--- a/rdf-turtle/index.html Fri Jun 10 22:13:24 2011 -0700
+++ b/rdf-turtle/index.html Fri Jun 10 22:16:04 2011 -0700
@@ -917,10 +917,10 @@
<dd>The syntax of Turtle is expressed over code points in Unicode [[!UNICODE]]. The encoding is always UTF-8 [[!RFC3629]].</dd>
<dd>Unicode code points may also be expressed using an \uXXXX (U+0 to U+FFFF) or \UXXXXXXXX syntax (for U+10000 onwards) where X is a hexadecimal digit [0-9A-F]</dd>
<dt>Security considerations:</dt>
- <dd>Turtle is a general-purpose assertion language; applications may evaluate given data to infer more assertions or to dereference URIs, invoking the security considerations of the scheme for that URI. Note in particular, the privacy issues in [<a href="#rfc3023">RFC3023</a>] section 10 for HTTP URIs. Data obtained from an inaccurate or malicious data source may lead to inaccurate or misleading conclusions, as well as the dereferencing of unintended URIs. Care must be taken to align the trust in consulted resources with the sensitivity of the intended use of the data; inferences of potential medical treatments would likely require different trust than inferences for trip planning.</dd>
+ <dd>Turtle is a general-purpose assertion language; applications may evaluate given data to infer more assertions or to dereference URIs, invoking the security considerations of the scheme for that URI. Note in particular, the privacy issues in [[!RFC3023]] section 10 for HTTP URIs. Data obtained from an inaccurate or malicious data source may lead to inaccurate or misleading conclusions, as well as the dereferencing of unintended URIs. Care must be taken to align the trust in consulted resources with the sensitivity of the intended use of the data; inferences of potential medical treatments would likely require different trust than inferences for trip planning.</dd>
<dd>Turtle is used to express arbitrary application data; security considerations will vary by domain of use. Security tools and protocols applicable to text (e.g. PGP encryption, MD5 sum validation, password-protected compression) may also be used on Turtle documents. Security/privacy protocols must be imposed which reflect the sensitivity of the embedded information.</dd>
- <dd>Turtle can express data which is presented to the user, for example, RDF Schema labels. Application rendering strings retrieved from untrusted Turtle documents must ensure that malignant strings may not be used to mislead the reader. The security considerations in the media type registration for XML ([RFC3023] section 10) provide additional guidance around the expression of arbitrary data and markup.</dd>
+ <dd>Turtle can express data which is presented to the user, for example, RDF Schema labels. Application rendering strings retrieved from untrusted Turtle documents must ensure that malignant strings may not be used to mislead the reader. The security considerations in the media type registration for XML ([[!RFC3023]] section 10) provide additional guidance around the expression of arbitrary data and markup.</dd>
<dd>Turtle uses IRIs as term identifiers. Applications interpreting data expressed in Turtle should address the security issues of
<a class="norm" href="http://www.ietf.org/rfc/rfc3987.txt">Internationalized Resource Identifiers (IRIs)</a> [[!RFC3987]] Section 8, as well as
<a class="norm" href="http://www.ietf.org/rfc/rfc3986.txt">Uniform Resource Identifier (URI): Generic Syntax</a> [[!RFC3986]] Section 7.</dd>