<?xml version='1.0'?>
<?xml-stylesheet type='text/xsl' href='rfc2629xslt/rfc2629.xslt'?>
<!-- 
$Id: draft-ietf-appsawg-xml-00.xml,v 1.4 2012/10/14 16:47:47 ht Exp $ 
-->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY rfc.number "XXXX">
]>
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<rfc category="std" ipr="trust200902" docName="draft-ietf-appsawg-xml-mediatypes-00">
	<!-- <rfc number="????" obsoletes="3023" updates="2048" category="std" ipr="full2026" docName="draft-ietf-appsawg-xml-mediatypes-00"> -->
	<front>
		<title>XML Media Types</title>
		<author initials="C." fullname="Chris Lilley" surname="Lilley">
			<organization abbrev="W3C">World Wide Web
				Consortium</organization>
			<address>
			  <postal>
			    <street>2004, Route des Lucioles - B.P. 93 06902</street>
			    <city>Sophia Antipolis Cedex</city>
			    <country>France</country>
			  </postal>
				<email>chris@w3.org</email>
				<uri>http://www.w3.org/People/chris/</uri>
			</address>
		</author>
		<author initials="M." fullname="MURATA Makoto (FAMILY Given)" surname="Murata">
			<organization>International University of Japan</organization>
			<address>
				<email>eb2m-mrt@asahi-net.or.jp</email>
			</address>
		</author>
		<author initials="A." fullname="Alexey Melnikov" surname="Melnikov">
			<organization>Isode Ltd.</organization>
			<address>
				<email>alexey.melnikov@isode.com</email>
				<uri>http://www.melnikov.ca/</uri>
			</address>
		</author>
		<author initials="H. S." fullname="Henry S. Thompson" surname="Thompson">
   <organization>University of Edinburgh</organization>
   <address>
    <email>ht@inf.ed.ac.uk</email>
    <uri>http://www.ltg.ed.ac.uk/~ht/</uri>
   </address>
		</author>
		<date month="November" year="2012"/>
		<area>Applications</area>
		<keyword>XML</keyword>
		<keyword>media type</keyword>
		<keyword>MIME</keyword>
		<keyword>text</keyword>
		<keyword>application</keyword>
		<keyword>XSLT</keyword>
		<keyword>XPath</keyword>
		<keyword>Extensible Markup Language</keyword>
		<abstract>
			<t>This specification standardizes three media types -- 
application/xml, 
application/xml-external-parsed-entity, and application/xml-dtd --
for use in exchanging network entities that are related to the
Extensible Markup Language (XML) while defining
text/xml and text/xml-external-parsed-entity as aliases for the
respective application/ types.  This specification also standardizes
a convention (using the suffix '+xml') for naming media types
outside of these five types when those media types represent XML MIME
entities. XML MIME entities are currently exchanged via the
HyperText Transfer Protocol on the World Wide Web, are an
integral part of the WebDAV protocol for remote web authoring,
and are expected to have utility in many domains.</t>
			<t>Major differences from <xref target="RFC3023"/> are alignment of charset handling for text/xml and text/xml-external-parsed-entity with application/xml, the addition of XPointer and XML Base as fragment identifiers  and base URIs, respectively, mention of the XPointer Registry, and  updating of many references.
</t>
		</abstract>
	</front>
	<middle>
		<section title="Introduction" anchor="intro">
			<t>The World Wide Web Consortium has issued the
<xref target="XML">Extensible Markup Language (XML) 1.0 specification.</xref>.
To enable the exchange of XML network entities, this specification
standardizes three media types -- application/xml,
application/xml-external-parsed-entity, and application/xml-dtd and two aliases -- text/xml and text/xml-external-parsed-entity,
as well as a naming convention for identifying XML-based MIME
media types (using +xml).</t>
			<t>XML entities are currently exchanged on the World Wide Web,
and XML is also used for property values and parameter
marshalling by the 
<xref target="RFC4918">WebDAV </xref>
protocol for remote web authoring. Thus, there is a need for a
media type to properly label the exchange of XML network
entities.</t>
			<t>Although XML is a subset of the Standard Generalized Markup
Language (SGML) 
<xref target="SGML">ISO 8879 </xref>,
which has been assigned the media types text/sgml and
application/sgml, there are several reasons why use of text/sgml
or application/sgml to label XML is inappropriate. First, there
exist many applications that can process XML, but that cannot
process SGML, due to SGML's larger feature set. Second, SGML
applications cannot always process XML entities, because XML uses
features of recent technical corrigenda to SGML. Third, the
definition of text/sgml and application/sgml in 
<xref target="RFC1874"/>
includes parameters for SGML bit combination transformation
format (SGML-bctf), and SGML boot attribute (SGML-boot). Since
XML does not use these parameters, it would be ambiguous if such
parameters were given for an XML MIME entity. For these reasons,
the best approach for labeling XML network entities has been to provide
new media types for XML.</t>
			<t>Since XML is an integral part of the WebDAV Distributed
Authoring Protocol, and since World Wide Web Consortium
Recommendations are assigned standards tree media
types, and since similar media types (HTML, SGML) have been
assigned standards tree media types, the XML media types were also placed
in the standards  tree <xref target="RFC3023"/>.</t>
			<t>Similarly, XML has been used as a foundation for other media
types, including types in every branch of the IETF media types
tree. To facilitate the processing of such types, media types
based on XML, but that are not identified using 
application/xml (or text/xml), SHOULD be named using a suffix of '+xml' as described in <xref target="naming"/>. This
will allow generic XML-based tools -- browsers, editors, search engines,
and other processors -- to work with all XML-based media
types.</t>
		</section>
		<section title="Notational Conventions" anchor="conventions">
			<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this specification are to be interpreted as described in
<xref target="RFC2119"/>.</t>
			<t>As defined in <xref target="RFC2781"/> (informative), the three charsets "utf-16",
"utf-16le", and "utf-16be" are used to label UTF-16 text. In this specification, 
"the UTF-16 family" refers to those three charsets. By contrast, the phrases
"utf-16" or UTF-16 in this specification refer specifically to the single charset
"utf-16".</t>
			<t>As sometimes happens between two
communities, both MIME and XML have defined the term entity, with
different meanings. Section 2.4 of <xref target="RFC2045"/>
says:</t>
			<t>
				<list style="empty">
					<t>"The term 'entity' refers specifically to the MIME-defined header
fields and contents of either a message or one of the parts in the
body of a multipart entity."</t>
				</list>
			</t>
			<t>Section 4 of <xref target="XML"/>
says:</t>
			<t>
				<list style="empty">
					<t>"An XML document may consist of one or many storage units. These are called entities; they all have content and are all (except for the document entity and the external DTD subset) identified by entity name".</t>
				</list>
			</t>
			<t>In this specification, "XML MIME entity" is defined as the latter (an XML entity) encapsulated
in the former (a MIME entity).</t>
		</section>
		<section title="XML Media Types">
			<t>This specification standardizes three media types related to XML MIME
entities: application/xml (with text/xml as an alias),
application/xml-external-parsed-entity (with text/xml-external-parsed-entity as an alias), and application/xml-dtd.
Registration information for these media types is described in
the sections below.</t>
			<t>Within the XML specification, XML MIME entities can be classified
into four types. In the XML terminology, they are called "document
entities", "external DTD subsets", "external parsed entities", and
"external parameter entities". The media types 
application/xml or text/xml MAY be used for "document entities", while
application/xml-external-parsed-entity or text/xml-external-parsed-entity SHOULD be used for "external
parsed entities". 
Note that <xref target="RFC3023"/> (which this specification obsoletes) recommended
the use of text/xml and text/xml-external-parsed-entity for 
document entities and external parsed entities, respectively,
but described charset handling which differed from common implementation practice.
These media types are still commonly used,
and this specification aligns the charset handling with industry practice.
The media type application/xml-dtd SHOULD be used for
"external DTD subsets" or "external parameter entities". 
  application/xml and text/xml MUST NOT be used for "external parameter entities" or "external DTD subsets", and MUST NOT be used for
"external parsed entities" unless they are also well-formed
"document entities" and are referenced as such.
  Note that <xref target="RFC2376"/> (which is obsolete) allowed such usage, although 
  in practice it is likely to have been rare.</t>

			<t>Neither external DTD subsets nor external parameter entities
parse as XML documents, and while some XML document entities may
be used as external parsed entities and vice versa, there are
many cases where the two are not interchangeable. XML also has
unparsed entities, internal parsed entities, and internal
parameter entities, but they are not XML MIME entities.</t>

<t>
Application/xml and
application/xml-external-parsed-entity are recommended.
Compared to <xref target="RFC2376"/> or <xref target="RFC3023"/>, 
this specification alters the charset handling of text/xml and
text/xml-external-parsed-entity, treating them no differently from the
respective application/ types.  The 
reasons are as follows:
	<list style="empty">

	  <t>Conflicting specifications regarding the character encoding have caused
	  confusion.  
On the one hand, <xref target="RFC2046"/> specifies "The default character set, which must be
   assumed in the absence of a charset parameter, is US-ASCII.",
<xref target="RFC2616"/>
   Section 3.7.1, defines that "media subtypes of the 'text' type are
   defined to have a default charset value of 'ISO-8859-1'", and
   <xref target="RFC2376"/> as well as <xref target="RFC3023"/> 
   specify the default charset is US-ASCII.</t>
		<t>On the other hand, 
implementors and users of XML parsers, 
following Appendix F of <xref target="XML"/>, assume that the 
default is provided by the XML encoding declaration or BOM.
Note that this conflict did not exist for application/xml 
or application/xml-external-parsed-entity (see "Optional parameters" of application/xml
registration in <xref target="applicationxml"/>).</t>
<t>The current situation, reflected in this specification, has been
simplified by <xref target="RFC6657"/> updating <xref target="RFC2046"/> to
remove the US-ASCII default. Furthermore, in
  accordance with <xref target="RFC6657"/>'s other recommendations, <xref target="HTTPbis"/> changes
  <xref target="RFC2616"/> by removing the ISO-8859-1 default and not defining any
  default at all.</t>
			<t>The top-level media type "text" has some restrictions on MIME
entities and they are described in 
<xref target="RFC2045"/>
and 
<xref target="RFC2046"/>.
In particular, for transports other than <xref target="RFC2616">HTTP </xref> or HTTPS
(which uses a MIME-like mechanism).
the UTF-16 family, UCS-4, and UTF-32 are not allowed
  However, section 4.3.3 of <xref target="XML"/> says:</t>
		<t>
			<list style="empty">
				<t>"Each external parsed entity in an XML document may use a different encoding for its characters. All XML processors MUST be able to read entities in both the UTF-8 and UTF-16 encodings."</t>
			</list>
			</t>
				
				<t>Thus, although all XML processors can read entities in at least UTF-16, if an
XML document or external parsed entity is encoded in such
character encoding schemes, it could not be labeled as text/xml or
text/xml-external-parsed-entity (except for HTTP).</t>
		
		<t>It is not possible to deprecate text/xml because it is widely used in practice, and implementations are largely interoperable, following the rules of  Appendix F of <xref target="XML"/> and ignoring the requirements of <xref target="RFC3023"/>.</t>

	</list>
</t>


<!--			<t>
				<list style="empty">
					<t>NOTE: Users are in general not used to text containing
tags such as &lt;price&gt;, and often find such tags quite disorienting or annoying.
If one is not sure, the conservative principle would suggest using application/*
instead of text/* so as not to put information in front of users that they will quite
likely not understand.</t>
				</list>
			</t>
-->

			<t>XML provides a general framework for defining sequences of
structured data. In some cases, it may be desirable to define new
media types that use XML but define a specific application of
XML, perhaps due to domain-specific display, editing, security considerations or
runtime information. Furthermore, such media types may allow UTF-8 or
 UTF-16 only and prohibit other charsets. This specification does not prohibit such media
types and in fact expects them to proliferate. However, developers of
such media types are STRONGLY RECOMMENDED to use this specification as a basis for their registration.
			
