Media Type 'application/vnd.paos.xml' Details

Media Type 'application/vnd.paos.xml' Details


Basic Info
Media Type application
subtype vnd.paos.xml
Registered? Yes
See also Kemp
Extensions

Tags: (none)

File Formats: (none)

Details

(last updated 2003-09-09)

Name : John Kemp

Email : [email protected]

MIME media type name : Application

MIME subtype name : Vendor Tree - vnd.paos+xml

Required parameters : None

Optional parameters : 
None
Encoding considerations : 8bit
This media type may require encoding on transports not capable of handling 8 bit text.

Security considerations : 
To paraphrase section 3 of RFC 1874, XML MIME entities contain
information to be parsed and processed by the recipient's XML system.
These entities may contain and such systems may permit explicit system
level commands to be executed while processing the data.  To
the extent that an XML system will execute arbitrary command strings,
recipients of XML MIME entities may be at risk.

In addition to this general concern, the paos+xml typed
documents will contain data that may identify or pertain to an individual.

To counter potential issues, paos+xml typed documents
contain data that must be signed appropriately by the sender. Any such
signature must be verified by the recipient of the data - both as a
valid signature, and as being the signature of the sender. 

There is no executable content passed via this MIME type. To counter any 
privacy concerns, opaque handles are assigned to individuals, which may 
only identify an individual when used by either the sender or the recipient 
of the data. Transport-level security is ensured by Liberty
transactions occurring over secured channels.

For a more detailed discussion of general security considerations of
the Liberty protocol & profiles, please reference:

1) Section 4 of: Liberty ID-FF Bindings & Profiles Specification, Version 1.2, Liberty
Alliance Project, <"http://www.projectliberty.org/specs">
2) Liberty ID-WSF Security Profiles, Version 1.0, Liberty Alliance Project,
<"http://www.projectliberty.org/specs">
3) Liberty ID-WSF Security & Privacy Guidelines, Version 1.0, Liberty Alliance Project,
<"http://www.projectliberty.org/specs">


Interoperability considerations : 
There are no known interoperability concerns regarding this media type

Published specification : 
The media type is used for the Liberty Reverse HTTP Binding for SOAP (PAOS)

The relevant specification is:

Liberty Reverse HTTP Binding for SOAP, Version 1.0
<http://www.projectliberty.org/specs/>

Applications which use this media : 
Any implementation of the Liberty Reverse HTTP Binding for SOAP
(none are known yet)

Additional information :

1. Magic number(s) : n/a
2. File extension(s) : n/a
3. Macintosh file type code : n/a
4. Object Identifiers: n/a

Person to contact for further information :
1. Name : John Kemp
2. Email : [email protected]

Intended usage : Limited Use 
    
Author/Change controller : John Kemp of IEEE-ISTO
([email protected]) has change control for any future
updates.
 
(created 2003-09-09)