--- a/model/prov-n.html Tue Jul 03 10:19:10 2012 +0100
+++ b/model/prov-n.html Tue Jul 03 10:41:08 2012 +0100
@@ -2594,8 +2594,9 @@
<dd>Unicode code points may also be expressed using an \uXXXX (U+0 to U+FFFF) or \UXXXXXXXX syntax (for U+10000 onwards) where X is a hexadecimal digit [0-9A-F]</dd>
<dt>Security considerations:</dt>
<dd>PROV-N is a general-purpose language for describing the provenance of things; applications may evaluate given data to infer more descriptions or to dereference URIs, invoking the security considerations of the scheme for that URI. Note in particular, the privacy issues in [[!RFC3023]] section 10 for HTTP URIs. Data obtained from an inaccurate or malicious data source may lead to inaccurate or misleading conclusions, as well as the dereferencing of unintended URIs. Care must be taken to align the trust in consulted resources with the sensitivity of the intended use of the data; inferences of potential medical treatments would likely require different trust than inferences for trip planning.</dd>
- <dd>PROV-N is used to express the provenance of arbitrary application data; security considerations will vary by domain of use. Security tools and protocols applicable to text (e.g. PGP encryption, MD5 sum validation, password-protected compression) may also be used on PROV-N documents. Security/privacy protocols must be imposed which reflect the sensitivity of the embedded information. In particular, it is noted that a given data item and the provenance for that data item may be assigned different access control policies. </dd>
+ <dd>PROV-N is used to express the provenance of arbitrary application data; security considerations will vary by domain of use. Security tools and protocols applicable to text (e.g. PGP encryption, MD5 sum validation, password-protected compression) may also be used on PROV-N documents. Security/privacy protocols must be imposed which reflect the sensitivity of the embedded information. </dd>
<dd>PROV-N can express data which is presented to the user, for example, label attributes. Application rendering strings retrieved from untrusted PROV-N documents must ensure that malignant strings may not be used to mislead the reader. The security considerations in the media type registration for XML ([[!RFC3023]] section 10) provide additional guidance around the expression of arbitrary data and markup.</dd>
+ <dd>PROV-N is a language for describing the provenance of things, and therefore a PROV-N document is metadata for other resources. Untrusted PROV-N documents may mislead its consumers by indicating that a third-party resource has a reputable lineage, when it has not. Provenance of PROV-N document should be sought. </dd>
<dd>PROV-N uses qualified names mappeable to IRIs as term identifiers. Applications interpreting data expressed in PROV-N should address the security issues of
<a class="norm" href="http://www.ietf.org/rfc/rfc3987.txt">Internationalized Resource Identifiers (IRIs)</a> [[!RFC3987]] Section 8, as well as
<a class="norm" href="http://www.ietf.org/rfc/rfc3986.txt">Uniform Resource Identifier (URI): Generic Syntax</a> [[!RFC3986]] Section 7.</dd>
@@ -2616,7 +2617,8 @@
<dt>Interoperability considerations:</dt>
<dd>There are no known interoperability issues.</dd>
<dt>Published specification:</dt>
- <dd>This specification.</dd>
+ <dd>PROV-N: The Provenance Notation, Moreau and Missier, eds,
+ <a href="http://www.w3.org/TR/prov-n/">http://www.w3.org/TR/prov-n/</a></dd>
<dt>Applications which use this media type:</dt>
<dd>No widely deployed applications are known to use this media type. It may be used by some web services and clients consuming their data.</dd>
<dt>Additional information:</dt>