In particular, the charset parameter, if used, MUST agree with the encoding of the XML entity, as described in <xref target="referencing"/>,
in order to enhance interoperability.</t>
			<t>An XML document labeled as application/xml or text/xml, or with a +xml media type, might contain
namespace declarations, stylesheet-linking processing instructions (PIs), schema information,
or other declarations that might be used to suggest how the document
is to be processed. For example, a document might have the XHTML
namespace and a reference to a CSS stylesheet. Such a document might
be handled by applications that would use this information to dispatch the document
for appropriate processing.</t>
			<section title="Application/xml Registration" anchor="applicationxml">
				<t>
					<list style="hanging">
						<t hangText="MIME media type name:">application</t>
						<t hangText="MIME subtype name:">xml</t>
						<t hangText="Mandatory parameters:">none</t>
						<t hangText="Optional parameters:">charset</t>
					</list>
					<list style="empty">
						<t>
							The charset parameter MUST only be used, when the charset is reliably known and agrees with the encoding declaration. This information can be used by non-XML processors to determine authoritatively the charset of the XML MIME entity. The charset
parameter can also be used to provide protocol-specific
operations, such as charset-based content negotiation in
HTTP.</t>
						<t>"utf-8" <xref target="RFC3629"/>
and "utf-16" <xref target="RFC2781"/>
are the recommended values, representing the UTF-8 and UTF-16
charsets, respectively. These charsets are preferred since they
are supported by all conforming processors of 
<xref target="XML"/>.</t>
						<t>If an application/xml entity is received where the charset
parameter is omitted, no information is being provided about
the charset by the MIME Content-Type header. Conforming XML
processors MUST follow the requirements in section 4.3.3 of 
<xref target="XML"/>
that directly address this contingency. However, MIME
processors that are not XML processors SHOULD NOT assume a
default charset if the charset parameter is omitted from an
application/xml entity.</t>
						<t>There are several reasons that the charset parameter is
optionally allowed.  First, recent web servers have been improved so that
users can specify the charset parameter.  Second, <xref target="RFC2130"/> (informative) specifies that the recommended specification
scheme is the "charset" parameter.</t>
						<t>On the other hand, it has been
argued that the charset parameter should be omitted and the mechanism
described in Appendix F of <xref target="XML"/>  (which is non-normative) should be solely relied on.  This approach would
allow users to avoid configuration of the charset parameter; an XML
document stored in a file is likely to contain a correct encoding
declaration or BOM (if necessary), since the operating system does not
typically provide charset information for files.  If users would like
to rely on the encoding declaration or BOM and to hide charset
information from protocols, they SHOULD determine not to use the 
parameter.</t>
						<t>Since a receiving application can, with very high reliability, determine the encoding of an XML document by reading it, the XML encoding declaration SHOULD be provided. 

</t>
					</list>
					<list style="hanging">
						<t hangText="Encoding considerations:">This media type MAY be encoded as appropriate for the
charset and the capabilities of the underlying MIME transport.
For 7-bit transports, data in either UTF-8 or UTF-16 MUST be encoded
in quoted-printable or base64. For 8-bit clean transport
(e.g., <xref target="RFC1652">8BITMIME </xref> ESMTP or <xref target="RFC3977">NNTP </xref>), UTF-8 is not encoded, but
the UTF-16 family MUST be encoded in base64. For binary clean transports (e.g.,
<xref target="RFC2616">HTTP </xref>), no content-transfer-encoding is necessary.</t>
	<t hangText="Security considerations:">See <xref target="security"/>.
</t>
	<t hangText="Interoperability considerations:"></t>
						<t hangText="Interoperability considerations:">XML has proven
to be interoperable across WebDAV clients and servers, and for
import and export from multiple XML authoring tools.  For 
maximum interoperability, validating processors are
recommended.  Although non-validating processors may be more efficient,
they are not required to handle all features of XML.  For further
information, see sub-section 2.9 "Standalone Document Declaration" and
section 5 "Conformance" of <xref target="XML"/> .</t>
	<t hangText="Published specification:"></t>

						<t hangText="Published specification:">
							<xref target="XML">Extensible Markup Language (XML) 1.0 (Fifth
Edition)</xref>.</t>
	<t hangText="Applications which use this media type:"></t>
<t hangText="Applications which use this media type:">XML is device-, platform-, and vendor-neutral and is
supported by a wide range of Web user agents, <xref target="RFC4918">WebDAV </xref> clients
and servers, as well as XML authoring tools.</t>
	<t hangText="Additional information:"></t>

						<t hangText="Additional information:">							<list style="hanging">
								<t hangText="Magic number(s):">None.</t>
							</list>
							<list style="empty">
								<t>Although no byte sequences can be counted on to always be
present, XML MIME entities in ASCII-compatible charsets
(including UTF-8) often begin with hexadecimal 3C 3F 78 6D 6C
("&lt;?xml"), and those in UTF-16 often begin with hexadecimal
FE FF 00 3C 00 3F 00 78 00 6D 00 6C or FF FE 3C 00 3F 00 78 00 6D 00 6C 00
(the Byte Order Mark (BOM) followed by "&lt;?xml"). For more
information, see Appendix F of 
<xref target="XML"/>.</t>
							</list>
							<list style="hanging">
								<t hangText="File extension(s):">.xml</t>
								<t hangText="Macintosh File Type Code(s):">"TEXT"</t>
							</list>
						</t>
	<t hangText="Person and email address for further information:"></t>
						<t hangText="Person and email address for further information:">
							<list style="hanging">
								<t>MURATA Makoto (FAMILY Given) &lt;eb2m-mrt@asahi-net.or.jp&gt;</t>
								<t>Alexey Melnikov &lt;alexey.melnikov@isode.com&gt;</t>
								<t>Chris Lilley &lt;chris@w3.org&gt;</t>
        <t>Henry S. Thompson &lt;ht@inf.ed.ac.uk&gt;</t>
							</list>
						</t>
	<t hangText="Intended usage:">COMMON</t>
	<t hangText="Author/Change controller:"></t>
      <t hangText="Author/Change controller:">The XML specification
is a work product of the World Wide Web Consortium's XML Working
Group, and was edited by:
<list style="hanging">
								<t>Tim Bray &lt;tbray@textuality.com&gt;</t>
								<t>Jean Paoli &lt;jeanpa@microsoft.com&gt;</t>
								<t>C. M. Sperberg-McQueen &lt;cmsmcq@uic.edu&gt;</t>
								<t>Eve Maler &lt;eve.maler@east.sun.com&gt;</t>
								<t>Francois Yergeau &lt;mailto:francois@yergeau.com&gt;</t>
							</list>
						</t>
					</list>
				</t>
			</section>
			<section title="Text/xml Registration" anchor="textxml">
				
    <t>text/xml is an alias for application/xml, as defined in <xref target="applicationxml"/> above.</t>
			</section>
			<section title="Application/xml-external-parsed-entity Registration" anchor="appxepe">
				<t>
					<list style="hanging">
						<t hangText="MIME media type name:">application</t>
						<t hangText="MIME subtype name:">xml-external-parsed-entity</t>
						<t hangText="Mandatory parameters:">none</t>
						<t hangText="Optional parameters:">charset</t>
					</list>
					<list style="empty">
						<t>The charset parameter of
application/xml-external-parsed-entity is handled the
same as that of application/xml as described in <xref target="applicationxml"/>.</t>
					</list>
					<list style="hanging">
						<t hangText="Encoding considerations:">Same as application/xml as
described in <xref target="applicationxml"/>.</t>
						<t hangText="Security considerations:">See <xref target="security"/>.</t>
						<t hangText="Interoperability considerations:">XML external parsed entities are as interoperable as XML
documents, though they have a less tightly constrained
structure and therefore need to be referenced by XML documents for
proper handling by XML processors. Similarly, XML documents
cannot be reliably used as external parsed entities because
external parsed entities are prohibited from having
standalone document declarations or DTDs. Identifying
XML external parsed entities with their own content type should
enhance interoperability of both XML documents and XML external
parsed entities.</t>
						<t hangText="Published specification:">Same as application/xml as
described in <xref target="applicationxml"/>.</t>
						<t hangText="Applications which use this media type:">Same as application/xml as
described in <xref target="applicationxml"/>.</t>
						<t hangText="Additional information:">
							<list style="hanging">
								<t hangText="Magic number(s):">Same as application/xml as
described in <xref target="applicationxml"/>.</t>
								<t hangText="File extension(s):">.xml or .ent</t>
								<t hangText="Macintosh File Type Code(s):">"TEXT"</t>
							</list>
						</t>
						<t hangText="Person and email address for further information:">Same as application/xml as
described in <xref target="applicationxml"/>.</t>
						<t hangText="Intended usage:">COMMON</t>
						<t hangText="Author/Change controller:">Same as application/xml as
described in <xref target="applicationxml"/>.</t>
					</list>
				</t>
			</section>
			<section title="Text/xml-external-parsed-entity Registration" anchor="textepse">
				
    <t>text/xml-external-parsed-entity is an alias for application/xml-external-parsed-entity, as defined in <xref target="appxepe"/> above.</t>
			</section>
			<section title="Application/xml-dtd Registration">
				<t>
					<list style="hanging">
						<t hangText="MIME media type name:">application</t>
						<t hangText="MIME subtype name:">xml-dtd</t>
						<t hangText="Mandatory parameters:">none</t>
						<t hangText="Optional parameters:">charset</t>
					</list>
					<list style="empty">
						<t>The charset parameter of application/xml-dtd
is handled the same as that of application/xml as described in <xref target="applicationxml"/>.</t>
					</list>
					<list style="hanging">
						<t hangText="Encoding considerations:">Same as <xref target="applicationxml"/>.</t>
						<t hangText="Security considerations:">See <xref target="security"/>.</t>
						<t hangText="Interoperability considerations:">XML DTDs have
proven to be interoperable by DTD authoring
tools and XML browsers, among others.</t>
						<!-- Note, however, that some XML processors do not 
read external DTD subsets or external parameter entities.
Thus, interoperability is not guaranteed. -->
						<t hangText="Published specification:">Same as application/xml as
described in <xref target="applicationxml"/>.</t>
						<t hangText="Applications which use this media type:">DTD authoring tools handle external DTD subsets as well as
external parameter entities. XML browsers may also access
external DTD subsets and external parameter entities.</t>
						<t hangText="Additional information:">
							<list style="hanging">
								<t hangText="Magic number(s):">Same as application/xml as
described in <xref target="applicationxml"/>.</t>
								<t hangText="File extension(s):">.dtd or .mod</t>
								<t hangText="Macintosh File Type Code(s):">"TEXT"</t>
							</list>
						</t>
      <t hangText="Person and email address for further information:">Same as application/xml as
described in <xref target="applicationxml"/>.</t>
						<t hangText="Intended usage:">COMMON</t>
						<t hangText="Author/Change controller:">Same as application/xml as
described in <xref target="applicationxml"/>.</t>
					</list>
				</t>
			</section>
			<section title="Summary">
				<t><list style="symbols">
						<t>If the charset parameter is omitted, conforming
XML processors MUST follow the requirements in section 4.3.3 of 
<xref target="XML"/> or <xref target="XML1.1"/> as appropriate.</t>
				<t>If provided, the charset parameter MUST agree with the xml encoding declaration.</t>
					</list></t>

