Added MIME media type registration text

index.html

@@ -409,7 +409,142 @@ <h2>Basic properties</h2>
 
 
 
+  <section>
+    <h2>Media Type and File Extension</h2>
 
+    <p>This section contains the required text for MIME media type registration
+    with IANA. It defines the MIME media type and the RECOMMENDED file extension.</p>
+
+    <p>The MIME media type for Web App Manifests text is
+    <code>application/webapp-manifest+json</code>.</p>
+
+    <dl>
+      <dt>Type name:</dt>
+
+      <dd>application</dd>
+
+      <dt>Subtype name:</dt>
+
+      <dd>webapp-manifest+json</dd>
+
+      <dt>Required parameters:</dt>
+
+      <dd>N/A</dd>
+
+      <dt>Optional parameters:</dt>
+
+      <dd>N/A</dd>
+
+      <dt>Encoding considerations:</dt>
+
+      <dd>Same as for application/json</dd>
+
+      <dt>Security considerations:</dt>
+
+      <dd>
+        <p>As the application manifest format is JSON and will commonly be
+        encoded using [[!!Unicode]], the security considerations described in
+        [[!JSON]] and [[!UTR36]] apply. In addition, implementers need to
+        impose their own implementation-specific limits on the values of
+        otherwise unconstrained member types, e.g. to prevent denial of service
+        attacks, to guard against running out of memory, or to work around
+        platform-specific limitations.</p>
+
+        <p>The manifest document allows authors, through the permissions and
+        required_features, to request permission to enable security sensitive
+        APIs. As these APIs are outside the scope of this specification,
+        significant caution needs to be taken when granting an application the
+        capability to use a feature. Features themselves define their own
+        security considerations.</p>
+
+        <p>Web applications will generally contain ECMAscript, HTML, CSS files,
+        and other media, which are executed in a sand-boxed environment. As
+        such, implementers need to be aware of the security implications for
+        the types they support. Specifically, implementers need to consider the
+        security implications outlined in the [[!CSS-MIME]] specification, the
+        [[!ECMAScript-MIME]] specification, and the [[!HTML-MIME]]
+        specification.</p>
+
+        <p>As web applications can contain content that is able to
+        simultaneously interact with the local device and a remote host,
+        implementers need to consider the privacy implications resulting from
+        exposing private information to a remote host. Mitigation and in-depth
+        defensive measures are an implementation responsibility and not
+        prescribed by this specification. However, in designing these measures,
+        implementers are advised to enable user awareness of information
+        sharing, and to provide easy access to interfaces that enable
+        revocation of permissions.</p>
+
+        <p>As this specification relies on the standardized heuristics for
+        determining the content type of files defined in the [[!SNIFF]]
+        specification, implementers need to consider the security
+        considerations discussed in the [[!SNIFF]] specification.</p>
+
+        <p>As this specification allows for the declaration of IRIs within
+        certain members of a the application manifest, implementers need to
+        consider the security considerations discussed in the [IRI]
+        specification. Implementations intending to display <abbr title=
+        "Internationalized Resource Identifiers">IRIs</abbr> and <abbr title=
+        "Internationalized domain name">IDNA</abbr> addresses found in the
+        application manifest are strongly encouraged to follow the security
+        advice given in [[!UTR36]].</p>
+
+        <p>In addition, user agents need to be careful about trusting path
+        components found in the manifest. Such path components might be
+        interpreted by operating systems as pointing at security critical files
+        outside the browsing environment proper, and naive unpacking of zip
+        packages into the file system might lead to undesirable and security
+        relevant effects, such as overwriting of system files.</p>
+      </dd>
+
+      <dt>Applications that use this media type:</dt>
+
+      <dd>Web browsers</dd>
+
+      <dt>Additional information:</dt>
+
+      <dd>
+        <dl>
+          <dt>Magic number(s):</dt>
+
+          <dd>N/A</dd>
+
+          <dt>File extension(s):</dt>
+
+          <dd>.webapp</dd>
+
+          <dt>Macintosh file type code(s):</dt>
+
+          <dd>TEXT</dd>
+        </dl>
+      </dd>
+
+      <dt>Person &amp; email address to contact for further information:</dt>
+
+      <dd>
+        The <a href="http://www.w3.org/2012/sysapps/" rel="nofollow">System
+        Applications Working Group</a> can be contacted at <a href=
+        "http://lists.w3.org/Archives/Public/public-sysapps/" rel=
+        "nofollow">public-sysapps@w3.org</a>.
+      </dd>
+
+      <dt>Intended usage:</dt>
+
+      <dd>COMMON</dd>
+
+      <dt>Restrictions on usage:</dt>
+
+      <dd>none</dd>
+
+      <dt>Author:</dt>
+
+      <dd>W3C's System Application Working Group.</dd>
+
+      <dt>Change controller:</dt>
+
+      <dd>W3C.</dd>
+    </dl>
+  </section>
 
     <section>
       <h2>Application Management</h2>