[Docs] [txt|pdf] [Tracker] [Email] [Nits]

Versions: 00 01 02 03 04 RFC 2376

INTERNET DRAFT                         E. J. Whitehead, Jr., UC Irvine
<draft-whitehead-mime-xml-00>

Expires September, 1998                                 April 24, 1998


                        The text/xml Media Type

Status of this Memo

   This document is an Internet-Draft. Internet-Drafts are working
   documents of the Internet Engineering Task Force (IETF), its areas,
   and its working groups. Note that other groups may also distribute
   working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or made obsolete by other
   documents at any time. It is inappropriate to use Internet-Drafts as
   reference material or to cite them other than as "work in progress".

   To learn the current status of any Internet-Draft, please check the
   "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
   Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
   munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast), or
   ftp.isi.edu (US West Coast).

   Distribution of this document is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1998). All Rights Reserved.

Abstract

   This document proposes a new media type, text/xml, for use in
   exchanging network entities which are conformant Extensible Markup
   Language (XML). XML entities are currently exchanged via the
   HyperText Transfer Protocol on the World Wide Web, and are an
   integral part of the WebDAV protocol for remote web authoring.


















draft-whitehead-mime-xml-00                                   [Page 1]


INTERNET-DRAFT         The text/xml Media Type          April 24, 1998



Contents

STATUS OF THIS MEMO...................................................1
COPYRIGHT NOTICE......................................................1
ABSTRACT..............................................................1
CONTENTS..............................................................2
1 INTRODUCTION .......................................................3
2 REGISTRATION INFORMATION ...........................................3
3 SECURITY CONSIDERATIONS ............................................5
4 REFERENCES .........................................................7
5 ACKNOWLEDGEMENTS ...................................................7
6 AUTHOR'S ADDRESS ...................................................7









































draft-whitehead-mime-xml-00                                   [Page 2]


INTERNET-DRAFT         The text/xml Media Type          April 24, 1998



1  Introduction

   The World Wide Web Consortium has issued a Recommendation [REC-XML]
   which defines the Extensible Markup Language (XML), version 1. To
   enable the exchange of XML network entities, this document proposes
   a new media type, text/xml. XML entities are currently exchanged on
   the World Wide Web. XML is also used for property values and
   parameter marshalling by the WebDAV protocol for remote web
   authoring.  Thus, there is a need for a media type to properly label
   the exchange of XML network entities.

   Although XML is a subset of the Standard Generalized Markup Language
   (SGML) [ISO-8897], which currently is assigned the media type
   text/sgml, there are several reasons why use of text/sgml to label
   XML is inappropriate. First, there exist many applications which can
   process XML, but which cannot process SGML, due to SGML's larger
   feature set. Second, the definition of text/sgml [RFC-1874] includes
   parameters for SGML bit combination transformation format (SGML-
   bctf), and SGML boot attribute (SGML-boot). Since XML does not
   contain support for SGML-bctf or SGML-boot functionality, it would
   be ambiguous if such parameters were given for an XML entity. For
   these reasons, a new media type, text/xml is the best approach for
   labeling XML network entities.

   Since XML is an integral part of the WebDAV Distributed Authoring
   Protocol, and since World Wide Web Consortium Recommendations have
   conventionally been assigned IETF tree media types, and since
   similar media types (HTML, SGML) have been assigned IETF tree media
   types, the XML media type also belongs in the IETF tree.  Since the
   default character set encoding for XML is UTF-8, it is appropriate
   to make XML a subtype of the "text" media type, as "text/xml".

2  Registration Information

   To: ietf-types@iana.org
   Subject: Registration of MIME media type text/xml

   MIME media type name: text

   MIME subtype name: xml

   Required parameters: none

   Optional parameters: charset

       In an XML document, character set information can be encoded
       within each XML element, and hence can vary across XML elements.
       For XML network entities where the character set is uniform, it
       might provide processing advantages to know the character set
       without having to parse the XML entity contents.  In this case,
       the charset parameter can be used. By default, XML uses UTF-8,
       and a charset value of "utf-8" is recommended for this case.

draft-whitehead-mime-xml-00                                   [Page 3]


INTERNET-DRAFT         The text/xml Media Type          April 24, 1998




   Encoding considerations:

       For transfer of XML entities across transports that are not 8-
       bit clean, either the quoted-printable or base64 encodings are
       recommended.  The quoted-printable encoding is preferred when
       the XML document element contents use UTF-8.  When the document
       characters mostly do not use UTF-8, the base64 encoding is
       preferred.

   Security considerations:

       See section 3 below.

   Interoperability considerations:

       XML has proven to be interoperable across a wide range of WebDAV
       clients and servers, across Web browsers from multiple vendors,
       and for import and export from multiple authoring tools.

   Published specification: see [REC-XML]

   Applications which use this media type:

       XML is device-, platform-, and vendor-neutral and is supported
       by a wide range of Web user agents, WebDAV clients and servers,
       as well as XML authoring tools.