				
			</section>
		</section>
		<section title="The Byte Order Mark (BOM) and Conversions to/from the UTF-16 Charset">
			<t>Section 4.3.3 of <xref target="XML"/>
 specifies that XML MIME entities in
 the charset "utf-16" MUST begin with a byte order mark (BOM), which
 is a hexadecimal octet sequence 0xFE 0xFF (or 0xFF 0xFE, depending
 on endian). The XML Recommendation further states that the BOM is
 an encoding signature, and is not part of either the markup or the
 character data of the XML document.</t>
			<t>Due to the presence of the BOM, applications that convert XML from "utf-16"
 to a non-Unicode encoding MUST strip the BOM before
 conversion. Similarly, when converting from another encoding into
 "utf-16", the BOM MUST be added after conversion is complete.</t>
			<t>In addition to the charset "utf-16", <xref target="RFC2781"/> introduces "utf-16le" (little endian)
and "utf-16be" (big endian) as well. The BOM is prohibited for these
charsets. When an XML MIME entity is encoded in "utf-16le" or
"utf-16be", it MUST NOT begin with the BOM but SHOULD contain an
encoding declaration. Conversion from "utf-16" to "utf-16be" or
"utf-16le" and conversion in the other direction MUST strip or add the BOM,
respectively.</t>
		</section>
		<section title="Fragment Identifiers" anchor="frag">
			<t>Uniform Resource Identifiers (URIs)
may contain fragment identifiers (see
Section 3.5 of <xref target="RFC3986"/>).
Likewise, Internationalized Resource Identifiers (IRIs)
<xref target="RFC3987"/>
may contain fragment identifiers.
</t>

<t>The syntax and semantics of fragment identifiers for the
	XML media types defined in this specification are based on the <xref target="XPointerFramework"/> W3C
	Recommendation.  It allows simple names, and more complex
	constructions based on named schemes.  When the syntax of a fragment
	identifier part of any URI or IRI with a retrieved media type governed
	by this specification conforms to the syntax specified in <xref target="XPointerFramework"/>, conformant applications MUST
attempt to interpret such
	fragment identifiers as designating that part of the retrieved
	representation specified by  <xref target="XPointerFramework"/> and whatever other
	specifications define any XPointer schemes used.  Conformant
	applications MUST support the 'element' scheme as defined in
	<xref target="XPointerElement"/>, but need not support other schemes.</t>
   <t>If an
XPointer error is reported in the attempt to process the part, this
specification does not define an interpretation for the part.</t>
			
	<t>A  <xref target="XPtrReg">registry 
	of XPointer schemes</xref> is maintained at the W3C. 
	Unregistered schemes SHOULD NOT be used.</t>

<t>See <xref target="referencing"/> for additional
rquirements which apply when an XML-based MIME media type follows the naming convention
	'+xml'.
</t>
			

<t>If <xref target="XPointerFramework"/> and <xref target="XPointerElement"/> are inappropriate for some XML-based media
type, it SHOULD NOT follow the naming convention '+xml'.</t>

<t>When a URI has a fragment identifier, it is encoded by a limited
subset of the repertoire of US-ASCII <xref target="ASCII"/>
characters, as defined in <xref target="RFC3986"/>.  When an IRI
contains a fragment identifier, it is encoded by a much wider
repertoire of characters.  The conversion between IRI fragment
identifiers and URI fragment identifiers is presented in Section 7 of
<xref target="RFC3987"/>.</t>



		</section>
		<section title="The Base URI" anchor="xmlbase">
			<t>Section 5.1 of <xref target="RFC3986"/>
specifies that the semantics of a relative URI
reference embedded in a MIME entity is dependent on the base
URI. The base URI is either (1) the base URI embedded in context, 
(2) the base URI from the encapsulating entity,
(3) the base URI from the Retrieval URI, or 
(4) the default base URI, where (1) has the
highest precedence. <xref target="RFC3986"/> further specifies that the
mechanism for embedding the base URI is dependent on the media
type.</t>

<t>The media type dependent mechanism for embedding the base URI
in a MIME entity of type application/xml, text/xml,
application/xml-external-parsed-entity or text/xml-external-parsed-entity is to use the xml:base
attribute described in detail in <xref target="XBase"/>.</t>

<t>Note that the base URI may be embedded in a different MIME
entity, since the default value for the xml:base attribute may be
specified in an external DTD subset or external parameter entity.</t>

		</section>

		<section title="XML Versions" anchor="xmlVersions">
		  <t>application/xml, application/xml-external-parsed-entity, and application/xml-dtd, text/xml and text/xml-external-parsed-entity are to be used with <xref target="XML"/>   In all examples
        herein where 
        version="1.0" is shown, it is understood that
        version="1.1" may also be used, providing the
        content does indeed conform to <xref target="XML1.1"/>.</t>
			
<t>The normative requirement of this specification upon XML 
is to follow the requirements of 
<xref target="XML"/>, section 4.3.3. Except for minor clarifications, that section is substantially identical from the first edition to the current (5th) edition of XML 1.0, and for XML 1.1.  Therefore, this specification may be used with any version or edition of XML 1.0 or 1.1.</t>

        <t>Specifications and recommendations based on or
        referring to this RFC SHOULD indicate any
        limitations on the particular versions of XML
        to be used.  For example, a particular
        specification might indicate: "content MUST be
        represented using media-type application/xml,
        and the document must either (a) carry an xml
        declaration specifying version="1.0" or (b)
        omit the XML declaration, in which case per the
        XML recommendation the version defaults to 1.0"</t>
		</section>
		<section title="A Naming Convention for XML-Based Media Types" anchor="naming">
			<t>This specification recommends the use of a naming convention (a
suffix of '+xml') for identifying XML-based MIME media types,
whatever their particular content may represent. This allows the
use of generic XML processors and technologies on a wide variety
of different XML document types at a minimum cost, using existing
frameworks for media type registration.</t>
			<t>Although the use of a suffix was not considered as part of the
original MIME architecture, this choice is considered to provide
the most functionality with the least potential for
interoperability problems or lack of future extensibility. The
alternatives to the '+xml' suffix and the reason for its selection
are described in 
<xref target="suffix_explanation"/>.</t>
			<t>As XML development continues, new XML document types are
appearing rapidly. Many of these XML document types would benefit
from the identification possibilities of a more specific MIME
media type than text/xml or application/xml can provide, and it
is likely that many new media types for XML-based document types
will be registered in the near and ongoing future.</t>
			<t>While the benefits of specific MIME types for particular types
of XML documents are significant, all XML documents share common
structures and syntax that make possible common processing.</t>
			<t>Some areas where 'generic' processing is useful include:</t>
			<t>
				<list style="symbols">
					<t>Browsing - An XML browser can display any XML document
with a provided 
<xref target="CSS"/>
or 
<xref target="XSLT"/>
style sheet, whatever the vocabulary of that document.</t>
					<t>Editing - Any XML editor can read, modify, and save any
XML document.</t>
					<t>Fragment identification - 
XPointers (see <xref target="frag"/>) can work with any XML document, whatever vocabulary it uses.</t>

<!--  and whether or not it uses XPointer for its own fragment
identification -->
					<t>Hypertext linking - 
<xref target="XLink"/> hypertext linking is designed to connect any XML documents,
regardless of vocabulary.</t>
					<t>Searching - XML-oriented search engines, web crawlers,
agents, and query tools should be able to read XML documents
and extract the names and content of elements and attributes
even if the tools are ignorant of the particular vocabulary used
for elements and attributes.</t>
					<t>Storage - XML-oriented storage systems, which keep XML
documents internally in a parsed form, should similarly be
able to process, store, and recreate any XML document.</t>
					<t>Well-formedness and validity checking - An XML processor
can confirm that any XML document is well-formed and that it
is valid (i.e., conforms to its declared DTD or Schema).</t>
				</list>
			</t>
			<t>When a new media type is introduced for an XML-based format,
the name of the media type SHOULD end with '+xml'. This
convention will allow applications that can process XML
generically to detect that the MIME entity is supposed to be an
XML document, verify this assumption by invoking some XML
processor, and then process the XML document accordingly.
Applications may match for types that represent XML MIME entities by
comparing the subtype to the pattern '*/*+xml'.  (Of course, 4 of
the 5 media types defined in this specification -- text/xml,
application/xml, text/xml-external-parsed-entity, and
application/xml-external-parsed-entity -- also represent XML MIME entities
while not conforming to the '*/*+xml' pattern.)</t>
			<t>
				<list style="empty">
					<t>NOTE: Section 14.1 of 
<xref target="RFC2616">HTTP </xref>
does not support Accept headers of the form "Accept: */*+xml"
and so this header MUST NOT be used in this way. Instead,
<xref target="RFC2703">content negotiation </xref> could potentially
be used if an XML-based MIME type
were needed.</t>
				</list>
			</t>

<t>Media types following the naming convention '+xml' SHOULD introduce
the charset parameter for consistency, since XML-generic processing
applies the same program for any such media type.  However, there are
some cases that the charset parameter need not be introduced.  For
example:</t>

<t><list style="empty">

<t>When an XML-based media type is restricted to UTF-8, it is not
necessary to introduce the charset parameter.  "UTF-8 only" is a
generic principle and UTF-8 is the default of XML.</t>

<t>When an XML-based media type is restricted to UTF-8 and UTF-16, it
might not be unreasonable to omit the charset parameter.  Neither
UTF-8 nor UTF-16 require encoding declarations of XML.</t>

<t>Note: Some argue that XML-based media types should not introduce 
the charset parameter, although others disagree.</t>
</list>
</t>

			<t>XML generic processing is not always appropriate for
XML-based media types. For example, authors of some such media
types may wish that the types remain entirely opaque except to
applications that are specifically designed to deal with that
media type. By NOT following the naming convention '+xml', such
media types can avoid XML-generic processing. Since generic
processing will be useful in many cases, however -- including in
some situations that are difficult to predict ahead of time --
those registering media types SHOULD use the '+xml' convention
unless they have a particularly compelling reason not to.</t>
			<t><spanx style="strong">HST: This paragraph needs updating once some pending
RFCs are out there </spanx>The registration process for these media types is described in
<xref target="RFC4288"/> and <xref target="RFC4289"/>  .
The registrar for the IETF tree will encourage new XML-based
media type registrations in the IETF tree to follow this
guideline. Registrars for other trees SHOULD follow this
convention in order to ensure maximum interoperability of their
XML-based documents. Similarly, media subtypes that do not
represent XML MIME entities MUST NOT be allowed to register with a
'+xml' suffix.</t>
			<section title="Referencing" anchor="referencing">
				
				<t>Registrations for new XML-based media types under top-level types SHOULD, in specifying the charset parameter and encoding considerations, define them as: "Same as [charset parameter / encoding considerations] of application/xml as specified in RFC &rfc.number;."</t>
				<t>The use of the charset parameter is STRONGLY RECOMMENDED, since
this information can be used by XML processors to determine
authoritatively the charset of the XML MIME entity.    If there are some reasons not to follow this advice, they SHOULD be included as part of the registration.  As shown above, two such reasons are "UTF-8 only" or "UTF-8 or UTF-16 only".</t>
				<t>These registrations SHOULD specify that the XML-based media type being registered has all of the security considerations described in RFC &rfc.number; plus any additional considerations specific to that media type.</t>
				<t>These registrations SHOULD also make reference to RFC &rfc.number; in specifying magic numbers, base URIs, and use of the BOM.</t>
    <t>When these registrations use the '+xml' convention, they MUST also make reference to RFC
&rfc.number; in specifying fragment identifier syntax and semantics, and they MAY
	restrict the syntax to a specified subset of schemes, except that they MUST
NOT disallow
	barenames or 'element' scheme pointers. They MAY further require support for other
	registered schemes.  They also MAY
add additional syntax (which MUST NOT overlap with <xref target="XPointerFramework"/>
syntax) together with associated semantics, and MAY add additional semantics
for barename XPointers which, as provided for in <xref target="frag"/>,
will only apply when this specification does not define an interpretation.</t>
				<t>These registrations MAY reference the application/xml registration in RFC &rfc.number; in specifying interoperability considerations, if these considerations are not overridden by issues specific to that media type.</t>
			</section>
		</section>
		<section title="Examples">
			<t>The examples below give the value of the MIME Content-type 
header and the XML declaration (which includes the encoding
declaration) inside the XML MIME entity. For UTF-16 examples, the
Byte Order Mark character is denoted as "{BOM}", and the XML
declaration is assumed to come at the beginning of the XML MIME
entity, immediately following the BOM. Note that other MIME
headers may be present, and the XML MIME entity may contain other
data in addition to the XML declaration; the examples focus on
the Content-type header and the encoding declaration for
clarity.</t>
<section title="application/xml or text/xml with Omitted Charset and 8-bit MIME entity">
				<t>Content-type: application/xml or text/xml</t>
				<t>&lt;?xml version="1.0" encoding="iso-8859-1"?&gt;</t>
				
    <t>Since the charset parameter is not provided in the Content-Type header, XML
					processors MUST treat the  "iso-8859-1" encoding as authoritative. 
XML-unaware MIME processors SHOULD make no assumptions about the charset of the
XML MIME entity.</t>
    
				
			</section>
			<section title="application/xml or text/xml with Omitted Charset and 16-bit MIME entity">
				<t>Content-type: application/xml or text/xml</t>
				<t>{BOM}&lt;?xml version="1.0" encoding="utf-16"?&gt;</t>
				<t>or</t>
				<t>{BOM}&lt;?xml version="1.0"?&gt;</t>
				
    <t>This example shows a 16-bit MIME entity with no charset
parameter.  Since the charset parameter is not provided in the Content-Type
header, in this case XML processors MUST treat the "utf-16" encoding and/or the BOM as authoritative. 
XML-unaware MIME processors SHOULD make no assumptions about the charset of the
XML MIME entity.</t>
				<t>Omitting the charset parameter is NOT RECOMMENDED
for application/xml when used with transports other than HTTP or HTTPS---text/xml SHOULD NOT
be used for 16-bit MIME with transports other than HTTP or HTTPS (see. <xref target="tx16"/>).</t>
			</section>

			<section title="application/xml or text/xml with UTF-8 Charset">
				<t>Content-type: application/xml or text/xml; charset="utf-8"</t>
				<t>&lt;?xml version="1.0" encoding="utf-8"?&gt;</t>
				<t>This is the recommended encoding for use with all the media types defined in
this specification.
Since the charset parameter is provided, both MIME and XML
processors MUST treat the enclosed entity as UTF-8 encoded.</t>
				<t>If sent using a 7-bit transport (e.g. <xref target="RFC5321">SMTP </xref>), the XML MIME entity
MUST use a content-transfer-encoding of either quoted-printable
or base64. For an 8-bit clean transport (e.g., 8BITMIME ESMTP
or NNTP), or a binary clean transport (e.g., HTTP), no
content-transfer-encoding is necessary.</t>
			</section>
			<section title="application/xml with UTF-16 Charset">
				<t>Content-type: application/xml; charset="utf-16"</t>
				<t>{BOM}&lt;?xml version="1.0" encoding="utf-16"?&gt;</t>
				<t>or</t>
				<t>{BOM}&lt;?xml version="1.0"?&gt;</t>
				<t>If sent using a 7-bit transport (e.g., SMTP) or an 8-bit
clean transport (e.g., 8BITMIME ESMTP or NNTP), the XML MIME
entity MUST be encoded in quoted-printable or base64. For a
binary clean transport (e.g., HTTP), no
content-transfer-encoding is necessary.</t>
			</section>
			<section title="text/xml with UTF-16 Charset" anchor="tx16">
				<t>Content-type: text/xml; charset="utf-16"</t>
				<t>{BOM}&lt;?xml version='1.0' encoding='utf-16'?&gt;</t>
				<t>or</t>
				<t>{BOM}&lt;?xml version='1.0'?></t>
				<t>This is possible only when the XML MIME entity is
transmitted via HTTP  or HTTPS, which use a MIME-like mechanism and are
binary-clean protocols, hence do not perform CR and LF
transformations and allow NUL octets.
As described in <xref target="RFC2781"/>,
the UTF-16 family MUST NOT be used with media types under the 
top-level type "text" except over HTTP or HTTPS (see section 19.4.1 of 
<xref target="RFC2616"/>
for details).</t>
				<t>Since HTTP is binary clean, no content-transfer-encoding is
necessary.</t>
			</section>
   <section title="application/xml with UTF-16BE Charset">
				<t>Content-type: application/xml; charset="utf-16be"</t>
				<t>&lt;?xml version='1.0' encoding='utf-16be'?></t>
				<t>Observe that the BOM does not exist. Since the charset
 parameter is provided, MIME and XML processors MUST treat the
 enclosed entity as UTF-16BE encoded.</t>
			</section>
			<section title="text/xml with UTF-16BE Charset">
				<t>Content-type: text/xml; charset="utf-16be"</t>
				<t>&lt;?xml version='1.0' encoding='utf-16be'?></t>
				<t>Observe that the BOM does not exist. As for UTF-16, this is
possible only when the XML MIME entity is transmitted via HTTP.</t>
			</section>
   <section title="application/xml or text/xml with ISO-2022-KR Charset">
				<t>Content-type: application/xml; charset="iso-2022-kr"</t>
				<t>&lt;?xml version="1.0" encoding="iso-2022-kr"?&gt;</t>
				<t>This example shows the use of a Korean charset
(e.g., Hangul) encoded following the specification in 
<xref target="RFC1557"/>.
Since the charset parameter is provided, MIME 
processors MUST treat the enclosed entity as encoded per RFC 1557. Since  the XML MIME entity has an internal
encoding declaration (this example does show such a
declaration, which agrees with the charset parameter) XML processors MUST also treat the enclosed entity as encoded per RFC 1557. Thus, interoperability is assured.</t>
				<t>Since ISO-2022-KR has been defined to use only 7 bits of
data, no content-transfer-encoding is necessary with any
transport.</t>
			</section>
   
			
			<section title="application/xml or text/xml with Omitted Charset, no Internal Encoding Declaration and UTF-8 Entity">
				<t>Content-type: application/xml or text/xml</t>
				<t>&lt;?xml version='1.0'?&gt;</t>
				<t>In this example, the charset parameter has been omitted, the is
no internal encoding declaration, and
there is no BOM. Since there is no BOM, the XML processor
follows the requirements in section 4.3.3, and optionally
applies the mechanism described in Appendix F (which is
non-normative) of 
<xref target="XML"/> 
to determine the charset encoding of UTF-8.
Although the XML MIME entity does
not contain an encoding declaration, the encoding
actually <spanx>is</spanx>
UTF-8, so this is still a conforming XML MIME entity.</t>
				<t>An XML-unaware MIME processor SHOULD make no assumptions
about the charset of the XML MIME entity.</t>
			</section>
			<section title="application/xml or text/xml with Omitted Charset and Internal Encoding Declaration">
				<t>Content-type: application/xml or text/xml</t>
				<t>&lt;?xml version='1.0' encoding="iso-10646-ucs-4"?&gt;</t>
				<t>In this example, the charset parameter has been omitted, and
there is no BOM. However, the XML MIME entity does have an
encoding declaration inside the XML MIME entity that specifies
the entity's charset. Following the requirements in section
4.3.3, and optionally applying the mechanism described in
Appendix F (non-normative) of 
<xref target="XML"/>,
the XML processor determines the charset
encoding of the XML MIME entity (in this example, UCS-4).</t>
				<t>An XML-unaware MIME processor SHOULD make no assumptions
about the charset of the XML MIME entity.</t>
			</section>
			<section title="application/xml-external-parsed-entity or text/xml-external-parsed-entity with UTF-8 Charset">
				<t>Content-type: text/xml-external-parsed-entity or application/xml-external-parsed-entity;
charset="utf-8"</t>
				<t>&lt;?xml encoding="utf-8"?&gt;</t>
				<t>Since the charset parameter is
provided, MIME and XML processors MUST treat the enclosed
entity as UTF-8 encoded.</t>
				<t>If sent using a 7-bit transport (e.g. SMTP), the XML MIME entity
MUST use a content-transfer-encoding of either quoted-printable
or base64. For an 8-bit clean transport (e.g., 8BITMIME ESMTP
or NNTP), or a binary clean transport (e.g., HTTP) no
content-transfer-encoding is necessary.</t>
			</section>
			<section title="application/xml-external-parsed-entity with UTF-16 Charset">
				<t>Content-type: application/xml-external-parsed-entity;
charset="utf-16"</t>
				<t>{BOM}&lt;?xml encoding="utf-16"?&gt;</t>
				<t>or</t>
				<t>{BOM}&lt;?xml?&gt;</t>
				<t>Since the charset
parameter is provided, MIME and XML processors MUST treat the
enclosed entity as UTF-16 encoded.</t>
				<t>If sent using a 7-bit transport (e.g., SMTP) or an 8-bit
clean transport (e.g., 8BITMIME ESMTP or NNTP), the XML MIME
entity MUST be encoded in quoted-printable or base64. For a
binary clean transport (e.g., HTTP), no
content-transfer-encoding is necessary.</t>
			</section>
			<section title="application/xml-external-parsed-entity with UTF-16BE Charset">
				<t>Content-type: application/xml-external-parsed-entity; charset="utf-16be"</t>
				<t>&lt;?xml encoding="utf-16be"?></t>
				<t>Since the charset parameter is provided, MIME and
 XML processors MUST treat the enclosed entity as UTF-16BE
 encoded.</t>
			</section>
			<section title="application/xml-dtd">
				<t>Content-type: application/xml-dtd; charset="utf-8"</t>
				<t>&lt;?xml encoding="utf-8"?&gt;</t>
				<t>Charset "utf-8" is a recommended charset value for use with
application/xml-dtd. Since the charset parameter is provided,
MIME and XML processors MUST treat the enclosed entity as UTF-8
encoded.</t>
			</section>
			<section title="application/mathml+xml">
				<t>Content-type: application/mathml+xml</t>
				<t>&lt;?xml version="1.0" ?&gt;</t>
				<t>MathML documents are XML documents whose content describes
mathematical information, as defined by 
<xref target="MathML"/>.
As a format based on XML, MathML documents SHOULD follow the
'+xml' suffix convention and use 'mathml+xml' in their MIME content-type
identifier.This media type has been registered at IANA
and is fully defined in <xref target="MathML"/>.</t>
			</section>
			<section title="application/xslt+xml">
				<t>Content-type: application/xslt+xml</t>
				<t>&lt;?xml version="1.0" ?&gt;</t>
				<t>Extensible Stylesheet Language (XSLT) documents are XML
documents whose content describes stylesheets for other XML
documents, as defined by 
<xref target="XSLT"/>.
As a format based on XML, XSLT documents SHOULD follow the
'+xml' suffix convention and use 'xslt+xml' in their MIME content-type identifier.This media type has been registered at IANA
and is fully defined in <xref target="XSLT"/>.</t>
			</section>
			<section title="application/rdf+xml">
				<t>Content-type: application/rdf+xml</t>
				<t>&lt;?xml version="1.0" ?&gt;</t>

<t>Resources identified using the application/rdf+xml media type are
XML documents whose content describe RDF metadata. 
This media type has been registered at IANA
and is fully defined in <xref target="RFC3870"/>.</t>

			</section>
			<section title="image/svg+xml">
				<t>Content-type: image/svg+xml</t>
				<t>&lt;?xml version="1.0" ?&gt;</t>
				<t>Scalable Vector Graphics (SVG) documents are XML documents
whose content describes graphical information, as defined by 
<xref target="SVG"/>.
As a format based on XML, SVG documents SHOULD follow the
'+xml' suffix convention and use 'svg+xml' in their MIME
content-type identifier.The image/svg+xml media type has been registered at IANA
and is fully defined in <xref target="SVG"/>.
.</t>
			</section>
			<section title="model/x3d+xml">
				<t>Content-type: model/x3d+xml</t>
				<t>&lt;?xml version="1.0" ?&gt;</t>
				<t>X3D is derived from VRML and is used for 3D models. Besides the XML representation, it may also be serialised in classic VRML syntax and using a fast infoset. Separate, but clearly related  media types are used for these serialisations (model/x3d+vrml and model/x3d+fastinfoset respectively).</t>
				
