IETF Logo Mail Archive

Re: [media-types] Notice for a potential media type registration: application/td+json

"Paul Libbrecht" <paul@hoplahup.net> Wed, 12 June 2019 21:28 UTC

Return-Path: <paul@hoplahup.net>
X-Original-To: media-types@ietfa.amsl.com
Delivered-To: media-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7E8F120181 for <media-types@ietfa.amsl.com>; Wed, 12 Jun 2019 14:28:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dqnkCqK_OV_g for <media-types@ietfa.amsl.com>; Wed, 12 Jun 2019 14:28:03 -0700 (PDT)
Received: from pechora6.dc.icann.org (pechora6.icann.org [192.0.46.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F7A312014E for <media-types@ietf.org>; Wed, 12 Jun 2019 14:28:03 -0700 (PDT)
Received: from 7.mo179.mail-out.ovh.net (7.mo179.mail-out.ovh.net [46.105.61.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pechora6.dc.icann.org (Postfix) with ESMTPS id 30D121E016A for <media-types@iana.org>; Wed, 12 Jun 2019 21:28:02 +0000 (UTC)
Received: from player791.ha.ovh.net (unknown [10.108.35.223]) by mo179.mail-out.ovh.net (Postfix) with ESMTP id C953A135D00 for <media-types@iana.org>; Wed, 12 Jun 2019 23:27:40 +0200 (CEST)
Received: from hoplahup.net (p5DC6F6F5.dip0.t-ipconnect.de [93.198.246.245]) (Authenticated sender: paul@hoplahup.net) by player791.ha.ovh.net (Postfix) with ESMTPSA id 3E8EB6A950AF; Wed, 12 Jun 2019 21:27:39 +0000 (UTC)
From: Paul Libbrecht <paul@hoplahup.net>
To: Matthias Kovatsch <w3c@kovatsch.net>
Cc: media-types@iana.org
Date: Wed, 12 Jun 2019 23:27:35 +0200
X-Mailer: MailMate (1.12.5r5635)
Message-ID: <D0576ABF-05E5-455F-AC01-D99F0B8F1304@hoplahup.net>
In-Reply-To: <bef5f77d59484b78a5cdc4caab167ee2@MBX100D.cloud4partner.com>
References: <bef5f77d59484b78a5cdc4caab167ee2@MBX100D.cloud4partner.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_A783D969-957C-412E-AF78-636D42088577_="
Content-Transfer-Encoding: 8bit
X-Ovh-Tracer-Id: 7947727444946782213
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 49
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.2 (pechora6.dc.icann.org [192.0.46.72]); Wed, 12 Jun 2019 21:28:02 +0000 (UTC)
X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduuddrudehjedgudeikecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecuogfuuhhsphgvtghtffhomhgrihhnucdlgeelmd
Archived-At: <https://mailarchive.ietf.org/arch/msg/media-types/aVBarlFC_NcMw4KX-1E8Ttvb5UI>
Subject: Re: [media-types] Notice for a potential media type registration: application/td+json
X-BeenThere: media-types@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IANA mailing list for reviewing Media Type \(MIME Type, Content Type\) registration requests." <media-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/media-types>, <mailto:media-types-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/media-types/>
List-Post: <mailto:media-types@ietf.org>
List-Help: <mailto:media-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/media-types>, <mailto:media-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2019 21:28:07 -0000

Dear Matthias,

It seems to me that this format is not unlikely going to be used in copy 
and paste scenarios. E.g. between editor applications which exchange 
configurations.
While I am too new to this standard to assert this, I would be 
interested to hear if you agree on that.

If you do, I would recommend that “clipboard flavour names” are 
included in your registration and replace the Macintosh file-type (which 
is not current anymore).
This was done by a few media-type declarations already (e.g. SVG or 
MathML) and ensures that applications that might include such do so 
right away with the same name.

