using keys on the P-256 curve as per Section 9.1.3.5 of [@ISO.18013-5].
+
+```json
+{
+  "deviceauth_alg_values": [ -65537 ]
+}
+```
+
+The example below indicates the verifier supports DeviceMac with HMAC 256/256, where the MAC key is established via ECDH using keys on the P-256 curve as per Section 9.1.3.5 of [@ISO.18013-5], and DeviceSignature using ECDSA with the P-256 curve.
+
+```json
+{
+  "deviceauth_alg_values": [ -65537, -9 ]
+}
+```
+
 The following is a non-normative example of `client_metadata` request parameter value in a request to present an ISO/IEC 18013-5 mDOC.
 
 <{{examples/client_metadata/mso_mdoc_verifier_metadata.json}}