(last updated 2003-09-09) Name : John Kemp Email : john.kemp&earthlink.net MIME media type name : Application MIME subtype name : Vendor Tree - vnd.paos+xml Required parameters : None Optional parameters : None Encoding considerations : 8bit This media type may require encoding on transports not capable of handling 8 bit text. Security considerations : To paraphrase section 3 of RFC 1874, XML MIME entities contain information to be parsed and processed by the recipient's XML system. These entities may contain and such systems may permit explicit system level commands to be executed while processing the data. To the extent that an XML system will execute arbitrary command strings, recipients of XML MIME entities may be at risk. In addition to this general concern, the paos+xml typed documents will contain data that may identify or pertain to an individual. To counter potential issues, paos+xml typed documents contain data that must be signed appropriately by the sender. Any such signature must be verified by the recipient of the data - both as a valid signature, and as being the signature of the sender. There is no executable content passed via this MIME type. To counter any privacy concerns, opaque handles are assigned to individuals, which may only identify an individual when used by either the sender or the recipient of the data. Transport-level security is ensured by Liberty transactions occurring over secured channels. For a more detailed discussion of general security considerations of the Liberty protocol & profiles, please reference: 1) Section 4 of: Liberty ID-FF Bindings & Profiles Specification, Version 1.2, Liberty Alliance Project, <"http://www.projectliberty.org/specs"> 2) Liberty ID-WSF Security Profiles, Version 1.0, Liberty Alliance Project, <"http://www.projectliberty.org/specs"> 3) Liberty ID-WSF Security & Privacy Guidelines, Version 1.0, Liberty Alliance Project, <"http://www.projectliberty.org/specs"> Interoperability considerations : There are no known interoperability concerns regarding this media type Published specification : The media type is used for the Liberty Reverse HTTP Binding for SOAP (PAOS) The relevant specification is: Liberty Reverse HTTP Binding for SOAP, Version 1.0 Applications which use this media : Any implementation of the Liberty Reverse HTTP Binding for SOAP (none are known yet) Additional information : 1. Magic number(s) : n/a 2. File extension(s) : n/a 3. Macintosh file type code : n/a 4. Object Identifiers: n/a Person to contact for further information : 1. Name : John Kemp 2. Email : john.kemp&earthlink.net Intended usage : Limited Use Author/Change controller : John Kemp of IEEE-ISTO (john.kemp&ieee-isto.org) has change control for any future updates. (created 2003-09-09)