From a162ce396ff49c2364cc97f2bfc51216b18ea2d3 Mon Sep 17 00:00:00 2001 From: Marcos Caceres Date: Fri, 3 Jan 2014 11:31:36 +1000 Subject: [PATCH] Made review changes suggested by @anssiko in #113 --- index.html | 396 ++++++++++++++++++++++++++++------------------------- 1 file changed, 206 insertions(+), 190 deletions(-) diff --git a/index.html b/index.html index 137cf4a5b..d71108a81 100644 --- a/index.html +++ b/index.html @@ -793,44 +793,6 @@

-
-

- The "manifest.json" well-known URI -

-

- In the absence of a link element with the - manifest keyword, for Documents obtained - over HTTP or HTTPS or [[!APP-URI]], user agents MAY instead attempt - to fetch - and use a manifest with the absolute URL - obtained by resolving the URL - ".well-known/manifest.json" against the document's - address, as if the page had declared that manifest using the - manifest keyword. -

-

- This specification registers the "manifest.json" well-known URI in - the - Well-Known URI Registry as required by [[!RFC5785]]. -

-
-
- URI suffix: -
-
- manifest.json -
-
- Change controller: -
-
- Web Applications (WebApps) - Working Group -
-
-

Proprietary extensions to the manifest @@ -1084,161 +1046,215 @@

- Media type registration + IANA considerations

- This section contains the required text for MIME media type - registration with IANA. -

-

- The media type for a manifests is - application/manifest+json. -

-

- If the protocol over which the manifest is transferred supports the - [[!MIME-TYPES]] specification (e.g. HTTP), it is RECOMMENDED that the - manifest be labeled with the media type for a manifests. + The following registration is for community review and will be + submitted to the IESG for review, approval, and registration with IANA.

-
-
- Type name: -
-
- application -
-
- Subtype name: -
-
- manifest+json -
-
- Required parameters: -
-
- N/A -
-
- Optional parameters: -
-
- N/A -
-
- Encoding considerations: -
-
- Same as for application/json -
-
- Security considerations: -
-
-

- As the manifest format is JSON and will commonly be encoded using - [[!UNICODE]], the security considerations described in [[!JSON]] - and [[!UNICODE-SECURITY]] apply. In addition, implementors need to - impose their own implementation-specific limits on the values of - otherwise unconstrained member types, e.g. to prevent denial of - service attacks, to guard against running out of memory, or to work - around platform-specific limitations. -

-

- Web applications will generally contain ECMAScript, HTML, CSS - files, and other media, which are executed in a sand-boxed - environment. As such, implementors need to be aware of the security - implications for the types they support. Specifically, implementors - need to consider the security implications outlined in the - [[!CSS-MIME]] specification, the [[!ECMAScript-MIME]] - specification, and the [[!HTML]] specification. -

-

- As web applications can contain content that is able to - simultaneously interact with the local device and a remote host, - implementors need to consider the privacy implications resulting - from exposing private information to a remote host. Mitigation and - in-depth defensive measures are an implementation responsibility - and not prescribed by this specification. However, in designing - these measures, implementors are advised to enable user awareness - of information sharing, and to provide easy access to interfaces - that enable revocation of permissions. -

-

- As this specification allows for the declaration of URLs within - certain members of a manifest, implementors need to consider the - security considerations discussed in the [[!URL]] specification. - Implementations intending to display IRIs and - IDNA addresses - found in the manifest are strongly encouraged to follow the - security advice given in [[!UNICODE-SECURITY]]. -

-
-
- Applications that use this media type: -
-
- Web browsers -
-
- Additional information: -
-
-
-
- Magic number(s): -
-
- N/A -
-
- File extension(s): -
-
- .json, .manifest -
-
- Macintosh file type code(s): -
-
- TEXT -
-
-
-
- Person & email address to contact for further information: -
-
- The Web - Applications (WebApps) Working Group can be contacted at public-webapps@w3.org. -
-
- Intended usage: -
-
- COMMON -
-
- Restrictions on usage: -
-
- none -
-
- Author: -
-
- W3C's Web Applications (WebApps) Working Group. -
-
- Change controller: -
-
- W3C. -
-
+
+

