(file created 2012-12-21; last updated 2012-12-21) MIME media type name: Application MIME subtype name: Vendor Tree - vnd.etsi.mheg5 Required parameters: None Optional parameters: None Encoding considerations: binary Security considerations: Applications of this type are executed within a defined virtual machine sandbox. Applications may make use of an HTTP based server for both GET and PUT facilities but the set of allowed target addresses is limited by an access control list which can only be obtained from a secure source (a broadcast TV network). Likewise, applications obtained from an HTTP source (and text or image content if required) are signed and must be confirmed using a secure certificate list before they are executed. There is no facility within the sandbox API for applications to read from or write to arbitrary files from the local file system. Applications may be authenticated using public key cryptography. The basic method by which this is achieved is by signing files with a private key. The corresponding public key is then placed in the broadcast carousel of any service from which access to the signed files is required. Different sources of content in a digital TV receiver have different inherent levels of security. For example, a broadcast delivery mechanism might be considered more secure than an Internet delivery mechanism. Where applications need to send or receive data over the Internet securely, secure connections can be established using the TLS (Transport Layer Security) protocol as described in RFC2246. Certificates for authentication of TLS servers shall be provided in the broadcast carousel. TLS connections shall be requested by applications by using the "https:" URI scheme in place of "http:". Interoperability considerations: Published specification: The specification for the application virtual machine is published as ETSI standard ES 202 184 available at: http://www.etsi.org/deliver/etsi_es/202100_202199/202184/02.02.01_60/es_202184v020201p.pdf Applications which use this media: Applications of this type are commonly executed on a digital television receiver to provide Interactive Application Services associated with a broadcast service or event. Additional information: 1. Magic number(s): none 2. File extension(s): none 3. Macintosh file type code: none 4. Object Identifiers: none Applications are encoded in ASN.1 DER format. Person to contact for further information: 1. Name: Miguel Angel Reina Ortega 2. Email: MiguelAngel. ReinaOrtega&etsi.org Intended usage: Common Applications of this type are commonly executed on a digital television receiver to provide Interactive Application Services associated with a broadcast service or event. Author/Change controller: Ian Medland (imedland&dtg.org.uk)