(file created 2013-04-26, last updated 2013-04-26) Type name: application Subtype name: provenance+xml Required parameters: none Optional parameters: Same as charset parameter of application/xml as specified in RFC3023 (Section 3.2). Encoding considerations: Same as encoding considerations of application/xml as specified in RFC 3023 (Section 3.2). Security considerations: PROV-XML is an XML language for describing the provenance of things; applications may evaluate given data to dereference URIs, invoking the security considerations of the scheme for that URI. Note in particular, the privacy issues in [RFC3023] section 10 for HTTP URIs. Data obtained from an inaccurate or malicious data source may lead to inaccurate or misleading conclusions, as well as the dereferencing of unintended URIs. Care must be taken to align the trust in consulted resources with the sensitivity of the intended use of the data. PROV-XML can express data which is presented to the user, for example, by means of label attributes. Application rendering strings retrieved from untrusted PROV-N documents must ensure that malignant strings may not be used to mislead the reader. The security considerations in the media type registration for XML ([RFC3023] section 10) provide additional guidance around the expression of arbitrary data and markup. PROV-XML is a language for describing the provenance of things, and therefore a PROV-XML document is metadata for other resources. Untrusted PROV-XML documents may mislead its consumers by indicating that a third-party resource has a reputable lineage, when it has not. Provenance of PROV-XML document should be sought. PROV-XML uses QNames mappable to IRIs as term identifiers. Applications interpreting data expressed in PROV-XML should address the security issues of Internationalized Resource Identifiers (IRIs) [RFC3987] Section 8, as well as Uniform Resource Identifier (URI): Generic Syntax [RFC3986] Section 7. Multiple IRIs may have the same appearance. Characters in different scripts may look similar (a Cyrillic "ะพ" may appear similar to a Latin "o"). A character followed by combining characters may have the same visual representation as another character (LATIN SMALL LETTER E followed by COMBINING ACUTE ACCENT has the same visual representation as LATIN SMALL LETTER E WITH ACUTE). Any person or application that is writing or interpreting data in PROV-N must take care to use the IRI that matches the intended semantics, and avoid IRIs that make look similar. Further information about matching of similar characters can be found in Unicode Security Considerations [UNISEC] and Internationalized Resource Identifiers (IRIs) [RFC3987] Section 8. Interoperability considerations: There are no known interoperability issues. Published specification: PROV-XML: The PROV XML Schema, Hua, Tilmes, Zednik (eds), Moreau http://www.w3.org/TR/prov-xml/, 2013. Applications which use this media type: It may be used by any application for publishing provenance information. This format is designed to be an XML form of provenance. Fragment identifier considerations: N/A Additional Information: Magic number(s): PROV-XML documents are XML documents and thus may have initial strings similar to any XML document. File extension(s): .provx Macintosh file type code(s): "TEXT" Person & email address to contact for further information: Ivan Herman, ivan&w3.org Intended usage: COMMON Restrictions on usage: None Author: The PROV-XML specification is the product of the World Wide Web Consortium's Provenance Working Group. Change controller: The W3C, and the W3C Provenance Working Group, have change control over this specification.