Considering that type-specificity is likely to give the best 
user-experience, instead of aiming at text-type, I would like to suggest 
the following types for the Windows and macOS platforms:

* macOS UTI:  public.json-td extends public.json
* Windows: json-td

Note, however, that I have not found any software or specification that 
employs JSON-TD or even JSON-LD. If one is found for JSON-TD, this 
should probably be used. If one is found for JNSON-LD (which is far more 
generic), the extends of the UTI description should probably be 
adjusted.

Thanks in advance.

Paul




On 3 May 2019, at 11:36, Matthias Kovatsch wrote:

> Dear IANA
>
> The Web of Things WG at W3C is getting ready to transition to 
> Candidate Recommendation for the WoT Thing Description specification: 
> https://w3c.github..io/wot-thing-description
>
> Section 10 (https://w3c.github.io/wot-thing-description/#iana-section) 
> intents to register "application/td+json" as well as a CoAP 
> Content-Format ID (256-9999 range with IETF Review or IESG Approval).
>
> Could you please provide a Preliminary Community Review based on the 
> Registration Template, also attached below for convenience?
>
> Thank you and best wishes,
> Matthias
>
> ----------------------
>
> Type name:    application
>
> Subtype name:    td+json
>
> Required parameters:    None
>
> Optional parameters:    None
>
> Encoding considerations:    See RFC 6839, section 3.1.
>
> Security considerations:
>     See RFC 8259.
>     Since WoT Thing Description is intended to be a pure data exchange 
> format for Thing metadata, the serialization SHOULD NOT be passed 
> through a code execution mechanism such as JavaScript's eval() 
> function to be parsed. An (invalid) document may contain code that, 
> when executed, could lead to unexpected side effects compromising the 
> security of a system.
>     WoT Thing Descriptions can be evaluated with a JSON-LD 1.1 
> processor, which typically follows links to remote contexts (i.e., TD 
> context extensions, see § 6.3 Context Extension) automatically, 
> resulting in the transfer of files without the explicit request of the 
> Consumer for each one. If remote contexts are served by third parties, 
> it may allow them to gather usage patterns or similar information 
> leading to privacy concerns. While implementations on 
> resource-constrained devices are expected to perform raw JSON 
> processing (as opposed to JSON-LD processing), implementations in 
> general SHOULD statically cache vetted versions of their supported 
> context extensions and not to follow links to remote contexts. 
> Supported context extensions can be managed through a secure software 
> update mechanism instead.
>     Context Extensions (see § 6.3 Context Extension) that are loaded 
> from the Web over non-secure connections, such as HTTP, run the risk 
> of being altered by an attacker such that they may modify the TD 
> Information Model in a way that could compromise security. For this 
> reason, Consumer again SHOULD vet and cache remote contexts before 
> allowing the system to use it.
>     Given that JSON-LD processing usually includes the substitution of 
> long IRIs with short terms, WoT Thing Descriptions may expand 
> considerably when processed using a JSON-LD 1.1 processor and, in the 
> worst case, the resulting data might consume all of the recipient's 
> resources. Consumers SHOULD treat any TD metadata with due skepticism.
>
> Interoperability considerations:
>     See RFC 8259.
>     Rules for processing both conforming and non-conforming content 
> are defined in this specification.
>
> Published specification:    
> https://w3c.github.io/wot-thing-description
>
> Applications that use this media type:
>     All participating entities in the W3C Web of Things, that is, 
> Things, Consumers, and Intermediaries as defined in the Web of Things 
> (WoT) Architecture.
>
> Fragment identifier considerations:    See RFC 6839, section 3.1
>
> Additional information:
>
>     Magic number(s):        Not Applicable
>     File extension(s):        .jsontd
>     Macintosh file type code(s):        TEXT
>
> Person & email address to contact for further information:
>     Matthias Kovatsch <w3c@kovatsch.net>
>
> Intended usage:    COMMON
>
> Restrictions on usage:    None
>
> Author(s):
>     The WoT Thing Description specification is a product of the Web of 
> Things Working Group.
>
> Change controller:    W3C
>
> Provisional registration? (standards tree only):    No
>
> _______________________________________________
> media-types mailing list
> media-types@ietf.org
> https://www.ietf.org/mailman/listinfo/media-types

v2.23.0 | Report a Bug | By Email