- From: Stephan Zednik <zednis@rpi.edu>
- Date: Sat, 23 Feb 2013 16:57:09 -0700
- To: media-types@ietf.org
- Cc: ietf-xml-mime@imc.org, "public-prov-comments@w3.org" <public-prov-comments@w3.org>
link to media type section in editors draft of specification: https://dvcs.w3.org/hg/prov/raw-file/default/xml/prov-xml.html#media-type Type name: application Subtype name: provenance+xml Required parameters: none Optional parameters: charset - this parameter may be required when transferring non-ASCII data across some protocols. Encoding considerations: The syntax of PROV-XML is expressed over code points in Unicode [[!UNICODE]] Security considerations: PROV-XML is an XML language for describing the provenance of things; applications may evaluate given data to dereference URIs, invoking the security considerations of the scheme for that URI. Note in particular, the privacy issues in [[!RFC3023]] section 10 for HTTP URIs. Data obtained from an inaccurate or malicious data source may lead to inaccurate or misleading conclusions, as well as the dereferencing of unintended URIs. Care must be taken to align the trust in consulted resources with the sensitivity of the intended use of the data. PROV-XML can express data which is presented to the user, for example, by means of label attributes. Application rendering strings retrieved from untrusted PROV-N documents must ensure that malignant strings may not be used to mislead the reader. The security considerations in the media type registration for XML ([[!RFC3023]] section 10) provide additional guidance around the expression of arbitrary data and markup. PROV-XML is a language for describing the provenance of things, and therefore a PROV-XML document is metadata for other resources. Untrusted PROV-XML documents may mislead its consumers by indicating that a third-party resource has a reputable lineage, when it has not. Provenance of PROV-XML document should be sought. PROV-XML uses QNames mappable to IRIs as term identifiers. Applications interpreting data expressed in PROV-XML should address the security issues of <a class="norm" href="http://www.ietf.org/rfc/rfc3987.txt">Internationalized Resource Identifiers (IRIs)</a> [[!RFC3987]] Section 8, as well as <a class="norm" href="http://www.ietf.org/rfc/rfc3986.txt">Uniform Resource Identifier (URI): Generic Syntax</a> [[!RFC3986]] Section 7. Multiple IRIs may have the same appearance. Characters in different scripts may look similar (a Cyrillic "о" may appear similar to a Latin "o"). A character followed by combining characters may have the same visual representation as another character (LATIN SMALL LETTER E followed by COMBINING ACUTE ACCENT has the same visual representation as LATIN SMALL LETTER E WITH ACUTE). Any person or application that is writing or interpreting data in PROV-N must take care to use the IRI that matches the intended semantics, and avoid IRIs that make look similar. Further information about matching of similar characters can be found in <a class="inform" href="http://www.unicode.org/reports/tr36/">Unicode Security Considerations</a> [[UNISEC]] and <a class="norm" href="http://www.ietf.org/rfc/rfc3987.txt">Internationalized Resource Identifiers (IRIs)</a> [[!RFC3987]] Section 8. Interoperability considerations: There are no known interoperability issues. Published specification: PROV-XML: The PROV XML Schema, Hua, Tilmes, Zednik (eds), Moreau <a href="http://www.w3.org/TR/prov-xml/">http://www.w3.org/TR/prov-xml/</a>, 2012. Applications which use this media type: It may be used by any application for publishing provenance information. This format is designed to be an XML form of provenance. Additional Information: Magic number(s): PROV-XML documents are XML documents and thus may have initial strings similar to any XML document. File extension(s): .provx Base URI: As in XML. Macintosh file type code(s): "TEXT" Person & email address to contact for further information Ivan Herman, ivan@w3.org Intended usage: COMMON Restrictions on usage: None Author/Change controller: The PROV-XML specification is the product of the World Wide Web Consortium's Provenance Working Group. The W3C has change control over this specification.
Received on Saturday, 23 February 2013 23:57:45 UTC