Consider changing bom-ref to bom-id in 2.0

[stevespringett]

Discussed in https://github.com/CycloneDX/specification/discussions/671

^{Originally posted by andreas-hilti August 10, 2025} I'm wondering about the identifier "bom-ref": shouldn't this rather be called "bom-id"?

If you look at the description https://cyclonedx.org/docs/1.6/json/#components_items_bom-ref

An optional identifier which can be used to reference the component elsewhere in the BOM.

For me, the component has an identifier (which I'd rather call "bom-id"), and this bom-id is then referenced in other places, e.g. in dependencies https://cyclonedx.org/docs/1.6/json/#dependencies_items_ref

References a component or service by its bom-ref attribute

which should rather be:

References a component or service by its bom identifier attribute (bom-id)

Only where it is used/referenced, this is actually a reference.

Could this be considered for CycloneDX 2.0? For me, the main benefit would be clarity and alignment with standard usage of the term "reference".