--- a/model/prov-n.html Thu Jul 12 17:28:50 2012 +0100
+++ b/model/prov-n.html Thu Jul 12 17:30:55 2012 +0100
@@ -2816,12 +2816,13 @@
<dt>Required parameters:</dt>
<dd>None</dd>
<dt>Optional parameters:</dt>
- <dd><tt>charset</tt> — this parameter is required when transferring non-ASCII data. If present, the value of <tt>charset</tt> is always <tt>UTF-8</tt>.</dd>
+ <dd><tt>charset</tt> — this parameter is mandatory. The value of <tt>charset</tt> is always <tt>UTF-8</tt>.</dd>
+
<dt>Encoding considerations:</dt>
<dd>The syntax of PROV-N is expressed over code points in Unicode [[UNICODE5]]. The encoding is always UTF-8 [[!UTF-8]].</dd>
<dd>Unicode code points may also be expressed using an \uXXXX (U+0 to U+FFFF) or \UXXXXXXXX syntax (for U+10000 onwards) where X is a hexadecimal digit [0-9A-F]</dd>
<dt>Security considerations:</dt>
- <dd>PROV-N is a general-purpose language for describing the provenance of things; applications may evaluate given data to infer more descriptions or to dereference URIs, invoking the security considerations of the scheme for that URI. Note in particular, the privacy issues in [[!RFC3023]] section 10 for HTTP URIs. Data obtained from an inaccurate or malicious data source may lead to inaccurate or misleading conclusions, as well as the dereferencing of unintended URIs. Care must be taken to align the trust in consulted resources with the sensitivity of the intended use of the data; inferences of potential medical treatments would likely require different trust than inferences for trip planning.</dd>
+ <dd>PROV-N is a general-purpose language for describing the provenance of things; applications may evaluate given data to infer more descriptions or to dereference URIs, invoking the security considerations of the scheme for that URI. Note in particular, the privacy issues in [[!RFC3023]] section 10 for HTTP URIs. Data obtained from an inaccurate or malicious data source may lead to inaccurate or misleading conclusions, as well as the dereferencing of unintended URIs. Care must be taken to align the trust in consulted resources with the sensitivity of the intended use of the data.</dd>
<dd>PROV-N is used to express the provenance of arbitrary application data; security considerations will vary by domain of use. Security tools and protocols applicable to text (e.g. PGP encryption, MD5 sum validation, password-protected compression) may also be used on PROV-N documents. Security/privacy protocols must be imposed which reflect the sensitivity of the embedded information. </dd>
<dd>PROV-N can express data which is presented to the user, for example, label attributes. Application rendering strings retrieved from untrusted PROV-N documents must ensure that malignant strings may not be used to mislead the reader. The security considerations in the media type registration for XML ([[!RFC3023]] section 10) provide additional guidance around the expression of arbitrary data and markup.</dd>
<dd>PROV-N is a language for describing the provenance of things, and therefore a PROV-N document is metadata for other resources. Untrusted PROV-N documents may mislead its consumers by indicating that a third-party resource has a reputable lineage, when it has not. Provenance of PROV-N document should be sought. </dd>