			</section>
			<section title="INCONSISTENT EXAMPLE: text/xml with UTF-8 Charset">
				<t>Content-type: text/xml; charset="utf-8"</t>
				<t>&lt;?xml version="1.0" encoding="iso-8859-1"?&gt;</t>
				<t>Since the charset parameter is provided in the Content-Type header and differs from the XML encoding declaration
				, MIME and XML
processors will not interoperate. MIME processors will treat the enclosed entity as UTF-8 encoded. That is, the "iso-8859-1" encoding will be be ignored. XML processors on the other hand will ignore the charset parameter and treat the XML entity as encoded in iso-8859-1.</t>
				<t>Processors generating XML MIME entities MUST NOT label conflicting charset
information between the MIME Content-Type and the
XML declaration. In particular, the addition of an explicit, site-wide charset without inspecting the XML entity 
has frequently lead to interoperability problems.</t>
			</section>
			

			<section title="application/soap+xml">
				<t>Content-type: application/soap+xml</t>
				<t>&lt;?xml version="1.0" ?&gt;</t>

				<t>Resources identified using the application/soap+xml media type are
SOAP 1.2 message envelopes that have been serialized with XML 1.0.
This media type has been registered at IANA and is fully defined in <xref target="RFC3902"/>.</t>

			</section>


		</section>
		<section title="IANA Considerations">
			<t>As described in <xref target="naming"/>, this specification updates the <xref target="RFC4288"/> and <xref target="RFC4289"/>  registration process for XML-based MIME types.</t>
		</section>
		<section title="Security Considerations" anchor="security">
			<t>XML, as a subset of SGML, has all of the same security considerations
as specified in 
<xref target="RFC1874"/>, and likely more, due to its ubiquitous deployment.  
</t>
			<t>To paraphrase section 3 of RFC 1874,
XML MIME entities contain information to be parsed and
processed by the recipient's XML system. These entities may
contain and such systems may permit explicit system level
commands to be executed while processing the data. To the extent
that an XML system will execute arbitrary command strings,
recipients of XML MIME entities may be a risk. In general, it
may be possible to specify commands that perform unauthorized
file operations or make changes to the display processor's
environment that affect subsequent operations.</t>
			<t>
In general, any information stored outside of the direct control of the user -- including CSS style sheets, XSL transformations, entity declarations, and DTDs -- can be a source of insecurity, by either obvious or subtle means. For example, a tiny "whiteout attack" modification made to a "master" style sheet could make words in critical locations disappear in user documents, without directly modifying the user document or the stylesheet it references.  Thus, the security of any XML document is vitally dependent on all of the documents recursively referenced by that document.</t>
			<t>
The entity lists and DTDs for <xref target="XHTML">XHTML 1.0 </xref>, for instance, are likely to be a commonly used set of information. Many developers will use and trust them, few of whom will know much about the level of security on the W3C's servers, or on any similarly trusted repository.</t>
			<t>
The simplest attack involves adding declarations that break validation. Adding extraneous declarations to a list of character entities can effectively "break the contract" used by documents. A tiny change that produces a fatal error in a DTD could halt XML processing on a large scale. Extraneous declarations are fairly obvious, but more sophisticated tricks, like changing attributes from being optional to required, can be difficult to track down. Perhaps the most dangerous option available to crackers is redefining default values for attributes: e.g., if developers have relied on defaulted attributes for security, a relatively small change might expose enormous quantities of information.</t>
			<t>
			Apart from the structural possibilities, another option, "entity spoofing," can be used to insert text into documents, vandalizing and perhaps conveying an unintended message. Because XML 1.0 permits multiple entity declarations, and the first declaration takes precedence, it's possible to insert malicious content where an entity is used, such as by inserting the full text of Winnie the Pooh in every occurrence of &amp;mdash;.</t>
			<t>Use of the digital signatures work currently underway by the xmldsig working group may eventually ameliorate the dangers of referencing external documents not under one's own control.</t>
			<t>Use of XML is expected to be varied, and widespread. XML is
under scrutiny by a wide range of communities for use as a common
syntax for community-specific metadata. For example, the <xref target="RFC5013">Dublin
Core </xref> group is using XML for document metadata, and a new effort
has begun that is considering use of XML for medical
information. Other groups view XML as a mechanism for marshalling
parameters for remote procedure calls. More uses of XML will
undoubtedly arise.</t>
			<t>Security considerations will vary by domain of use. For
example, XML medical records will have much more stringent
privacy and security considerations than XML library metadata.
Similarly, use of XML as a parameter marshalling syntax
necessitates a case by case security review.</t>
			<t>XML may also have some of the same security concerns as plain
text. Like plain text, XML can contain escape sequences that,
when displayed, have the potential to change the display
processor environment in ways that adversely affect subsequent
operations. Possible effects include, but are not limited to,
locking the keyboard, changing display parameters so subsequent
displayed text is unreadable, or even changing display parameters
to deliberately obscure or distort subsequent displayed material
so that its meaning is lost or altered. Display processors SHOULD
either filter such material from displayed text or else make sure
to reset all important settings after a given display operation
is complete.</t>
			<t>Some terminal devices have keys whose output, when pressed,
can be changed by sending the display processor a character
sequence. If this is possible the display of a text object
containing such character sequences could reprogram keys to
perform some illicit or dangerous action when the key is
subsequently pressed by the user. In some cases not only can keys
be programmed, they can be triggered remotely, making it possible
for a text display operation to directly perform some unwanted
action. As such, the ability to program keys SHOULD be blocked
either by filtering or by disabling the ability to program keys
entirely.</t>
			<t>Note that it is also possible to construct XML documents that
make use of what XML terms "entity references" (using the XML
meaning of the term "entity" as described in <xref target="conventions"/>),
to construct repeated expansions of
text. Recursive expansions are prohibited by 
<xref target="XML"/> 
and XML processors are required to detect them. However, even
non-recursive expansions may cause problems with the finite
computing resources of computers, if they are performed many
times.  (Entity A consists of 100 copies of entity B, which in turn consists of 100 copies of entity C, and so on)</t>
		</section>
	</middle>
	<back>
		<references title="Normative References">
   <reference anchor="RFC6657" target="http://www.rfc-editor.org/rfc/rfc6657.txt">
    <front>
     <title>Update to MIME regarding "charset" Parameter Handling
                         in Textual Media Types</title>
     <author initials="A." surname="Melnikov" fullname="A. Melnikov">
      <organization>Isode Limited</organization>
     </author>
     <author initials="J." surname="Reschke" fullname="J. Reschke">
      <organization>greenbytes</organization>
     </author>
     <date month="July" year="2012"/>
    </front>
    <seriesInfo name="RFC" value="6657"/>
   </reference>
			<reference anchor="CSS" target="http://www.w3.org/TR/REC-CSS2/">
				<front>
					<title>Cascading Style Sheets, level 2 (CSS2)
Specification</title>
					<author initials="B." surname="Bos">
						<organization>W3C</organization>
					</author>
					<author initials="H.W." surname="Lie">
						<organization>W3C</organization>
					</author>
					<author initials="C." surname="Lilley">
						<organization>W3C</organization>
					</author>
					<author initials="I." surname="Jacobs">
						<organization/>
					</author>
					<date month="May" year="1998"/>
				</front>
				<seriesInfo name="World Wide Web Consortium Recommendation" value="REC-CSS2"/>
			</reference>

			<reference anchor="XML" target="http://www.w3.org/TR/REC-xml">
				<front>
					<title>Extensible Markup Language (XML) 1.0 (Fifth Edition)</title>
					<author initials="T." surname="Bray" fullname="Tim Bray">
						<organization>Textuailty</organization>
					</author>
					<author initials="J." surname="Paoli" fullname="Jean Paoli">
						<organization>Microsoft</organization>
					</author>
					<author initials="C.M." surname="Sperberg-McQueen" fullname="C.M. Sperberg-McQueen">
						<organization>University of Illinois at
Chicago</organization>
					</author>
					<author initials="E." surname="Maler" fullname="Eve Maler">
						<organization>Sun Microsystems</organization>
					</author>
<author initials="F." surname="Yergeau" fullname="Francois Yergeau">
	<organization/>
</author>
					<date month="November" year="2008"/>
				</front>
				<seriesInfo name="World Wide Web Consortium Recommendation" value="REC-xml"/>
			</reference>

			<reference anchor="XML1.1" target="http://www.w3.org/TR/xml11">
				<front>
					<title>Extensible Markup Language (XML) 1.1</title>
					<author initials="T." surname="Bray" fullname="Tim Bray">
						<organization>Textuailty</organization>
					</author>
					<author initials="J." surname="Paoli" fullname="Jean Paoli">
						<organization>Microsoft</organization>
					</author>
					<author initials="C.M." surname="Sperberg-McQueen" fullname="C.M. Sperberg-McQueen">
						<organization>University of Illinois at
Chicago</organization>
					</author>
					<author initials="E." surname="Maler" fullname="Eve Maler">
						<organization>Sun Microsystems</organization>
					</author>
					<author initials="F." surname="Yergeau" fullname="Francois Yergeau">
					  <organization></organization>
					</author>
					<author initials="J." surname="Cowan" fullname="John Cowan">
					  <organization></organization>
					</author>
					<date day="29" month="September" year="2006"/>
				</front>
				<seriesInfo name="World Wide Web Consortium Recommendation" value="REC-xml"/>

</reference>
			<reference anchor="RFC4918">
				<front>
					<title>HTTP Extensions for Distributed Authoring --
WEBDAV</title>
					<author initials="L." surname="Dusseault">
						<organization>CommerceNet</organization>
					</author>
					<date month="June" year="2007"/>
				</front>
				<seriesInfo name="RFC" value="4918"/>
			</reference>
			<reference anchor="RFC2616">
				<front>
					<title>Hypertext Transfer Protocol -- HTTP/1.1</title>
					<author initials="R." surname="Fielding">
						<organization>University of California</organization>
					</author>
					<author initials="J." surname="Gettys">
						<organization abbrev="W3C">World Wide Web
Consortium</organization>
					</author>
					<author initials="J." surname="Mogul">
						<organization>Compaq Computer Corporation</organization>
					</author>
					<author initials="H." surname="Nielsen">
						<organization abbrev="W3C">World Wide Web
Consortium</organization>
					</author>
					<author initials="L." surname="Masinter">
						<organization>Xerox PARC</organization>
					</author>
					<author initials="P." surname="Leach">
						<organization>Microsoft Corporation</organization>
					</author>
					<author initials="T." surname="Berners-Lee">
						<organization abbrev="W3C">World Wide Web
Consortium</organization>
					</author>
					<date month="June" year="1999"/>
				</front>
				<seriesInfo name="RFC" value="2616"/>
			</reference>
			
			<reference anchor="HTTPbis">
				<front>
					<title>Hypertext Transfer Protocol -- HTTP/1.2?</title>
					<author initials="R." surname="Fielding">
						<organization>Adobe</organization>
					</author>
					<date month="January" year="2013"/>
				</front>
				<seriesInfo name="RFC" value="???"/>
			</reference>
			<reference anchor="SGML">
				<front>
					<title>Information Processing -- Text and Office Systems --
Standard Generalized Markup Language (SGML)</title>
					<author>
						<organization abbrev="ISO">International Standard
Organization</organization>
					</author>
					<date month="October" year="1986"/>
				</front>
				<seriesInfo name="ISO" value="8879"/>
			</reference>
			<reference anchor="RFC2445">
				<front>
					<title>Internet Calendaring and Scheduling Core Object
Specification (iCalendar)</title>
					<author initials="F." surname="Dawson">
						<organization>Lotus</organization>
					</author>
					<author initials="D." surname="Stenerson">
						<organization>Microsoft</organization>
					</author>
					<date month="November" year="1998"/>
				</front>
				<seriesInfo name="RFC" value="2445"/>
			</reference>
			<reference anchor="RFC3501">
				<front>
					<title>Internet Message Access Protocol - Version
4rev1</title>
					<author initials="M." surname="Crispin">
						<organization>University of Washington</organization>
					</author>
					<date month="March" year="2003"/>
				</front>
				<seriesInfo name="RFC" value="3501"/>
			</reference>
			
