[media-types] Notice for a potential media type registration: application/td+json
Matthias Kovatsch <w3c@kovatsch.net> Fri, 03 May 2019 09:51 UTC
Return-Path: <w3c@kovatsch.net>
X-Original-To: media-types@ietfa.amsl.com
Delivered-To: media-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E49E1200B8 for <media-types@ietfa.amsl.com>; Fri, 3 May 2019 02:51:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_FAIL=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uOcifgR5KXdu for <media-types@ietfa.amsl.com>; Fri, 3 May 2019 02:51:48 -0700 (PDT)
Received: from pechora1.lax.icann.org (pechora1.icann.org [IPv6:2620:0:2d0:201::1:71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0D1312006D for <media-types@ietf.org>; Fri, 3 May 2019 02:51:48 -0700 (PDT)
Received: from ma03-relay.lansolnet.com (ma03-relay.lansolnet.com [176.95.46.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pechora1.lax.icann.org (Postfix) with ESMTPS id E5B8C1E0100 for <media-types@iana.org>; Fri, 3 May 2019 09:51:47 +0000 (UTC)
Received: from unknown ([192.168.8.237]) by ma03-relay.lansolnet.com; Fri, 03 May 2019 11:51:26 +0200
Received: from MBX100D.cloud4partner.com (192.168.8.236) by MBX100E.cloud4partner.com (192.168.8.237) with Microsoft SMTP Server (TLS) id 15.0.1156.6; Fri, 3 May 2019 11:51:25 +0200
Received: from MBX100D.cloud4partner.com ([fe80::1438:a47a:e7b7:aed8]) by MBX100D.cloud4partner.com ([fe80::1438:a47a:e7b7:aed8%18]) with mapi id 15.00.1156.000; Fri, 3 May 2019 11:51:25 +0200
From: Matthias Kovatsch <w3c@kovatsch.net>
To: "media-types@iana.org" <media-types@iana.org>
Thread-Topic: Notice for a potential media type registration: application/td+json
Thread-Index: AdUBjvDgPXIk9DLnTCumvM9fM/S++gABoANAAAAR7oA=
Date: Fri, 03 May 2019 09:51:25 +0000
Message-ID: <c6f6897e3b58441aaf5dfd83c1668e63@MBX100D.cloud4partner.com>
References: <bef5f77d59484b78a5cdc4caab167ee2@MBX100D.cloud4partner.com> <fadb0a6df97c4f8c9eb722f7104b5741@MBX100D.cloud4partner.com>
In-Reply-To: <fadb0a6df97c4f8c9eb722f7104b5741@MBX100D.cloud4partner.com>
Accept-Language: en-US, de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.168.8.246]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-cloud-security-sender: w3c@kovatsch.net
X-cloud-security-recipient: media-types@iana.org
X-cloud-security-Virusscan: CLEAN
X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on ma03-relay.lansolnet.com with D284C1A6052C
X-cloud-security-connect: unknown[192.168.8.237], TLS=1, IP=192.168.8.237
X-cloud-security: scantime:.1559
Archived-At: <https://mailarchive.ietf.org/arch/msg/media-types/2YAycXGB9a_HGteOsZ70EyeJSqE>
Subject: [media-types] Notice for a potential media type registration: application/td+json
X-BeenThere: media-types@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IANA mailing list for reviewing Media Type \(MIME Type, Content Type\) registration requests." <media-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/media-types>, <mailto:media-types-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/media-types/>
List-Post: <mailto:media-types@ietf.org>
List-Help: <mailto:media-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/media-types>, <mailto:media-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 May 2019 09:51:51 -0000
Dear IANA The Web of Things WG at W3C is getting ready to transition to Candidate Recommendation for the WoT Thing Description specification: https://w3c.github.io/wot-thing-description Section 10 (https://w3c.github.io/wot-thing-description/#iana-section) intents to register "application/td+json" as well as a CoAP Content-Format ID (256-9999 range with IETF Review or IESG Approval). Could you please provide a Preliminary Community Review based on the Registration Template, also attached below for convenience? Thank you and best wishes, Matthias ---------------------- Type name: application Subtype name: td+json Required parameters: None Optional parameters: None Encoding considerations: See RFC 6839, section 3.1. Security considerations: See RFC 8259. Since WoT Thing Description is intended to be a pure data exchange format for Thing metadata, the serialization SHOULD NOT be passed through a code execution mechanism such as JavaScript's eval() function to be parsed. An (invalid) document may contain code that, when executed, could lead to unexpected side effects compromising the security of a system. WoT Thing Descriptions can be evaluated with a JSON-LD 1.1 processor, which typically follows links to remote contexts (i.e., TD context extensions, see § 6.3 Context Extension) automatically, resulting in the transfer of files without the explicit request of the Consumer for each one. If remote contexts are served by third parties, it may allow them to gather usage patterns or similar information leading to privacy concerns. While implementations on resource-constrained devices are expected to perform raw JSON processing (as opposed to JSON-LD processing), implementations in general SHOULD statically cache vetted versions of their supported context extensions and not to follow links to remote contexts. Supported context extensions can be managed through a secure software update mechanism instead. Context Extensions (see § 6.3 Context Extension) that are loaded from the Web over non-secure connections, such as HTTP, run the risk of being altered by an attacker such that they may modify the TD Information Model in a way that could compromise security. For this reason, Consumer again SHOULD vet and cache remote contexts before allowing the system to use it. Given that JSON-LD processing usually includes the substitution of long IRIs with short terms, WoT Thing Descriptions may expand considerably when processed using a JSON-LD 1.1 processor and, in the worst case, the resulting data might consume all of the recipient's resources. Consumers SHOULD treat any TD metadata with due skepticism. Interoperability considerations: See RFC 8259. Rules for processing both conforming and non-conforming content are defined in this specification. Published specification: https://w3c.github.io/wot-thing-description Applications that use this media type: All participating entities in the W3C Web of Things, that is, Things, Consumers, and Intermediaries as defined in the Web of Things (WoT) Architecture. Fragment identifier considerations: See RFC 6839, section 3.1 Additional information: Magic number(s): Not Applicable File extension(s): .jsontd Macintosh file type code(s): TEXT Person & email address to contact for further information: Matthias Kovatsch <w3c@kovatsch.net> Intended usage: COMMON Restrictions on usage: None Author(s): The WoT Thing Description specification is a product of the Web of Things Working Group. Change controller: W3C Provisional registration? (standards tree only): No
- [media-types] Notice for a potential media type r… Matthias Kovatsch