Update application/ld+json security considerations
authorMarkus Lanthaler <mark_lanthaler@gmx.net>
Tue, 18 Jun 2013 17:53:55 +0200
changeset 1729 08b9f395bb6b
parent 1728 af5851549b12
child 1730 528d8c7a944c
Update application/ld+json security considerations

This addresses #265
spec/latest/json-ld/index.html
--- a/spec/latest/json-ld/index.html	Mon Jun 17 10:36:03 2013 +0200
+++ b/spec/latest/json-ld/index.html	Tue Jun 18 17:53:55 2013 +0200
@@ -3688,20 +3688,30 @@
     <dt>Encoding considerations:</dt>
     <dd>See RFC&nbsp;6839, section 3.1.</dd>
     <dt>Security considerations:</dt>
-    <dd>Since JSON-LD is intended to be a pure data exchange format for
-      directed graphs, the serialization SHOULD NOT be passed through a
-      code execution mechanism such as JavaScript's <code>eval()</code>
-      function to be parsed.<br/>
-      JSON-LD contexts that are loaded from the Web over non-secure connections,
-      such as HTTP, run the risk of modifying the JSON-LD
-      <tref>active context</tref> in a way that could compromise security. It
-      is advised that any application that depends on a remote context for mission
-      critical purposes vet and cache the remote context before allowing the
-      system to use it.<br />
-      Given that JSON-LD allows the substitution of long IRIs with short terms,
-      JSON-LD documents may expand considerably when processed and, in the worst case,
-      the resulting data might consume all of the recipient's resources. Applications
-      should treat any data with due skepticism.
+    <dd>See [[!RFC4627]]
+      <p>Since JSON-LD is intended to be a pure data exchange format for
+        directed graphs, the serialization SHOULD NOT be passed through a
+        code execution mechanism such as JavaScript's <code>eval()</code>
+        function to be parsed. An (invalid) document may contain code that,
+        when executed, could lead to unexpected side effects compromising
+        the security of a system.</p>
+      <p>When processing JSON-LD documents, links to remote contexts are
+        typically followed automatically, resulting in the transfer of files
+        without the explicit request of the user for each one. If remote
+        contexts are served by third parties, it may allow them to gather
+        usage patterns or similar information leading to privacy concerns.
+        Specific implementations, such as the API defined in the
+        JSON-LD Processing Algorithms and API specification [[JSON-LD-API]],
+        may provide fine-grained mechanisms to control this behavior.</p>
+      <p>JSON-LD contexts that are loaded from the Web over non-secure connections,
+        such as HTTP, run the risk of modifying the JSON-LD <tref>active context</tref>
+        in a way that could compromise security. It is advised that any application
+        that depends on a remote context for mission critical purposes vet and
+        cache the remote context before allowing the system to use it.</p>
+      <p>Given that JSON-LD allows the substitution of long IRIs with short terms,
+        JSON-LD documents may expand considerably when processed and, in the worst case,
+        the resulting data might consume all of the recipient's resources. Applications
+        should treat any data with due skepticism.</p>
     </dd>
     <dt>Interoperability considerations:</dt>
     <dd>Not Applicable</dd>