			<reference anchor="ISO8859">
				<front>
					<title>ISO-8859. International Standard -- Information Processing --
8-bit Single-Byte Coded Graphic Character Sets --
Part 1: Latin alphabet No. 1, ISO-8859-1:1987</title>
					<author>
						<organization/>
					</author>
					<date month="" year="1987"/>
				</front>
			</reference>
			<reference anchor="RFC2119">
				<front>
					<title>Key words for use in RFCs to Indicate Requirement
Levels</title>
					<author initials="S." surname="Bradner">
						<organization>Harvard University</organization>
					</author>
					<date month="March" year="1997"/>
				</front>
				<seriesInfo name="BCP" value="14"/>
				<seriesInfo name="RFC" value="2119"/>
			</reference>
			

			<reference anchor="RFC2077">
				<front>
					<title>The Model Primary Content Type for Multipurpose
Internet Mail Extensions</title>
					<author initials="S.D." surname="Nelson">
						<organization>Lawrence Livermore National
Laboratory</organization>
					</author>
					<author initials="C." surname="Parks">
						<organization>National Institute of Standards &amp;
Technology</organization>
					</author>
					<author fullname="Mitra" surname="Mitra">
						<organization>WorldMaker</organization>
					</author>
					<date month="January" year="1997"/>
				</front>
				<seriesInfo name="RFC" value="2077"/>
			</reference>
			<reference anchor="RFC2045">
				<front>
					<title>Multipurpose Internet Mail Extensions (MIME) Part One:
Format of Internet Message Bodies</title>
					<author initials="N." surname="Freed">
						<organization>Innosoft International, Inc.</organization>
					</author>
					<author initials="N." surname="Borenstein">
						<organization>First Virtual Holdings</organization>
					</author>
					<date month="November" year="1996"/>
				</front>
				<seriesInfo name="RFC" value="2045"/>
			</reference>
			<reference anchor="RFC2046">
				<front>
					<title>Multipurpose Internet Mail Extensions (MIME) Part Two:
Media Types</title>
					<author initials="N." surname="Freed">
						<organization>Innosoft International, Inc.</organization>
					</author>
					<author initials="N." surname="Borenstein">
						<organization>First Virtual Holdings</organization>
					</author>
					<date month="November" year="1996"/>
				</front>
				<seriesInfo name="RFC" value="2046"/>
			</reference>
			<reference anchor="RFC4288">
				<front>
					<title>Media Type Specifications and Registration Procedures</title>
					<author initials="N." surname="Freed">
						<organization>Innosoft International, Inc.</organization>
					</author>
					<author initials="J." surname="Klensin">
						<organization>MCI</organization>
					</author>
					
					<date month="December " year="2005"/>
				</front>
				<seriesInfo name="RFC" value="4288"/>
			</reference>
			<reference anchor="RFC4289">
				<front>
					<title>Multipurpose Internet Mail Extensions (MIME) Part
						Four: Registration Procedures</title>
					<author initials="N." surname="Freed">
						<organization>Innosoft International, Inc.</organization>
					</author>
					<author initials="J." surname="Klensin">
						<organization>MCI</organization>
					</author>
					
					<date month="December " year="2005"/>
				</front>
				<seriesInfo name="RFC" value="4289"/>
			</reference>
			<reference anchor="RFC3977">
				<front>
					<title>Network News Transfer Protocol</title>
					<author initials="B." surname="Feather">
						<organization>THUS plc</organization>
					</author>
					<date month="October" year="2006"/>
				</front>
				<seriesInfo name="RFC" value="3977"/>
			</reference>
			<reference anchor="UML" target="http://www.omg.org/uml/">
				<front>
					<title>OMG Unified Modeling Language Specification, Version
1.3</title>
					<author>
						<organization>Object Management Group</organization>
					</author>
					<date month="June" year="1999"/>
				</front>
				<seriesInfo name="OMG Specification" value="ad/99-06-08"/>
			</reference>
			<reference anchor="PNG" target="http://www.w3.org/TR/REC-png">
				<front>
					<title>PNG (Portable Network Graphics) Specification</title>
					<author initials="T." surname="Boutell">
						<organization>boutrell.com</organization>
					</author>
					<date day="01" month="October" year="1996"/>
				</front>
				<seriesInfo name="World Wide Web Consortium Recommendation" value="REC-png"/>
			</reference>
			
<!--
			<reference anchor="RDF" target="http://www.w3.org/TR/REC-rdf-syntax/">
				<front>
					<title>Resource Description Framework (RDF) Model and Syntax
Specification</title>
					<author initials="O." surname="Lassila">
						<organization>Nokia Research Center</organization>
					</author>
					<author initials="R.R." surname="Swick">
						<organization>World Wide Web Consortium</organization>
					</author>
					<date month="February" year="1999"/>
				</front>
				<seriesInfo name="World Wide Web Consortium Recommendation" value="REC-rdf-syntax"/>
			</reference>
-->
			
			<reference anchor="RFC5321">
				<front>
					<title>Simple Mail Transfer Protocol</title>
					<author initials="J." surname="Klensin">
						<organization>AT&amp;T Laboratories
						</organization>
					</author>
					<date month="October" year="2008"/>
				</front>
				<seriesInfo name="RFC" value="5321"/>
			</reference>
			<reference anchor="RFC1652">
				<front>
					<title>SMTP Service Extension for 8bit-MIMEtransport</title>
					<author initials="J." surname="Klensin">
						<organization>MCI</organization>
					</author>
					<author initials="N." surname="Freed">
						<organization>Innosoft</organization>
					</author>
					<author initials="M." surname="Rose">
						<organization>Beach Consulting, Inc.</organization>
					</author>
					<author initials="E." surname="Stefferud">
						<organization>Network Management Associates, Inc.</organization>
					</author>
					<author initials="D." surname="Crocker">
						<organization>Silicon Graphics, Inc.</organization>
					</author>
					<date month="July" year="1994"/>
				</front>
				<seriesInfo name="RFC" value="1652"/>
			</reference>

<reference anchor="XBase" target="http://www.w3.org/TR/xmlbase">
<front>
<title>XML Base</title>
<author initials="J." surname="Marsh" fullname="Jonathan Marsh">
<organization>Microsoft</organization>
</author>
	<author initials="R." surname="Tobin" fullname="Richard Tobin">
		<organization>University of Edinburgh</organization>
	</author>
	
	<date day="28" month="January" year="2009"/>
</front>
<seriesInfo name="World Wide Web Consortium Recommendation" value="xmlbase"/>
</reference>
<reference anchor="XLink" target="http://www.w3.org/TR/xlink/">
 <front>
  <title>XML Linking Language (XLink) Version 1.1</title>
  <author initials="S." surname="DeRose" fullname="Steve DeRose">
   <organization>Brown University</organization>
  </author>
  <author initials="E." surname="Maler" fullname="Eve L. Maler">
   <organization>Sun Microsystems</organization>
  </author>
  <author initials="D." surname="Orchard" fullname="David Orchard">
   <organization>IBM Corp.</organization>
  </author>
  <author initials="N." surname="Walsh" fullname="Norman Walsh">
   <organization>Mark Logic Corporation</organization>
  </author>
  <date month="May" day="6" year="2010"/>
 </front>
 <seriesInfo name="World Wide Web Consortium Recommendation" value="xlink11"/>
</reference>
        <reference anchor="XPointerElement" target="http://www.w3.org/TR/xptr-element/">
	  <front>
	    <title>XPointer element() Scheme</title>
	    <author initials="P." surname="Grosso" fullname="Paul Grosso">
	      <organization>Arbortext, Inc</organization>
	    </author>
	    <author initials="E." surname="Maler" fullname="Eve Maler">
	      <organization>Sun Microsystems</organization>
	    </author>
	    <author initials="J." surname="Marsh" fullname="Jonathan Marsh">
	      <organization>Microsoft</organization>
	    </author>
	    <author initials="N." surname="Walsh" fullname="Norman Walsh">
	      <organization>Sun Microsystems</organization>
	    </author>
	    <date day="25" month="March" year="2003"></date>
	  </front>
	  <seriesInfo name="World Wide Web Consortium Recommendation" value="REC-XPointer-Element"/>
        </reference>

        <reference anchor="XPointerFramework" target="http://www.w3.org/TR/xptr-framework/">
	  <front>
	    <title>XPointer Framework</title>
	    <author initials="P." surname="Grosso" fullname="Paul Grosso">
	      <organization>Arbortext, Inc</organization>
	    </author>
	    <author initials="E." surname="Maler" fullname="Eve Maler">
	      <organization>Sun Microsystems</organization>
	    </author>
	    <author initials="J." surname="Marsh" fullname="Jonathan Marsh">
	      <organization>Microsoft</organization>
	    </author>
	    <author initials="N." surname="Walsh" fullname="Norman Walsh">
	      <organization>Sun Microsystems</organization>
	    </author>
	    <date day="25" month="March" year="2003"></date>
	  </front>
	  <seriesInfo name="World Wide Web Consortium Recommendation" value="REC-XPointer-Framework"/>
        </reference>

 <!--       <reference anchor="XPointerXmlns" target="http://www.w3.org/TR/xptr-xmlns/">
	  <front>
	    <title>XPointer xmlns() Scheme</title>
	    <author initials="S." surname="DeRose" fullname="Steven J. DeRose"><organization></organization></author>

	    <author initials="R." surname="Daniel" fullname="Ron Daniel Jr">
	      <organization></organization>
	    </author>
	    <author initials="E." surname="Maler" fullname="Eve Maler">
	      <organization>Sun Microsystems</organization>
	    </author>
	    <author initials="J." surname="Marsh" fullname="Jonathan Marsh">
	      <organization>Microsoft</organization>
	    </author>

	    <date day="25" month="March" year="2003"></date>
	  </front>
	  <seriesInfo name="World Wide Web Consortium Recommendation" value="REC-XPointer-Xmlns"/>
        </reference>-->
		
			
			
			<!--
<reference anchor="XPtr" target="http://www.w3.org/TR/xptr">
<front>
<title>XML Pointer Language (XPointer)</title>
<author initials="S." surname="DeRose">
<organization>Brown University Scholarly Technology
Group</organization>
</author>
<author initials="R." surname="Daniel Jr.">
<organization>DATAFUSION, Inc.</organization>
</author>
<author initials="E." surname="Maler">
<organization>Sun Microsystems</organization>
</author>
<date month="July" year="1999"/>
</front>
<seriesInfo name="World Wide Web Consortium Working Draft" value="xptr"/>
</reference>
-->
			
			<reference anchor="ASCII">
				<front>
					<title>US-ASCII. Coded Character Set -- 7-Bit American Standard Code for
Information Interchange</title>
					<author>
						<organization/>
					</author>
					<date month="" year="1986"/>
				</front>
				<seriesInfo name="ANSI" value="X3.4-1986"/>
			</reference>
			<reference anchor="RFC3629">
				<front>
					<title>UTF-8, a transformation format of ISO 10646</title>
					<author initials="F." surname="Yergeau">
						<organization>Alis Technologies</organization>
					</author>
					<date month="November " year="2003"/>
				</front>
				<seriesInfo name="RFC" value="3629"/>
			</reference>
			
			<!--
			<reference anchor="RFC2629">
				<front>
					<title>Writing I-Ds and RFCs using XML</title>
					<author initials="M." surname="Rose">
						<organization>Invisible Worlds, Inc.</organization>
					</author>
					<date month="June" year="1999"/>
				</front>
				<seriesInfo name="RFC" value="2629"/>
			</reference>
			-->
			<reference anchor="XHTML" target="http://www.w3.org/TR/xhtml1">
				<front>
					<title>XHTML 1.0: The Extensible HyperText Markup Language</title>
					<author initials="S." surname="Pemberton">
						<organization>CWI</organization>
					</author>
					<author surname="et al">
						<organization/>
					</author>
					<date month="December" year="1999"/>
				</front>
				<seriesInfo name="World Wide Web Consortium Recommendation" value="xhtml1"/>
			</reference>
			
<reference anchor="RFC3023">
<front>
		<title>XML Media Types</title>
		<author initials="M." fullname="MURATA Makoto (FAMILY Given)" surname="Murata">
			<organization>IBM Tokyo Research Laboratory</organization>

			<address>
				<postal>
					<street>1623-14, Shimotsuruma</street>
					<city>Yamato-shi</city>
					<region>Kanagawa-ken</region>
					<code>242-8502</code>
					<country>Japan</country>

				</postal>
				<phone>+81-46-215-4678</phone>
				<email>mmurata@trl.ibm.co.jp</email>
			</address>
		</author>
		<author initials="S." fullname="Simon St.Laurent" surname="St.Laurent">
			<organization/>
			<address>

				<postal>
					<street>1259 Dryden Road</street>
					<city>Ithaca</city>
					<region>New York</region>
					<code>14850</code>
					<country>USA</country>

				</postal>
				<email>simonstl@simonstl.com</email>
				<uri>http://www.simonstl.com/</uri>
			</address>
		</author>
		<author initials="D." fullname="Dan Kohn" surname="Kohn">
			<organization>skymoon ventures</organization>

			<address>
				<postal>
					<street>3045 Park Boulevard</street>
					<city>Palo Alto</city>
					<region>California</region>
					<code>94306</code>
					<country>USA</country>

				</postal>
				<phone>+1-650-327-2600</phone>
				<email>dan@dankohn.com</email>
				<uri>http://www.dankohn.com/</uri>
			</address>
		</author>
		<date month="January" year="2001"/>

</front>
</reference>
			
			
			<reference anchor="RFC3986">
			  <front>
			    <title>Uniform Resource Identifiers (URI): Generic
			    Syntax.</title>
			    <author initials="T." surname="Berners-Lee" fullname="Tim Berners-Lee">
			      <organization abbrev="W3C">World Wide Web
			      Consortium</organization>
			    </author>
			    <author initials="R." surname="Fielding" fullname="Roy T. Fielding">
			      <organization>Day Software</organization>
			    </author>
			    <author initials="L." surname="Masinter" fullname="Larry Masinter">
			      <organization>Adobe</organization>
			    </author>
			    <date month="January" year="2005"/>
			  </front>
			  <seriesInfo name="RFC" value="3986"/>
			</reference>

			<reference anchor="RFC3987">
			  <front>
			    <title>Internationalized Resource Identifiers (IRIs)</title>
			    <author initials="M." surname="D&#220;erst" fullname="Martin Duerst">
			      <organization abbrev="W3C">World Wide Web
Consortium</organization>
			    </author>
			    <author initials="M." surname="Suignard">
			      <organization>Microsoft Corporation</organization>
			    </author>
			    <date month="July" year="2005"/>
			  </front>
			  <seriesInfo name="RFC" value="3987"/>
			</reference>
			<reference anchor="TAGMIME" target="http://www.w3.org/2001/tag/2004/0430-mime">
				<front>
					<title>Internet Media Type registration, consistency of use</title>
					<author initials="T." surname="Bray" fullname="Tim Bray" role="editor">
						<organization>Sun Microsystems</organization>
					</author>
					<date year="2004" month="April"/>
				</front>
			</reference>
			<reference anchor="XPtrReg" target="http://www.w3.org/2005/04/xpointer-schemes/">
				<front>
					<title>XPointer Registry</title>
					<author initials="D." surname="Hazaël-Massieux" fullname="Dominique Hazaël-Massieux">
						<organization>W3C</organization>
					</author>
					<date year="2005"/>
				</front>
			</reference>
   
			
   
		</references>
		<references title="Informative References">
<reference anchor="MathML" target="http://www.w3.org/TR/MathML/">
			  <front>
			    <title>Mathematical Markup Language (MathML) Version 3.0</title>
			    
			    <author initials="D." surname="Carlisle" fullname="David Carlisle">
			      <organization>NAG</organization>
			    </author>
			    <author initials="P." surname="Ion">
			      <organization>Mathematical Reviews / American Mathematical Society</organization>
			    </author>
			    <author initials="R." surname="Miner">
			      <organization>deceased</organization>
			    </author>
			    <date day="21" month="October" year="2010"/>
			  </front>
				<seriesInfo name="World Wide Web Consortium Recommendation" value="MathML"/>
			</reference>
   <reference anchor="RFC1557">
				<front>
					<title>Korean Character Encoding for Internet
						Messages</title>
					<author initials="U." surname="Choi">
						<organization abbrev="KAIST">Korea Advanced Institute of
							Science and Technology</organization>
					</author>
					<author initials="K." surname="Chon">
						<organization/>
					</author>
					<author initials="H." surname="Park">
						<organization>Solvit Chosun Media, Inc.</organization>
					</author>
					<date month="December" year="1993"/>
				</front>
				<seriesInfo name="RFC" value="1557"/>
			</reference>
			<reference anchor="RFC1874">
				<front>
					<title>SGML Media Types</title>
					<author initials="E." surname="Levinson">
						<organization>Accurate Information Systems,
							Inc.</organization>
					</author>
					<date month="December" year="1995"/>
				</front>
				<seriesInfo name="RFC" value="1874"/>
			</reference>
			<reference anchor="RFC2130">
				<front>
					<title>The Report of the IAB Character Set Workshop held 29 February - 1 March, 1996</title>
					<author initials="C." surname="Weider">
						<organization>Microsoft Corp.</organization>
					</author>
					<author initials="C." surname="Cecilia Preston">
						<organization>Preston &amp; Lynch</organization>
					</author>
					<author initials="K." surname="Simonsen">
						<organization>DKUUG</organization>
					</author>
					<author initials="H." surname="Alvestrand">
						<organization>UNINETT</organization>
					</author>
					<author initials="R." surname="Atkinson">
						<organization>Cisco Systems</organization>
					</author>
					<author initials="M." surname="Crispin">
						<organization>University of Washington</organization>
					</author>
					<author initials="P." surname="Svanberg">
						<organization>Royal Institute of Technology</organization>
					</author>
					<date month="April" year="1997"/>
				</front>
				<seriesInfo name="RFC" value="2130"/>
			</reference>
			<reference anchor="RFC2376">
				<front>
					<title>XML Media Types</title>
					<author initials="E." surname="Whitehead">
						<organization>UC Irvine</organization>
					</author>
					<author initials="M." surname="Murata">
						<organization>Fuji Xerox Info. Systems</organization>
					</author>
					<date month="July" year="1998"/>
				</front>
				<seriesInfo name="RFC" value="2376"/>
			</reference>
			<reference anchor="RFC2703">
				<front>
					<title>Protocol-independent Content Negotiation
						Framework</title>
					<author initials="G." surname="Klyne">
						<organization>5GM/Content Technologies</organization>
					</author>
					<date month="September" year="1999"/>
				</front>
				<seriesInfo name="RFC" value="2703"/>
			</reference>
			<reference anchor="RFC2781">
				<front>
					<title>UTF-16, an encoding of ISO 10646</title>
					<author initials="P." surname="Hoffman">
						<organization>Internet Mail Consortium</organization>
					</author>
					<author initials="F." surname="Yergeau">
						<organization>Alis Technologies</organization>
					</author>
					<date month="Februrary" year="2000"/>
				</front>
				<seriesInfo name="RFC" value="2781"/>
			</reference>
			<reference anchor="RFC2801">
				<front>
					<title>Internet Open Trading Protocol - IOTP Version 1.0</title>
					<author initials="D." surname="Burdett">
						<organization>Commerce One</organization>
					</author>
					<date month="April" year="2000"/>
				</front>
				<seriesInfo name="RFC" value="2801"/>
			</reference>
			<reference anchor="RFC3870">
				<front>
					<title>application/rdf+xml Media Type Registration</title>
					<author initials="A." surname="3870">
						<organization>AaronSw.com</organization>
					</author>
					<date month="September" year="2004"/>
				</front>
				<seriesInfo name="RFC" value="3870"/>
			</reference>
			<reference anchor="RFC3902">
				<front>
					<title>The "application/soap+xml" media type</title>
					<author initials="M." surname="Baker">
						<organization></organization>
					</author>
					<author initials="M." surname="Nottingham">
						<organization>BEA Systems</organization>
					</author>
					<date month="September" year="2004"/>
				</front>
				<seriesInfo name="RFC" value="3902"/>
			</reference>
			<reference anchor="RFC5013">
				<front>
					<title>Dublin Core Metadata for Resource Discovery</title>
					<author initials="J." surname="Kunze">
						<organization>University of California, San Francisco</organization>
					</author>
					
					<author initials="T." surname="Baker">
						<organization>Dublin Core Metadata Initiative</organization>
					</author>
					<date month="August" year="2007"/>
				</front>
				<seriesInfo name="RFC" value="5013"/>
			</reference>
   <reference anchor="SVG" target="http://www.w3.org/TR/SVG/">
				<front>
					<title>Scalable Vector Graphics (SVG) 1.1 Specification (Second edition)</title>
					<author initials="E." surname="Dahlstr&#246;m">
						<organization>Opera Software</organization>
					</author>
     <author fullname="et al." initials="others" surname=" ">
      <organization/>
     </author>
					<date day="16" month="August" year="2011"/>
				</front>
				<seriesInfo name="World Wide Web Consortium 
Recommendation" value="SVG"/>
			</reference>
			
	<reference anchor="XSLT" target="http://www.w3.org/TR/xslt20/">
				<front>
					<title>XSL Transformations (XSLT) Version 2.0</title>
					<author initials="M." surname="Kay">
						<organization>Saxonica</organization>
					</author>
					<date month="January" year="2007" day="23"/>
				</front>
				<seriesInfo name="World Wide Web Consortium Recommendation" value="xslt20"/>
			</reference>
		</references>

			<section title="Why Use the '+xml' Suffix for XML-Based MIME Types?" anchor="suffix_explanation">
			<t>Although the use of a suffix was not considered as part of the
original MIME architecture, this choice is considered to provide
the most functionality with the least potential for
interoperability problems or lack of future extensibility. The
alternatives to the '+xml' suffix and the reason for its selection
are described below.</t>
			<section title="Why not just use text/xml or application/xml and let the XML processor dispatch to the correct application based on the referenced DTD?">
				<t>text/xml and application/xml remain useful in many
situations, especially for document-oriented applications that
involve combining XML with a stylesheet in order to present the
data. However, XML is also used to define entirely new data
types, and an XML-based format such as image/svg+xml fits the
definition of a MIME media type exactly as well as 
<xref target="PNG">image/png </xref>
does. (Note that image/svg+xml is not yet registered.)
Although extra functionality is available for MIME
processors that are also XML processors, XML-based media types
-- even when treated as opaque, non-XML media types -- are just
as useful as any other media type and should be treated as
such.</t>
				<t>Since MIME dispatchers work off of the MIME type, use of
text/xml or application/xml to label discrete media types will
hinder correct dispatching and general interoperability. Finally,
many XML documents use neither DTDs nor namespaces, 
yet are perfectly legal XML.</t>
			</section>
			<section title="Why not create a new subtree (e.g., image/xml.svg) to represent XML MIME types?">
				<t>The subtree under which a media type is registered -- IETF,
vendor (*/vnd.*), or personal (*/prs.*); see <xref target="RFC4288"/> and <xref target="RFC4289"/>  for details -- is completely
orthogonal from whether the media type uses XML syntax or not.
The suffix approach allows XML document types to be identified
within any subtree. The vendor subtree, for example, is likely
to include a large number of XML-based document types. By using
a suffix, rather than setting up a separate subtree, those
types may remain in the same location in the tree of MIME types
that they would have occupied had they not been based on
XML.</t>
			</section>
			<section title="Why not create a new top-level MIME type for XML-based media types?">
				<t>The top-level MIME type (e.g., 
<xref target="RFC2077">model/* </xref>)
determines what kind of content the type is, not what syntax
it uses. For example, agents using image/* to signal acceptance
of any image format should certainly be given access to media
type image/svg+xml, which is in all respects a standard image
subtype. It just happens to use XML to describe its syntax. The
two aspects of the media type are completely orthogonal.</t>
				<t>XML-based data types will most likely be registered in ALL
top-level categories. Potential, though currently unregistered, examples could include
<xref target="MathML">application/mathml+xml </xref>,
<xref target="UML">model/uml+xml </xref>, and
<xref target="SVG">image/svg+xml </xref>.</t>
			</section>
			<section title="Why not just have the MIME processor 'sniff' the content to determine whether it is XML?">
				<t>Rather than explicitly labeling XML-based media types, the
processor could look inside each type and see whether or not it
is XML. The processor could also cache a list of XML-based
media types.</t>
				<t>Although this method might work acceptably for some mail
applications, it would fail completely in many other uses of
MIME. For instance, an XML-based web crawler would have no way
of determining whether a file is XML except to fetch it and
check. The same issue applies in some 
<xref target="RFC3501">IMAP4 </xref>
mail applications, where the client first fetches the MIME type
as part of the message structure and then decides whether to
fetch the MIME entity. Requiring these fetches just to
determine whether the MIME type is XML could have significant
bandwidth and latency disadvantages in many situations.</t>
				<t>Sniffing XML also isn't as simple as it might seem. DOCTYPE
declarations aren't required, and they can appear fairly deep
into a document under certain unpreventable circumstances.
(E.g., the XML declaration, comments, and processing
instructions can occupy space before the DOCTYPE declaration.)
Even sniffing the DOCTYPE isn't completely reliable, thanks to
a variety of issues involving default values for namespaces
within external DTDs and overrides inside the internal DTD.
Finally, the variety in potential character encodings
(something XML provides tools to deal with), also makes
reliable sniffing less likely.</t>
			</section>
			<section title="Why not use a MIME parameter to specify that a media type uses XML syntax?" anchor="parameter">
				<t>For example, one could use "Content-Type: application/iotp;
alternate-type=text/xml" or "Content-Type: application/iotp;
syntax=xml".</t>
				<t>Section 5 of 
<xref target="RFC2045"/>
says that "Parameters are modifiers of the media subtype, and
as such do not fundamentally affect the nature of the content".
However, all XML-based media types are by their nature always
XML. Parameters, as they have been defined in the MIME
architecture, are never invariant across all instantiations of
a media type.</t>
				<t>More practically, very few if any MIME dispatchers and other
MIME agents support dispatching off of a parameter. While MIME
agents on the receiving side will need to be updated in either
case to support (or fall back to) generic XML processing, it
has been suggested that it is easier to implement this
functionality when acting off of the media type rather than a
parameter. More important, sending agents require no update to
properly tag an image as "image/svg+xml", but few if any
sending agents currently support always tagging certain content
types with a parameter.</t>
			</section>
			<section title="How about labeling with parameters in the other direction (e.g., application/xml; Content-Feature=iotp)?" anchor="reverseparameter">
				<t>This proposal fails under the simplest case, of a user with
neither knowledge of XML nor an XML-capable MIME dispatcher. In
that case, the user's MIME dispatcher is likely to dispatch the
content to an XML processing application when the correct
default behavior should be to dispatch the content to the
application responsible for the content type (e.g., an
ecommerce engine for 
<xref target="RFC2801">application/iotp+xml</xref>, once
this media type is registered).</t>
				<t>Note that even if the user had already installed the
appropriate application (e.g., the ecommerce engine), and that
installation had updated the MIME registry, many operating
system level MIME registries such as .mailcap in Unix and
HKEY_CLASSES_ROOT in Windows do not currently support
dispatching off a parameter, and cannot easily be upgraded to
do so. And, even if the operating system were upgraded to
support this, each MIME dispatcher would also separately need
to be upgraded.</t>
			</section>
			<section title="How about a new superclass MIME parameter that is defined to apply to all MIME types (e.g., Content-Type: application/iotp; $superclass=xml)?" anchor="superclass">
				<t>This combines the problems of 
<xref target="parameter"/>
and 
<xref target="reverseparameter"/>.</t>
				<t>If the sender attaches an image/svg+xml file to a message
and includes the instructions "Please copy the French text on
the road sign", someone with an XML-aware MIME client and an
XML browser but no support for SVG can still probably open the
file and copy the text. By contrast, with superclasses, the
sender must add superclass support to her existing mailer AND
the receiver must add superclass support to his before this
transaction can work correctly.</t>
				<t>If the receiver comes to rely on the superclass tag being
present and applications are deployed relying on that tag (as
always seems to happen), then only upgraded senders will be
able to interoperate with those receiving applications.</t>
			</section>
			<section title="What about adding a new parameter to the Content-Disposition header or creating a new Content-Structure header to indicate XML syntax?" anchor="newheader">
				<t>This has nearly identical problems to 
<xref target="superclass"/>,
in that it requires both senders and receivers to be
upgraded, and few if any operating systems and MIME dispatchers
support working off of anything other than the MIME type.</t>
			</section>
			<section title="How about a new Alternative-Content-Type header?">
				<t>This is better than 
<xref target="newheader"/>,
in that no extra functionality needs to be added to a MIME
registry to support dispatching of information other than
standard content types. However, it still requires both sender
and receiver to be upgraded, and it will also fail in many
cases (e.g., web hosting to an outsourced server), where the
user can set MIME types (often through implicit mapping to file
extensions), but has no way of adding arbitrary HTTP
headers.</t>
			</section>
			<section title="How about using a conneg tag instead (e.g., accept-features: (syntax=xml))?">
				<t>When the conneg protocol is fully defined, this may
potentially be a reasonable thing to do. But given the limited
current state of 
<xref target="RFC2703">conneg </xref>
development, it is not a credible replacement for a MIME-based
solution.</t>
				<t>Also, note that adding a content-type parameter doesn't work
with conneg either, since conneg only deals with media types,
not their parameters. This is another illustration of the
limits of parameters for MIME dispatchers.</t>
			</section>
			<section title="How about a third-level content-type, such as text/xml/rdf?">
				<t>MIME explicitly defines two levels of content type, the
top-level for the kind of content and the second-level for the
specific media type. 
<xref target="RFC4288"/> and <xref target="RFC4289"/>  
extends this in an interoperable way by using prefixes to
specify separate trees for IETF, vendor, and personal
registrations. This specification also extends the two-level
type by using the '+xml' suffix. In both cases, processors that
are unaware of these later specifications treat them as opaque
and continue to interoperate. By contrast, adding a third-level
type would break the current MIME architecture and cause
numerous interoperability failures.</t>
			</section>
			<section title="Why use the plus ('+') character for the suffix '+xml'?">
				<t>As specified in Section 5.1 of
<xref target="RFC2045"/>, a tspecial can't be used:
<list style="empty">
						<t>tspecials :=<vspace/>
"(" / ")" / "&lt;" / "&gt;" / "@" /<vspace/>
"," / ";" / ":" / "\" / &lt;"&gt;<vspace/>
"/" / "[" / "]" / "?" / "="</t>
					</list>
It was thought that "." would not be a good choice since it is already used as an additional 
hierarchy delimiter. Also, "*" has a common wildcard 
meaning, and "-" and "_" are common word separators and easily 
confused.  The characters %'`#&amp;
are frequently used for quoting or comments and so are not ideal.</t>
				<t>That leaves: ~!$^+{}|</t>
				<t>Note that "-" is used heavily in the current registry. "$" and "_" are 
used once each.  The others are currently unused.</t>
				<t>It was thought that '+' expressed the semantics that a MIME type can be treated (for example) as
both scalable vector graphics AND ALSO as XML; it is both simultaneously.</t>
			</section>
			<section title="What is the semantic difference between application/foo and application/foo+xml?">
				<t>MIME processors that are unaware of XML will treat the '+xml'
suffix as completely opaque, so it is essential that no extra
semantics be assigned to its presence. Therefore,
application/foo and application/foo+xml SHOULD be treated as
completely independent media types. Although, for example,
text/calendar+xml could be an XML version of 
<xref target="RFC2445">text/calendar </xref>,
it is possible that this (hypothetical) new media type would
include new semantics as well as new syntax, and in any case,
there would be many applications that support text/calendar but
had not yet been upgraded to support text/calendar+xml.</t>
			</section>
			<section title="What happens when an even better markup language (e.g., EBML) is defined, or a new category of data?">
				<t>In the ten years that MIME has existed, XML is the first
generic data format that has seemed to justify special
treatment, so it is hoped that no further suffixes will be
necessary. However, if some are later defined, and these
documents were also XML, they would need to specify that the
'+xml' suffix is always the outermost suffix (e.g.,
application/foo+ebml+xml not application/foo+xml+ebml). If they
were not XML, then they would use a regular suffix (e.g.,
application/foo+ebml).</t>
			</section>
			<section title="Why must I use the '+xml' suffix for my new XML-based media type?">
				<t>You don't have to, but unless you have a good reason to
explicitly disallow generic XML processing, you should use the
suffix so as not to curtail the options of future users and
developers.</t>
				<t>Whether the inventors of a media type, today, design it for
dispatch to generic XML processing machinery (and most won't)
is not the critical issue. The core notion is that the
knowledge that some media type happens to use XML syntax opens
the door to unanticipated kinds of processing beyond those
envisioned by its inventors, and on this basis identifying such
encoding is a good and useful thing.</t>
				<t>Developers of new media types are often tightly focused on a
particular type of processing that meets current needs. But
there is no need to rule out generic processing as well, which
could make your media type more valuable over time. It is
believed that registering with the '+xml' suffix will cause no
interoperability problems whatsoever, while it may enable
significant new functionality and interoperability now and in the future. So, the
conservative approach is to include the '+xml' suffix.</t>
			</section>
			
		</section>
		<section title="Changes from RFC 3023">
			<t>There are numerous and significant differences between this specification and
<xref target="RFC3023"/>, which it obsoletes.  This appendix summarizes the major 
differences only.</t>
			<t>First, XPointer (<xref target="XPointerFramework"/> and <xref target="XPointerElement"/> 
				has been added as fragment identifier syntax for 
				"application/xml", and the XPointer Registry (<xref target="XPtrReg"/>) mentioned.
Second, <xref target="XBase"/> has been added as a mechanism for 
specifying
base URIs.  Third, the language regarding charsets was updated to correspond to
the W3C TAG finding 
<xref target="TAGMIME">Internet Media Type registration, consistency of use</xref>.
				Fourth, many references are updated.
</t>
		</section>
		<section title="Acknowledgements">
			<t>This specification reflects the input of numerous participants to the ietf-xml-mime@imc.org
mailing list, though any errors are the responsibility of the authors.  Special thanks to:</t>
			<t>Mark Baker, James Clark, Dan Connolly, Martin Duerst, Ned Freed, Yaron Goland, Rick Jelliffe, Larry Masinter,
David Megginson, Keith Moore, Chris Newman, Gavin Nicol, Marshall Rose, Jim
Whitehead and participants of the XML activity and the TAG at the W3C.</t>

<t>Jim Whitehead and Simon St.Laurent are editors of 
<xref target="RFC2376"/> and <xref target="RFC3023"/>, respectively.</t>
		</section>
	</back>
	<!-- comments
		
		fragments
		http://www.imc.org/ietf-xml-mime/mail-archive/msg00996.html	
		
		deprecation of text/*
		http://annevankesteren.nl/2006/11/text-xml
		
		much xml that would break if forced to us-ascii
		http://www.xml.com/pub/a/2004/07/21/dive.html
		
		-->
	
	
</rfc>
