proposed media type: application/exi

Carine Bournez carine at w3.org
Wed Oct 15 23:30:20 CEST 2008 

The W3C EXI Working Group has issued a Last Call draft specification
of the EXI Format 1.0 [1]. It includes a proposal for a new media 
type "application/exi" [2] (a text version follows).
The review period for this specification ends on November 7th.

[1] http://www.w3.org/TR/exi
[2] http://www.w3.org/TR/exi/#internetMediaType

===========================
A new media type registration "application/exi" described below is being
proposed for community review, with the intent to eventually submit it
to the IESG for review, approval, and registration with IANA.

Type name:
    application 

Subtype name:
    exi 

Required parameters:
    none 

Optional parameters:
    none 

Encoding considerations:
    binary 

Security considerations:
    When used as an XML replacement in an application, EXI shares the
same security concerns as XML, described in IETF RFC 3023 [IETF RFC
3023], section 10.

    In addition to concerns shared with XML, the schema identifier
refers to information external to the EXI document itself. If an
attacker is able to substitute another schema in place of the intended
one, the semantics of the EXI document could be changed in some ways. As
an example, EXI is sensitive to the order of the values in an
enumeration. It is not known whether such an attack is possible on the
actual structure of the document.

    Also, EXI supports user-defined datatype representations, and such
representations, if present in a document and purportedly understood by
a processor, can be a security weakness. Definitions of these
representations are expected to be external, often application- or
industry-specific, so any definition needs to be analyzed carefully from
the security perspective before being adopted. 
Interoperability considerations:

    The datatype representation map feature of EXI requires coordination
between the producer and consumer of an EXI document, and is not
recommended except in controlled environments or using standardized
datatype representations potentially defined in the future.

    EXI permits information necessary to decode a document to be omitted
with the expectation that such information has been communicated out of
band. Such omissions hinder interoperability in uncontrolled
environments. 

Published specification:
    Efficient XML Interchange (EXI) Format 1.0, World Wide Web Consortium 

Applications that use this media type:
    No known applications currently use this media type. 

Additional information:
    Magic number(s):
     	The first four octets may be hexadecimal 24 45 58 49 ("$EXI"). The 
	first octet after these, or the first octet of the whole content if 
	they are not present, has its high two bits set to values 1 and 0 
	in that order.
    File extension(s):
     	.exi
    Macintosh file type code(s):
     	APPL
     
Person & email address to contact for further information:
    World Wide Web Consortium <web-human at w3.org> 

Intended usage:
    COMMON 

Restrictions on usage:
    none 

Author/Change controller:
    The EXI specification is the product of the World Wide Web Consortium's 
Efficient XML Interchange Working Group. The W3C has change control over this 
specification. 
===========================

Thank you.

-- 
Carine Bournez -+- W3C Europe

More information about the Ietf-types mailing list