- From: Graham Klyne <graham.klyne@zoo.ox.ac.uk>
- Date: Mon, 25 Feb 2013 11:36:42 +0000
- To: Stephan Zednik <zednis@rpi.edu>
- CC: W3C provenance WG <public-prov-wg@w3.org>
[Resending, as I'm not sure if the original message got through] Stephan, You might like to look at the encoding considerations in the various registrations in http://www.rfc-editor.org/rfc/rfc3023.txt #g. Stephan Zednik <zednis@rpi.edu> wrote: >link to media type section in editors draft of specification: >https://dvcs.w3.org/hg/prov/raw-file/default/xml/prov-xml.html#media-type > >Type name: >application > >Subtype name: >provenance+xml > >Required parameters: >none > >Optional parameters: >charset - this parameter may be required when transferring non-ASCII >data across some protocols. > >Encoding considerations: >The syntax of PROV-XML is expressed over code points in Unicode >[[!UNICODE]] > >Security considerations: >PROV-XML is an XML language for describing the provenance of things; >applications may evaluate given data to dereference URIs, invoking the >security considerations of the scheme for that URI. Note in particular, >the privacy issues in [[!RFC3023]] section 10 for HTTP URIs. Data >obtained from an inaccurate or malicious data source may lead to >inaccurate or misleading conclusions, as well as the dereferencing of >unintended URIs. Care must be taken to align the trust in consulted >resources with the sensitivity of the intended use of the data. > >PROV-XML can express data which is presented to the user, for example, >by means of label attributes. Application rendering strings retrieved >from untrusted PROV-N documents must ensure that malignant strings may >not be used to mislead the reader. The security considerations in the >media type registration for XML ([[!RFC3023]] section 10) provide >additional guidance around the expression of arbitrary data and markup. > >PROV-XML is a language for describing the provenance of things, and >therefore a PROV-XML document is metadata for other resources. >Untrusted PROV-XML documents may mislead its consumers by indicating >that a third-party resource has a reputable lineage, when it has not. >Provenance of PROV-XML document should be sought. > >PROV-XML uses QNames mappable to IRIs as term identifiers. Applications >interpreting data expressed in PROV-XML should address the security >issues of <a class="norm" >href="http://www.ietf.org/rfc/rfc3987.txt">Internationalized Resource >Identifiers (IRIs)</a> [[!RFC3987]] Section 8, as well as <a >class="norm" href="http://www.ietf.org/rfc/rfc3986.txt">Uniform >Resource Identifier (URI): Generic Syntax</a> [[!RFC3986]] Section 7. >Multiple IRIs may have the same appearance. Characters in different >scripts may look similar (a Cyrillic "о" may appear >similar to a Latin "o"). A character followed by combining >characters may have the same visual representation as another character >(LATIN SMALL LETTER E followed by COMBINING ACUTE ACCENT has the same >visual representation as LATIN SMALL LETTER E WITH ACUTE). Any person >or application that is writing or interpreting data in PROV-N must take >care to use the IRI that matches the intended semantics, and avoid IRIs >that make look similar. Further information about matching of similar >characters can be found in <a class="inform" >href="http://www.unicode.org/reports/tr36/">Unicode Security >Considerations</a> [[UNISEC]] and <a class="norm" >href="http://www.ietf.org/rfc/rfc3987.txt">Internationalized Resource >Identifiers (IRIs)</a> [[!RFC3987]] Section 8. > >Interoperability considerations: >There are no known interoperability issues. > >Published specification: >PROV-XML: The PROV XML Schema, Hua, Tilmes, Zednik (eds), Moreau <a >href="http://www.w3.org/TR/prov-xml/">http://www.w3.org/TR/prov-xml/</a>, >2012. > >Applications which use this media type: >It may be used by any application for publishing provenance >information. This format is designed to be an XML form of provenance. > >Additional Information: > > Magic number(s): > PROV-XML documents are XML documents and thus may have initial strings >similar to any XML document. > > File extension(s): > .provx > > Base URI: > As in XML. > > Macintosh file type code(s): > "TEXT" > >Person & email address to contact for further information >Ivan Herman, ivan@w3.org > >Intended usage: >COMMON > >Restrictions on usage: >None > >Author/Change controller: >The PROV-XML specification is the product of the World Wide Web >Consortium's Provenance Working Group. The W3C has change control over >this specification. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Received on Monday, 25 February 2013 11:44:37 UTC