- From: Liam R. E. Quin <liam@w3.org>
- Date: Tue, 16 Jan 2007 21:42:17 -0500
- To: ietf-types@iana.org
- Cc: ietf-xml-mime@imc.org, public-qt-comments@w3.org
Last April I posted to these lists a draft for the media
type registrations for interchange of XQuery expressions,
XQueryX expressions and XSLT stylesheets.
There were some issues raised, which we hope we have
resolved:
(1) That each registration should mention the URI of the
corresponding document, so that it stands alone as well
as an appendix to the corresponding document; this has
been done.
(2) That the security sections (particularly for XQuery) be
expanded. They have been expanded in XQuery and XQueryX
based on the results of implementation experience.
We are using Bugzilla to track comments on these documents;
however, at this stage in the W3C Process, any changes will
be reflected as errata or (eventually) incorporated into any
new revision and/or future version of the respective documents.
See the individual documents and their "Status of this Document"
sections for further information on using Bugzilla to comment
on them, or respond to this message.
- Liam Quin (W3C staff participant for the XML Query Working Group,
and also XML Activity Lead)
In accordance with the Media Type Specifications and
Registration Procedures [1], and on behalf of the W3C XML Query
Working Group [2], I hereby give notice that W3C has published
two specifications at the stage "Last Call Working Draft" which
each incorporate definitions of a standards-tree MIME media type,
as allowed for in section 3.1 of [1], and request comments on
these definitions.
The types and subtypes are
application/xquery
defined in "XQuery 1.0: An XML Query Language" [3]
optional parameter: charset
application/xquery+xml
defined in "XML Syntax for XQuery 1.0 (XQueryX)" [4]
optional parameter: charset
**** Registration for application/xquery also at [3]
I The application/xquery Media Type
-----------------------------------
This Appendix specifies the media type for XQuery Version 1.0. XQuery is
a language for querying over collections of data from XML data sources,
as specified in the main body of this document.
This media type is being submitted to the IESG (Internet Engineering
Steering Group) for review, approval, and registration with IANA
(Internet Assigned Numbers Authority.)
1 Introduction
----------------
This document, found at http://www.w3.org/TR/xquery/ together with its
normative references, defines the language XQuery Version 1.0.
This Appendix provides information about the application/xquery media
type, which is intended to be used for transmitting queries written
in the XQuery language.
This document was prepared by members of the W3C XML Query Working
Group. Please send comments to public-qt-comments [at] w3.org, a public
mailing list with archives at
http://lists.w3.org/Archives/Public/public-qt-comments.
2 Registration of MIME Media Type application/xquery
------------------------------------------------------
MIME media type name: application
MIME subtype name: xquery
Required parameters: none
Optional parameters: none
The syntax of XQuery is expressed in Unicode but may be written with any
Unicode-compatible character encoding, including UTF-8 or UTF-16, or
transported as US-ASCII or Latin-1 with Unicode characters outside the
range of the given encoding represented using an XML-style ෝ
syntax.
2.1 Interoperability Considerations
None known.
2.2 Published Specification
This media type registration is for XQueryX documents as described
by the XQueryX 1.0 specification, which is located at
http://www.w3.org/TR/xqueryx/">http://www.w3.org/TR/xqueryx/
It is also appropriate to use this media type with later versions
of the XQueryX language.
2.2 Applications Using this Media Type
The public XQuery Web page lists more than two dozen implementations of
the XQuery language, both proprietary and open source. Some of these
are known to support XQueryX.
This new media type is being registered to allow for deployment of
XQueryX on the World Wide Web.
There is no experimental, vendor specific, or personal tree
predecessor to "application/xquery+xml", reflecting the fact
that no applications currently recognize it. This new type is
being registered in order to allow for the expected deployment
of XQueryX 1.0 on the World Wide Web, as a first class XML application.
3 Encoding Considerations
For use with transports that are not 8-bit clean, quoted-printable
encoding is recommended since the XQuery syntax itself uses the
US-ASCII-compatible subset of Unicode.
An XQuery document may contain an encoding declaration as part of its
version declaration:
xquery version "1.0" encoding "utf-8";
4 Recognizing XQuery Files
An XQuery file may have the string xquery version "V.V" near the
beginning of the document, where "V.V" is a version number. Currently
the version number, if present, must be "1.0".
5 Charset Default Rules
XQuery documents use the Unicode character set and, by default, the
UTF-8 encoding.