+ The "manifest.json" well-known URI +

+

+ In the absence of a link element with the + manifest keyword, for Documents obtained + over HTTP or HTTPS or [[!APP-URI]], user agents MAY instead attempt + to fetch + and use a manifest with the absolute URL + obtained by resolving the URL + ".well-known/manifest.json" against + the document's address, as if the page had declared that + manifest using the manifest keyword. +

+

+ This specification registers the "manifest.json" well-known URI in + the + Well-Known URI Registry as required by [[!RFC5785]]. +

+
+
+ URI suffix: +
+
+ manifest.json +
+
+ Change controller: +
+
+ Web Applications (WebApps) + Working Group +
+
+ Specification document(s): +
+
+ This document is the relevant specification. +
+
+
+
+

+ Media type reregistration +

+

+ This section contains the required text for MIME media type + registration with IANA. +

+

+ The media type for a manifests is + application/manifest+json. +

+

+ If the protocol over which the manifest is transferred supports the + [[!MIME-TYPES]] specification (e.g. HTTP), it is RECOMMENDED that the + manifest be labeled with the media type for a manifests. +

+
+
+ Type name: +
+
+ application +
+
+ Subtype name: +
+
+ manifest+json +
+
+ Required parameters: +
+
+ N/A +
+
+ Optional parameters: +
+
+ N/A +
+
+ Encoding considerations: +
+
+ Same as for application/json +
+
+ Security considerations: +
+
+

+ As the manifest format is JSON and will commonly be encoded using + [[!UNICODE]], the security considerations described in [[!JSON]] + and [[!UNICODE-SECURITY]] apply. In addition, implementors need + to impose their own implementation-specific limits on the values + of otherwise unconstrained member types, e.g. to prevent denial + of service attacks, to guard against running out of memory, or to + work around platform-specific limitations. +

+

+ Web applications will generally contain ECMAScript, HTML, CSS + files, and other media, which are executed in a sand-boxed + environment. As such, implementors need to be aware of the + security implications for the types they support. Specifically, + implementors need to consider the security implications outlined + in the [[!CSS-MIME]] specification, the [[!ECMAScript-MIME]] + specification, and the [[!HTML]] specification. +

+

+ As web applications can contain content that is able to + simultaneously interact with the local device and a remote host, + implementors need to consider the privacy implications resulting + from exposing private information to a remote host. Mitigation + and in-depth defensive measures are an implementation + responsibility and not prescribed by this specification. However, + in designing these measures, implementors are advised to enable + user awareness of information sharing, and to provide easy access + to interfaces that enable revocation of permissions. +

+

+ As this specification allows for the declaration of URLs within + certain members of a manifest, implementors need to consider the + security considerations discussed in the [[!URL]] specification. + Implementations intending to display IRIs and + IDNA addresses + found in the manifest are strongly encouraged to follow the + security advice given in [[!UNICODE-SECURITY]]. +

+
+
+ Applications that use this media type: +
+
+ Web browsers +
+
+ Additional information: +
+
+
+
+ Magic number(s): +
+
+ N/A +
+
+ File extension(s): +
+
+ .json, .manifest +
+
+ Macintosh file type code(s): +
+
+ TEXT +
+
+
+
+ Person & email address to contact for further information: +
+
+ The Web + Applications (WebApps) Working Group can be contacted at + public-webapps@w3.org. +
+
+ Intended usage: +
+
+ COMMON +
+
+ Restrictions on usage: +
+
+ none +
+
+ Author: +
+
+ W3C's Web Applications (WebApps) Working Group. +
+
+ Change controller: +
+
+ W3C. +
+
+