HTTP/1.1 200 OK Date: Tue, 09 Apr 2002 12:10:50 GMT Server: Apache/1.3.20 (Unix) Last-Modified: Fri, 24 Apr 1998 13:43:00 GMT ETag: "3ddc1f-2e74-354096e4" Accept-Ranges: bytes Content-Length: 11892 Connection: close Content-Type: text/plain INTERNET DRAFT E. J. Whitehead, Jr., UC Irvine Expires September, 1998 April 24, 1998 The text/xml Media Type Status of this Memo This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or made obsolete by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress". To learn the current status of any Internet-Draft, please check the "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). Distribution of this document is unlimited. Copyright Notice Copyright (C) The Internet Society (1998). All Rights Reserved. Abstract This document proposes a new media type, text/xml, for use in exchanging network entities which are conformant Extensible Markup Language (XML). XML entities are currently exchanged via the HyperText Transfer Protocol on the World Wide Web, and are an integral part of the WebDAV protocol for remote web authoring. draft-whitehead-mime-xml-00 [Page 1] INTERNET-DRAFT The text/xml Media Type April 24, 1998 Contents STATUS OF THIS MEMO...................................................1 COPYRIGHT NOTICE......................................................1 ABSTRACT..............................................................1 CONTENTS..............................................................2 1 INTRODUCTION .......................................................3 2 REGISTRATION INFORMATION ...........................................3 3 SECURITY CONSIDERATIONS ............................................5 4 REFERENCES .........................................................7 5 ACKNOWLEDGEMENTS ...................................................7 6 AUTHOR'S ADDRESS ...................................................7 draft-whitehead-mime-xml-00 [Page 2] INTERNET-DRAFT The text/xml Media Type April 24, 1998 1 Introduction The World Wide Web Consortium has issued a Recommendation [REC-XML] which defines the Extensible Markup Language (XML), version 1. To enable the exchange of XML network entities, this document proposes a new media type, text/xml. XML entities are currently exchanged on the World Wide Web. XML is also used for property values and parameter marshalling by the WebDAV protocol for remote web authoring. Thus, there is a need for a media type to properly label the exchange of XML network entities. Although XML is a subset of the Standard Generalized Markup Language (SGML) [ISO-8897], which currently is assigned the media type text/sgml, there are several reasons why use of text/sgml to label XML is inappropriate. First, there exist many applications which can process XML, but which cannot process SGML, due to SGML's larger feature set. Second, the definition of text/sgml [RFC-1874] includes parameters for SGML bit combination transformation format (SGML- bctf), and SGML boot attribute (SGML-boot). Since XML does not contain support for SGML-bctf or SGML-boot functionality, it would be ambiguous if such parameters were given for an XML entity. For these reasons, a new media type, text/xml is the best approach for labeling XML network entities. Since XML is an integral part of the WebDAV Distributed Authoring Protocol, and since World Wide Web Consortium Recommendations have conventionally been assigned IETF tree media types, and since similar media types (HTML, SGML) have been assigned IETF tree media types, the XML media type also belongs in the IETF tree. Since the default character set encoding for XML is UTF-8, it is appropriate to make XML a subtype of the "text" media type, as "text/xml". 2 Registration Information To: ietf-types@iana.org Subject: Registration of MIME media type text/xml MIME media type name: text MIME subtype name: xml Required parameters: none Optional parameters: charset In an XML document, character set information can be encoded within each XML element, and hence can vary across XML elements. For XML network entities where the character set is uniform, it might provide processing advantages to know the character set without having to parse the XML entity contents. In this case, the charset parameter can be used. By default, XML uses UTF-8, and a charset value of "utf-8" is recommended for this case. draft-whitehead-mime-xml-00 [Page 3] INTERNET-DRAFT The text/xml Media Type April 24, 1998 Encoding considerations: For transfer of XML entities across transports that are not 8- bit clean, either the quoted-printable or base64 encodings are recommended. The quoted-printable encoding is preferred when the XML document element contents use UTF-8. When the document characters mostly do not use UTF-8, the base64 encoding is preferred. Security considerations: See section 3 below. Interoperability considerations: XML has proven to be interoperable across a wide range of WebDAV clients and servers, across Web browsers from multiple vendors, and for import and export from multiple authoring tools. Published specification: see [REC-XML] Applications which use this media type: XML is device-, platform-, and vendor-neutral and is supported by a wide range of Web user agents, WebDAV clients and servers, as well as XML authoring tools. Additional information: Magic number(s): none File extension(s): .xml Macintosh File Type Code(s): "TEXT" Person & email address for further information: Jim Whitehead Intended usage: COMMON Author/Change controller: The XML specification is a work product of the World Wide Web Consortium's XML Working Group, and was edited by: Tim Bray Jean Paoli C. M. Sperberg-McQueen The W3C, and the W3C XML working group, has change control over the XML specification. draft-whitehead-mime-xml-00 [Page 4] INTERNET-DRAFT The text/xml Media Type April 24, 1998 3 Security Considerations XML, as a subset of SGML, has the same security considerations as specified in [RFC-1874]. To paraphrase section 3 of [RFC-1874], XML entities contain information to be parsed and processed by the recipient's XML system. Those entities may contain and such systems may permit explicit system level commands to be executed while processing the data. To the extent that an XML system will execute arbitrary command strings, recipients of XML entities may be at risk. In general, it may be possible to specify commands that perform unauthorized file operations or, make changes to the display processor's environment that affect subsequent operations. Since XML entities may also contain explicit processing instructions for a presentation, composition, scripting, or remote procedure call language, use of such instructions present concerns similar to those of Application/PostScript [RFC-2046]. Use of XML is expected to be varied, and widespread. XML is under scrutiny by a wide range of communities for use as a common syntax for community-specific metadata. For example, the Dublin Core group is using XML for document metadata, and a new effort has begun which is considering use of XML for medical information. Other groups view XML as a mechanism for marshalling parameters for remote procedure calls. More uses of XML will undoubtedly arise. Security considerations will vary by domain of use. For example, XML medical records will have much more stringent privacy and security considerations than XML library metadata. Similarly, use of XML as a parameter marshalling syntax necessitates a case by case security review. XML also may also have some of the same security concerns as plain text. Like plain text, XML can contain embedded control characters and escape sequences which, when displayed, have the potential to change the display processor environment in ways that adversely affect subsequent operations. Possible effects include, but are not limited to, locking the keyboard, changing display parameters so subsequent displayed text is unreadable, or even changing display parameters to deliberately obscure or distort subsequent displayed material so that its meaning is lost or altered. Display processors should either filter such material from displayed text or else make sure to reset all important settings after a given display operation is complete. draft-whitehead-mime-xml-00 [Page 5] INTERNET-DRAFT The text/xml Media Type April 24, 1998 Some terminal devices have keys whose output when pressed can be changed by sending the display processor a character sequence. If this is possible the display of a text object containing such character sequences could reprogram keys to perform some illicit or dangerous action when the key is subsequently pressed by the user. In some cases not only can keys be programmed, they can be triggered remotely, making it possible for a text display operation to directly perform some unwanted action. As such, the ability to program keys should be blocked either by filtering or by disabling the ability to program keys entirely. draft-whitehead-mime-xml-00 [Page 6] INTERNET-DRAFT The text/xml Media Type April 24, 1998 4 References [ISO-8897] ISO (International Organization for Standardization) ISO 8879:1986(E) Information Processing -- Text and Office Systems -- Standard Generalized Markup Language (SGML). First edition -- 1986-10-15. [REC-XML] T. Bray, J. Paoli, C. M. Sperberg-McQueen, "Extensible Markup Language (XML)." World Wide Web Consortium Recommendation REC-xml-19980210. http://www.w3.org/TR/1998/REC-xml-19980210. [RFC-1874] E. Levinson. "SGML Media Types" Accurate Information Systems. RFC 1874. December, 1995. [RFC-2046] N. Freed, N. Borenstein. "Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types" Innosoft, First Virtual. RFC 2046. November, 1996. 5 Acknowledgements Chris Newman and Yaron Y. Goland both contributed content to the security considerations section of this document. In particular, some text in the security considerations section is copied verbatim from draft-newman-mime-textpara-00, by permission of the author. 6 Author's Address E. James Whitehead, Jr. Dept. of Information and Computer Science University of California, Irvine Irvine, CA 92697-3425 Email: ejw@ics.uci.edu draft-whitehead-mime-xml-00 [Page 7]