proposed media type: application/exi
Martin Duerst
duerst at it.aoyama.ac.jp
Thu Oct 16 03:28:51 CEST 2008
Hello Carine,
At the moment, just a questions:
Given that there are many types of the form application/foo+xml,
will we see proposals for application/foo+exi in the future?
Regards, Martin.
At 06:30 08/10/16, Carine Bournez wrote:
>
>The W3C EXI Working Group has issued a Last Call draft specification
>of the EXI Format 1.0 [1]. It includes a proposal for a new media
>type "application/exi" [2] (a text version follows).
>The review period for this specification ends on November 7th.
>
>[1] http://www.w3.org/TR/exi
>[2] http://www.w3.org/TR/exi/#internetMediaType
>
>===========================
>A new media type registration "application/exi" described below is being
>proposed for community review, with the intent to eventually submit it
>to the IESG for review, approval, and registration with IANA.
>
>Type name:
> application
>
>Subtype name:
> exi
>
>Required parameters:
> none
>
>Optional parameters:
> none
>
>Encoding considerations:
> binary
>
>Security considerations:
> When used as an XML replacement in an application, EXI shares the
>same security concerns as XML, described in IETF RFC 3023 [IETF RFC
>3023], section 10.
>
> In addition to concerns shared with XML, the schema identifier
>refers to information external to the EXI document itself. If an
>attacker is able to substitute another schema in place of the intended
>one, the semantics of the EXI document could be changed in some ways. As
>an example, EXI is sensitive to the order of the values in an
>enumeration. It is not known whether such an attack is possible on the
>actual structure of the document.
>
> Also, EXI supports user-defined datatype representations, and such
>representations, if present in a document and purportedly understood by
>a processor, can be a security weakness. Definitions of these
>representations are expected to be external, often application- or
>industry-specific, so any definition needs to be analyzed carefully from
>the security perspective before being adopted.
>Interoperability considerations:
>
> The datatype representation map feature of EXI requires coordination
>between the producer and consumer of an EXI document, and is not
>recommended except in controlled environments or using standardized
>datatype representations potentially defined in the future.
>
> EXI permits information necessary to decode a document to be omitted
>with the expectation that such information has been communicated out of
>band. Such omissions hinder interoperability in uncontrolled
>environments.
>
>Published specification:
> Efficient XML Interchange (EXI) Format 1.0, World Wide Web Consortium
>
>Applications that use this media type:
> No known applications currently use this media type.
>
>Additional information:
> Magic number(s):
> The first four octets may be hexadecimal 24 45 58 49 ("$EXI"). The
> first octet after these, or the first octet of the whole content if
> they are not present, has its high two bits set to values 1 and 0
> in that order.
> File extension(s):
> .exi
> Macintosh file type code(s):
> APPL
>
>Person & email address to contact for further information:
> World Wide Web Consortium <web-human at w3.org>
>
>Intended usage:
> COMMON
>
>Restrictions on usage:
> none
>
>Author/Change controller:
> The EXI specification is the product of the World Wide Web Consortium's
>Efficient XML Interchange Working Group. The W3C has change control over this
>specification.
>===========================
>
>Thank you.
>
>--
>Carine Bournez -+- W3C Europe
#-#-# Martin J. Du"rst, Assoc. Professor, Aoyama Gakuin University
#-#-# http://www.sw.it.aoyama.ac.jp mailto:duerst at it.aoyama.ac.jp
More information about the Ietf-types
mailing list