IETF Logo Mail Archive

Re: W3C Last Call and Media Type request for comments: XQuery and XQueryX

Bjoern Hoehrmann <derhoermi@gmx.net> Thu, 07 April 2005 20:28 UTC

Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j37KSfkh013254; Thu, 7 Apr 2005 13:28:41 -0700 (PDT) (envelope-from owner-ietf-xml-mime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j37KSfd3013253; Thu, 7 Apr 2005 13:28:41 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-xml-mime@mail.imc.org using -f
Received: from mail.gmx.net (pop.gmx.de [213.165.64.20]) by above.proper.com (8.12.11/8.12.9) with SMTP id j37KSeGc013242 for <ietf-xml-mime@imc.org>; Thu, 7 Apr 2005 13:28:41 -0700 (PDT) (envelope-from derhoermi@gmx.net)
Received: (qmail invoked by alias); 07 Apr 2005 20:28:34 -0000
Received: from dsl-084-056-238-149.arcor-ip.net (EHLO localhost) [84.56.238.149] by mail.gmx.net (mp030) with SMTP; 07 Apr 2005 22:28:34 +0200
X-Authenticated: #723575
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Liam Quin <liam@w3.org>
Cc: ietf-types@iana.org, ietf-xml-mime@imc.org, public-qt-comments@w3.org
Subject: Re: W3C Last Call and Media Type request for comments: XQuery and XQueryX
Date: Thu, 07 Apr 2005 22:28:58 +0200
Message-ID: <425b93d4.13001640@smtp.bjoern.hoehrmann.de>
References: <20050407200151.GN1785@w3.org>
In-Reply-To: <20050407200151.GN1785@w3.org>
X-Mailer: Forte Agent 1.92/32.572
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Y-GMX-Trusted: 0
Sender: owner-ietf-xml-mime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-xml-mime/mail-archive/>
List-ID: <ietf-xml-mime.imc.org>
List-Unsubscribe: <mailto:ietf-xml-mime-request@imc.org?body=unsubscribe>

* Liam Quin wrote:
>I.2 Registration of MIME Media Type application/xquery

>Optional parameters: charset
>
>The syntax of XQuery is expressed in Unicode but may be written with any
>Unicode-compatible character encoding, including UTF-8 or UTF-16, or
>transported as US-ASCII or Latin-1 with Unicode characters outside the
>range of the given encoding represented using an XML-style &#xddd;
>syntax.

>If an XQuery document contains an encoding declaration, it overrides the
>default encoding specified by the MIME charset parameter.

That's inconsistent with pretty much all other media types that allow a
charset parameter. What's the point of having a charset parameter here?

>I.5 Charset Default Rules
>
>XQuery documents use the Unicode character set and, by default, the
>UTF-8 encoding.

That's incorrect then, it defaults to the character encoding specified
in the charset parameter (which then defaults to UTF-8).

>I.6 Security Considerations
>
>Queries written in XQuery may cause arbitrary URIs to be dereferenced.
>Therefore, the security issues of [Uniform Resource Locators (URL)]
>Section 6 should be considered. In addition, the contents of file: URIs
>can in some cases be accessed, processed and returned as results.
>
>Furthermore, because the XQuery language permits extensions, it is
>possible that application/xquery may describe content that has security
>implications beyond those described here.
>
>The XML Query Working group is working on a facility to allow XQuery
>expressions to be used to create and update persistent data. Untrusted
>queries should not be given write access to data.

Compared to http://www.ietf.org/rfc/rfc2046.txt section 4.5.2 this seems
very incomplete...

>**** Registration for application/xquery+xml also at [4]
>
>C The application/xquery+xml Media Type (Non-Normative)

Non-Normative? Is there a normative version of this text?
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de
68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/

v2.23.0 | Report a Bug | By Email