6 Security Considerations
Queries written in XQuery may cause arbitrary URIs or IRIs to be
dereferenced. Therefore, the security issues of RFC 3987 [Uniform
Resource Locators (URL)] Section 6 should be considered. In addition,
the contents of file: URIs can in some cases be accessed, processed and
returned as results.
XQuery expressions can invoke any of the functions defined in
Functions And Opertors [5]. For example, the
fn:doc() and fn:doc-available() functions allow local filesystem probes
as well as access to any URI-defined resource accessible from the system
evaluating the XQuery expression.
XQuery is a full declarative programming language, and supports
user-defined functions, external function libraries (modules)
referenced by URI, and system-specific "native" functions.
Arbitrary recursion is possible, as is arbitrarily large
memory usage, and implementations may place limits on CPU
and memory usage, as well as restricting access to system-defined
functions.
The XML Query Working group is working on a facility to allow XQuery
expressions to be used to create and update persistent data. Untrusted
queries should not be given write access to data.
Furthermore, because the XQuery language permits extensions,
it is possible that application/xquery may describe content
that has security implications beyond those described here.
**** Registration for application/xquery+xml also at [4]
The application/xquery+xml Media Type
-------------------------------------
This Appendix specifies the media type for XQueryX Version 1.0. XQueryX
is the XML syntax of a language, XQuery, for querying over data from XML
data sources, as specified in [2], XQuery 1.0: An XML Query Language].
1 Introduction
--------------
This document, together with its normative references, defines the XML
syntax for the XML Query language XQuery Version 1.0. This Appendix
specifies the application/xquery+xml media type, which is intended to be
used for transmitting queries expressed in the XQueryX syntax.
This media type is being submitted to the IESG for
review, approval, and registration with IANA.
This document was prepared by members of the W3C XML Query Working
Group. Please send comments to public-qt-comments [at] w3.org, a public
mailing list with archives at
http://lists.w3.org/Archives/Public/public-qt-comments.
2 Registration of MIME Media Type application/xquery+xml
MIME media type name: application
MIME subtype name: xquery+xml
Required parameters: none
Optional parameters: charset
This parameter has identical semantics to the charset parameter
of the application/xml media type as specified in [RFC 3023].
2.1 Encoding Considerations
By virtue of XQueryX content being XML, it has the same considerations
when sent as "application/xquery+xml" as does XML.
See [RFC 3023], section 3.2.
2.2 Fragment Identifiers
For documents labeled as 'application/xquery+xml', fragment identifiers
are handled as specified in RFC 3023.
2.3 Restrictions on usage
The intended usage of this media type is for interchange of XQueryX
expressions.
2.4 Security Considerations
Queries written in XQuery may cause arbitrary URIs or IRIs to be
dereferenced.
Therefore, the security issues of [RFC3987] Section 8 should be
considered.
In addition, the contents of resources identified by file: URIs can in
some cases be accessed, processed and returned as results.
XQuery expressions can invoke any of the functions defined in
XQuery 1.0 and XPath 2.0 Functions and Operators, including
file-exists();
a doc() function also allows local filesystem probes as well as
access to any URI-defined resource accessible from the system
evaluating the XQuery expression.
XQuery is a full declarative programming language, and supports
user-defined functions, external function libraries (modules)
referenced by URI, and system-specific "native" functions.
Arbitrary recursion is possible, as is arbitrarily large
memory usage, and implementations may place limits on CPU and
memory usage, as well as restricting access to system-defined functions.
The XML Query Working group is working on a facility to allow XQuery
expressions to be used to create and update persistent data.
Untrusted queries should not be given write access to data.
Furthermore, because the XQuery language permits extensions, it is
possible that application/xquery may describe content that has security
implications beyond those described here.
2.5 Interoperability Considerations
See Section 5 Conformance.
2.6 Applications That Use This Media Type
The public XQuery Web page lists more than two dozen implementations of
the XQuery language, both proprietary and open source. Some of these are
known to support XQueryX.
This new media type is being registered to allow for deployment of
XQueryX on the World Wide Web.
There is no experimental, vendor specific, or personal tree predecessor
to "application/xquery+xml", reflecting the fact that no applications
currently recognize it. This new type is being registered in order to
allow for the expected deployment of XQueryX 1.0 on the World Wide Web,
as a first class XML application.
