(registered 2020-02-12, last updated 2020-02-12) Type name: application Subtype name: td+json Required parameters: None Optional parameters: None Encoding considerations: See RFC 6839, section 3.1. Security considerations: See RFC 8259, section 12. Since WoT Thing Description is intended to be a pure data exchange format for Thing metadata, the serialization SHOULD NOT be passed through a code execution mechanism such as JavaScript's eval() function to be parsed. An (invalid) document may contain code that, when executed, could lead to unexpected side effects compromising the security of a system. WoT Thing Descriptions can be evaluated with a JSON-LD 1.1 processor, which typically follows links to remote contexts (i.e., TD context extensions, see W3C WoT Thing Description, section 7) automatically, resulting in the transfer of files without the explicit request of the Consumer for each one. If remote contexts are served by third parties, it may allow them to gather usage patterns or similar information leading to privacy concerns. While implementations on resource-constrained devices are expected to perform raw JSON processing (as opposed to JSON-LD processing), implementations in general SHOULD statically cache vetted versions of their supported context extensions and not to follow links to remote contexts. Supported context extensions can be managed through a secure software update mechanism instead. Context Extensions (see W3C WoT Thing Description, section 7) that are loaded from the Web over non-secure connections, such as HTTP, run the risk of being altered by an attacker such that they may modify the TD Information Model in a way that could compromise security. For this reason, Consumer again SHOULD vet and cache remote contexts before allowing the system to use it. Given that JSON-LD processing usually includes the substitution of long IRIs [RFC3987] with short terms, WoT Thing Descriptions may expand considerably when processed using a JSON-LD 1.1 processor and, in the worst case, the resulting data might consume all of the recipient's resources. Consumers SHOULD treat any TD metadata with due skepticism. Interoperability considerations: See RFC 8259. Rules for processing both conforming and non-conforming content are defined in this specification. Published specification: https://w3c.github.io/wot-thing-description Applications that use this media type: All participating entities in the W3C Web of Things, that is, Things, Consumers, and Intermediaries as defined in the Web of Things (WoT) Architecture. Fragment identifier considerations: See RFC 6839, section 3.1. Additional information: Magic number(s): Not Applicable File extension(s): .jsontd Macintosh file type code(s): TEXT Person & email address to contact for further information: Matthias Kovatsch Intended usage: COMMON Restrictions on usage: None Author(s): The WoT Thing Description specification is a product of the Web of Things Working Group. Change controller: W3C