media type review requested for application/auth-policy+xml
Mark Baker
distobj at acm.org
Thu Apr 13 15:28:23 CEST 2006
Hi,
On 4/13/06, Tschofenig, Hannes <hannes.tschofenig at siemens.com> wrote:
> > - security section should also reference sec 10 of RFC 3023.
>
> Why do you think so?
> I read through Section 10 of RFC 3023 and I don't think that the aspects
> there are applicable for our usage environment.
The aspects of security described in that section are quite generic,
so I'd be surprised if that were the case. Just as one example, do
you rule out the use of external entities with auth-policy+xml? If
not, then that section is relevant as it describes some potential
security problems with their use.
FWIW, I think any +xml type should reference it as a matter of course.
> > - I'd recommend picking a file extension specific to this media type,
> > as many Web servers come pre-configured to serve .xml files as
> > application/xml, or even an RSS media type.
> I don't care about the file extension. Can you
> suggest something reasonable?
How about "apxml"? I checked "apx", but it's been used before;
http://filext.com/detaillist.php?extdetail=apx&Search=Search
Cheers,
Mark.
--
Mark Baker. Ottawa, Ontario, CANADA. http://www.markbaker.ca
More information about the Ietf-types
mailing list