2.7 Additional Information
2.7.1 Recognizing XQuery Files ("Magic Numbers")
Although no byte sequences can be counted on to consistently identify
XQueryX, XQueryX documents will have the sequence
"http://www.w3.org/2005/XQueryX" to identify the XQueryX namespace.
This sequence will normally be found in a namespace
attribute of the first element in the document.
2.7.2 File Extensions
The most common file extension in use for XQueryX is .xqx.
2.7.3 Macintosh File Type Code(s)
The appropriate Macintosh file type code is TEXT.
2.8 Person and Email Address to Contact For Further Information
Jim Melton, Oracle Corp., jim.melton [at] oracle.com
2.9 Intended Usage
COMMON
2.10 Author/Change Controller
XQueryX was produced by, and is maintained by, the World Wide Web
Consortium's XML Query Working Group. The W3C has change control over
this specification.
**** Registration for application/xquery+xml also at [4]
Registration of MIME Media Type application/xslt+xml
----------------------------------------------------
MIME media type name: application
MIME subtype name: xslt+xml
Required parameters: None.
Optional parameters: charset
This parameter has identical semantics to the charset parameter of
the application/xml media type as specified in [RFC3023].
Encoding considerations:
By virtue of XSLT content being XML, it has the same considerations
when sent as "application/xslt+xml" as does XML. See RFC 3023, section
3.2.
Security considerations:
Several XSLT instructions may cause arbitrary URIs to be
dereferenced. In this case, the security issues of [RFC3986], section 7,
should be considered.
In addition, because of the extensibility features for XSLT, it is
possible that "application/xslt+xml" may describe content that has
security implications beyond those described here. However, if the
processor follows only the normative semantics of this specification,
this content will be ignored. Only in the case where the processor
recognizes and processes the additional content, or where further
processing of that content is dispatched to other processors, would
security issues potentially arise. And in that case, they would fall
outside the domain of this registration document.
Interoperability considerations:
This specification describes processing semantics that dictate
behavior that must be followed when dealing with, among other things,
unrecognized elements.
Because XSLT is extensible, conformant "application/xslt+xml"
processors can expect that content received is well-formed XML, but it
cannot be guaranteed that the content is valid XSLT or that the
processor will recognize all of the elements and attributes in the
document.
Published specification:
This media type registration is for XSLT stylesheet modules as
described by the XSLT 2.0 specification, which is located at
http://www.w3.org/TR/xslt20/. It is also appropriate to use this media
type with earlier and later versions of the XSLT language.
Applications which use this media type:
Existing XSLT 1.0 stylesheets are most often described using the
unregistered media type "text/xsl".
There is no experimental, vendor specific, or personal tree
predecessor to "application/xslt+xml", reflecting the fact that no
applications currently recognize it. This new type is being registered
in order to allow for the expected deployment of XSLT 2.0 on the World
Wide Web, as a first class XML application.
Additional information:
Magic number(s):
There is no single initial octet sequence that is always present
in XSLT documents.
File extension(s):
XSLT documents are most often identified with the extensions
".xsl" or ".xslt".
Macintosh File Type Code(s):
TEXT
Person & email address to contact for further information:
Norman Walsh, <Norman.Walsh [at] Sun.COM>.
Intended usage:
COMMON
Author/Change controller:
The XSLT specification is a work product of the World Wide Web
Consortium's XSL Working Group. The W3C has change control over
these specifications.
B.2 Fragment Identifiers
For documents labeled as "application/xslt+xml", the fragment identifier
notation is exactly that for "application/xml", as specified in RFC
3023.
-------------------------------------
[1] http://www.ietf.org/internet-drafts/draft-freed-media-type-reg-05.txt
and http://www.w3.org/2002/06/registering-mediatype
[2] http://www.w3.org/XML/Query
[3] http://www.w3.org/TR/2005/WD-xquery-20050404/#id-mime-type
[4] http://www.w3.org/TR/2005/WD-xqueryx-20050404/#xqueryx-id-mime-type
[5] XQuery 1.0 and XPath 2.0 Functions and Operators,
http://www.w3.org/TR/xpath-functions/
[end]
--
Liam Quin, W3C XML Activity Lead, http://www.w3.org/People/Quin/
http://www.holoweb.net/~liam/ * http://www.fromoldbooks.org/
Received on Wednesday, 17 January 2007 02:42:28 UTC