-
Notifications
You must be signed in to change notification settings - Fork 152
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Media type registration #265
Comments
RESOLVED: In the security considerations section, reference RFC4627 and add text explaining that evaluating the data as code can lead to unexpected side effects compromising the security of a system. RESOLVED: Add the following text to the Security Considerations section: When processing JSON-LD documents, links to remote contexts are typically followed automatically, resulting in the transfer of files without the explicit request of the user for each one. If remote contexts are served by third parties, it may allow them to gather usage patterns or similar information leading to privacy concerns. Explain that this can be controlled through effective use of the API. |
OK, I've sent the response to IANA and updated the spec. |
I can't find |
There it is
https://www.iana.org/assignments/media-types/application/ld+json
Diego Pino Navarro
Digital Repositories Developer
Metropolitan New York Library Council (METRO)
|
@joepio its there. But its application/ld+json, since JSON is also application based mime type. This has been the same mime type for the last 5-6 years and used in API calls, etc everywhere and adopted in my places as part of the HTTP interactions with the format. Also not going to change (guess) |
Ah, of course. I was |
IANA reviewed our media type and has some questions:
I would say the first thing we should do here is to reference RFC4627 (JSON). Maybe changing the first sentence to
JSON-LD is, just as JSON [RFC4627], a pure data interchange format...
Not sure what else we could add, maybe something like:
... to be parsed. Evaluating the data as code can lead to unexpected side effects compromising the security of a system.
I would propose to say something like:
When processing JSON-LD documents, links to remote contexts are typically followed automatically, resulting in the transfer of files without the explicit request of the user for each one. If remote contexts are served by third parties, it may allow them to gather usage patterns or similar information.
Thoughts? Or maybe better formulations? :-)
The text was updated successfully, but these errors were encountered: