Hi, On 4/13/06, Tschofenig, Hannes <hannes.tschofenig@siemens.com> wrote:
- security section should also reference sec 10 of RFC 3023.
Why do you think so? I read through Section 10 of RFC 3023 and I don't think that the aspects there are applicable for our usage environment.
The aspects of security described in that section are quite generic, so I'd be surprised if that were the case. Just as one example, do you rule out the use of external entities with auth-policy+xml? If not, then that section is relevant as it describes some potential security problems with their use. FWIW, I think any +xml type should reference it as a matter of course.
- I'd recommend picking a file extension specific to this media type, as many Web servers come pre-configured to serve .xml files as application/xml, or even an RSS media type. I don't care about the file extension. Can you suggest something reasonable?
How about "apxml"? I checked "apx", but it's been used before; http://filext.com/detaillist.php?extdetail=apx&Search=Search Cheers, Mark. -- Mark Baker. Ottawa, Ontario, CANADA. http://www.markbaker.ca