(file created 2013-03-13, last updated 2013-03-13) Type name: text Subtype name: provenance-notation Required parameters: charset — the value of charset MUST always be UTF-8. Optional parameters: None Encoding considerations: 8bit The syntax of PROV-N is expressed over code points in Unicode [UNICODE]. The encoding is always UTF-8 [UTF-8]. Unicode code points may also be expressed using an \uXXXX (U+0 to U+FFFF) or \UXXXXXXXX syntax (for U+10000 onwards) where X is a hexadecimal digit [0-9A-F] Security considerations: PROV-N is a general-purpose language for describing the provenance of things; applications may evaluate given data to infer more descriptions or to dereference URIs, invoking the security considerations of the scheme for that URI. Note in particular, the privacy issues in [RFC3023] section 10 for HTTP URIs. Data obtained from an inaccurate or malicious data source may lead to inaccurate or misleading conclusions, as well as the dereferencing of unintended URIs. Care must be taken to align the trust in consulted resources with the sensitivity of the intended use of the data. PROV-N is used to express the provenance of arbitrary application data; security considerations will vary by domain of use. Security tools and protocols applicable to text (e.g. PGP encryption, MD5 sum validation, password-protected compression) may also be used on PROV-N documents. Security/privacy protocols must be imposed which reflect the sensitivity of the embedded information. PROV-N can express data which is presented to the user, for example, by means of label attributes. Application rendering strings retrieved from untrusted PROV-N documents must ensure that malignant strings may not be used to mislead the reader. The security considerations in the media type registration for XML ([RFC3023] section 10) provide additional guidance around the expression of arbitrary data and markup. PROV-N is a language for describing the provenance of things, and therefore a PROV-N document is metadata for other resources. Untrusted PROV-N documents may mislead its consumers by indicating that a third-party resource has a reputable lineage, when it has not. Provenance of PROV-N document should be sought. PROV-N uses qualified names mappable to IRIs as term identifiers. Applications interpreting data expressed in PROV-N should address the security issues of Internationalized Resource Identifiers (IRIs) [RFC3987] Section 8, as well as Uniform Resource Identifier (URI): Generic Syntax [RFC3986] Section 7. Multiple IRIs may have the same appearance. Characters in different scripts may look similar (a Cyrillic "о" may appear similar to a Latin "o"). A character followed by combining characters may have the same visual representation as another character (LATIN SMALL LETTER E followed by COMBINING ACUTE ACCENT has the same visual representation as LATIN SMALL LETTER E WITH ACUTE). Any person or application that is writing or interpreting data in PROV-N must take care to use the IRI that matches the intended semantics, and avoid IRIs that make look similar. Further information about matching of similar characters can be found in Unicode Security Considerations [UNISEC] and Internationalized Resource Identifiers (IRIs) [RFC3987] Section 8. PROV-N offers an extensibility mechanism, which in turn may introduce additional security considerations. For example, predicates in extensibility expressions use qualified names, mappable to IRIs, and appropriate security considerations for IRIs apply too. Interoperability considerations: There are no known interoperability issues. Published specification: PROV-N: The Provenance Notation, Moreau, Missier, (eds), Cheney, Soiland-Reyes http://www.w3.org/TR/prov-n/, 2012. Applications which use this media type: It may be used by any application for publishing provenance information. This format is designed to be a human-readable form of provenance. Additional information: Magic number(s): PROV-N documents may have the strings 'document' near the beginning of the document. File extension(s): ".provn" Base URI: There are no constructs in the PROV-N Syntax to change the Base IRI. Macintosh file type code(s): "TEXT" Person & email address to contact for further information: Ivan Herman, ivan&w3.org Intended usage: COMMON Restrictions on usage: None Author/Change controller: The PROV-N specification is the product of the World Wide Web Consortium's Provenance Working Group. The W3C has change control over this specification.