   Additional information:

       Magic number(s): none
       File extension(s): .xml
       Macintosh File Type Code(s): "TEXT"

   Person & email address for further information:

       Jim Whitehead <ejw@ics.uci.edu>

   Intended usage: COMMON

   Author/Change controller:

       The XML specification is a work product of the World Wide Web
       Consortium's XML Working Group, and was edited by:

       Tim Bray <tbray@textuality.com>
       Jean Paoli <jeanpa@microsoft.com>
       C. M. Sperberg-McQueen <cmsmcq@uic.edu>

       The W3C, and the W3C XML working group, has change control over
       the XML specification.


draft-whitehead-mime-xml-00                                   [Page 4]


INTERNET-DRAFT         The text/xml Media Type          April 24, 1998




3  Security Considerations

   XML, as a subset of SGML, has the same security considerations as
   specified in [RFC-1874].

   To paraphrase section 3 of [RFC-1874], XML entities contain
   information to be parsed and processed by the recipient's XML
   system.  Those entities may contain and such systems may permit
   explicit system level commands to be executed while processing the
   data.  To the extent that an XML system will execute arbitrary
   command strings, recipients of XML entities may be at risk. In
   general, it may be possible to specify commands that perform
   unauthorized file operations or, make changes to the display
   processor's environment that affect subsequent operations. Since XML
   entities may also contain explicit processing instructions for a
   presentation, composition, scripting, or remote procedure call
   language, use of such instructions present concerns similar to those
   of Application/PostScript [RFC-2046].

   Use of XML is expected to be varied, and widespread.  XML is under
   scrutiny by a wide range of communities for use as a common syntax
   for community-specific metadata.  For example, the Dublin Core group
   is using XML for document metadata, and a new effort has begun which
   is considering use of XML for medical information.  Other groups
   view XML as a mechanism for marshalling parameters for remote
   procedure calls.  More uses of XML will undoubtedly arise.

   Security considerations will vary by domain of use.  For example,
   XML medical records will have much more stringent privacy and
   security considerations than XML library metadata. Similarly, use of
   XML as a parameter marshalling syntax necessitates a case by case
   security review.

   XML also may also have some of the same security concerns as plain
   text.  Like plain text, XML can contain embedded control characters
   and escape sequences which, when displayed, have the potential to
   change the display processor environment in ways that adversely
   affect subsequent operations. Possible effects include, but are not
   limited to, locking the keyboard, changing display parameters so
   subsequent displayed text is unreadable, or even changing display
   parameters to deliberately obscure or distort subsequent displayed
   material so that its meaning is lost or altered.  Display processors
   should either filter such material from displayed text or else make
   sure to reset all important settings after a given display operation
   is complete.







draft-whitehead-mime-xml-00                                   [Page 5]


INTERNET-DRAFT         The text/xml Media Type          April 24, 1998



   Some terminal devices have keys whose output when pressed can be
   changed by sending the display processor a character sequence. If
   this is possible the display of a text object containing such
   character sequences could reprogram keys to perform some illicit or
   dangerous action when the key is subsequently pressed by the user.
   In some cases not only can keys be programmed, they can be triggered
   remotely, making it possible for a text display operation to
   directly perform some unwanted action. As such, the ability to
   program keys should be blocked either by filtering or by disabling
   the ability to program keys entirely.












































draft-whitehead-mime-xml-00                                   [Page 6]


INTERNET-DRAFT         The text/xml Media Type          April 24, 1998



4  References

   [ISO-8897] ISO (International Organization for Standardization) ISO
   8879:1986(E) Information Processing -- Text and Office Systems --
   Standard Generalized Markup Language (SGML). First edition --
   1986-10-15.

   [REC-XML] T. Bray, J. Paoli, C. M. Sperberg-McQueen, "Extensible
   Markup Language (XML)." World Wide Web Consortium Recommendation
   REC-xml-19980210. http://www.w3.org/TR/1998/REC-xml-19980210.

   [RFC-1874] E. Levinson. "SGML Media Types" Accurate Information
   Systems. RFC 1874. December, 1995.

   [RFC-2046] N. Freed, N. Borenstein. "Multipurpose Internet Mail
   Extensions (MIME) Part Two: Media Types" Innosoft, First Virtual.
   RFC 2046. November, 1996.

5  Acknowledgements

   Chris Newman and Yaron Y. Goland both contributed content to the
   security considerations section of this document.  In particular,
   some text in the security considerations section is copied verbatim
   from draft-newman-mime-textpara-00, by permission of the author.

6  Author's Address

   E. James Whitehead, Jr.
   Dept. of Information and Computer Science
   University of California, Irvine
   Irvine, CA 92697-3425

   Email: ejw@ics.uci.edu




















draft-whitehead-mime-xml-00                                   [Page 7]


Html markup produced by rfcmarkup 1.129c, available from https://tools.ietf.org/tools/rfcmarkup/