From: "Steven Klos" To: iana&isi.edu Date: Fri, 14 Feb 1997 13:30:52 +0000 Subject: Registration of new MIME type application/vnd.osa.netdeploy Cc: ietf-types&uninett.no MIME type name: application MIME subtype name: vnd.osa.netdeploy "netDeploy" is the subject in various countries of trademark applications from Open Software Associates Limited (a public company registered in Australia). Open Software Associates Limited hereby grants the right to use the mark only in accordance with the intent of this MIME type registration. Although MIME type names are case independent, the preferred capitalisation in the Content-type header is all lower-case. In all other references the preferred capitalisation is "netDeploy". Applications that generate or handle netDeploy documents are required to use this where possible. To the full extent permitted by law, Open Software Associates Limited and associated companies shall under no circumstances be liable for any loss, damage or injury (including without limitation any loss of profit, indirect, consequential or incidental loss, damage or injury) arising from any use of applications purporting to implement this document type. File extension: ndc Required parameters: None Optional parameters: None Encoding considerations: netDeploy files often contain binary data, and may require protection using one of the content transfer encodings (base64 preferred). It is anticipated however that use of netDeploy files will be most common over HTTP, which requires no special encoding. Security considerations: A netDeploy document describes a package of files required by or to be retrieved and deployed on the client machine and how to execute an application embodied in the retrieved files. As such, an implementation of the netDeploy type can in general not control the security of deployed applications and netDeploy documents should be considered insecure. Implementations must provide all reasonable assistance in determining the trustworthiness of an netDeploy package and the retrieved files, and must provide configurable security alerts and controls with the default configuration disabling execution of applications retrieved from non-trusted sources. Security alerts should require confirmation for each file to be retrieved, and prevent use of packages that do not pass the internal consistency checks (including message digests and other checking methods contained in the netDeploy file) and most importantly confirmation from the user that a deployed application may be launched. Digital code signing at a component and a package level is planned for a future release. Published specification: The netDeploy Packer and Launcher applications that implement the type are available from the Open Software Associates group web sites, including http://www.osa.com/ and http://www.osa.com.au/. The Packer application generates netDeploy packages, and the Launcher acts to download, manage and launch applications and as a helper application for unpacking netDeploy packages. The netDeploy file format description is currently in revision 1.2 and has not been prepared for public release. The format contains a header indicating which version is in use, and regardless of that the format is extensible in a variety of ways, however it is anticipated that the first public specification released will be 2.1 Person & email address to contact for further information: Steve Klos Product Manager Open Software Associates Incorporated, stevek&osa.com ----------------------------------------------------------------- Steven Klos stevek&osa.com Open Software Associates, Inc. 20 Trafalgar Square, 5th Floor Phone: 603 886 4330 Nashua, NH 03063 Fax: 603 598 6877 ----------------------------------------------------------------- Deploy applications across the net -- http://www.osa.com/