@@ -1287,37 +1287,38 @@ <h2>Security Considerations</h2>
1287
1287
< p > The RDF Abstract Syntax is not used directly for conveying information,
1288
1288
although concrete serialization forms are specifically intended to do so.</ p >
1289
1289
1290
- < p > Applications MAY evaluate given data to infer more assertions or to dereference IRIs,
1290
+ < p > Applications MAY evaluate given data to infer more assertions or to dereference < a > IRIs</ a > ,
1291
1291
invoking the security considerations of the scheme for that IRI.
1292
1292
Note in particular, the privacy issues in [[RFC3023]] section 10 for HTTP IRIs.
1293
1293
Data obtained from an inaccurate or malicious data source may lead to inaccurate or misleading conclusions,
1294
1294
as well as the dereferencing of unintended IRIs.
1295
- Care must be taken to align the trust in consulted resources with the sensitivity of the intended use of the data;
1296
- inferences of potential medical treatments would likely require
1297
- different trust than inferences for trip planning.</ p >
1295
+ Care must be taken to align the trust in consulted resources with the sensitivity of
1296
+ the intended use of the data;
1297
+ inferences of potential medical treatments would likely require different trust than inferences
1298
+ for trip planning.</ p >
1298
1299
1299
1300
< p > RDF is used to express arbitrary application data;
1300
1301
security considerations will vary by domain of use.
1301
1302
Security tools and protocols applicable to text
1302
- (e.g. , PGP encryption, MD5 sum validation, password-protected compression)
1303
- may also be used on RDF documents.
1303
+ (for example , PGP encryption, checksum validation, password-protected compression)
1304
+ may also be used on N-Quads documents.
1304
1305
Security/privacy protocols must be imposed which reflect the sensitivity of the embedded information.</ p >
1305
1306
1306
- < p > RDF can express data which is presented to the user, for example, RDF Schema labels.
1307
- Applications rendering strings retrieved from untrusted RDF documents must ensure
1308
- that malignant strings may not be used to mislead the reader.
1309
- The security considerations in the media type registration for
1310
- XML ([[RFC3023]] section 10) provide additional guidance around the
1311
- expression of arbitrary data and markup.</ p >
1307
+ < p > RDF can express data which is presented to the user, such as RDF Schema labels.
1308
+ Applications rendering strings retrieved from untrusted RDF documents,
1309
+ or using unescaped characters,
1310
+ SHOULD prevent such strings from being used to mislead the reader,
1311
+ The security considerations in the media type registration for XML ([[! RFC3023]] section 10)
1312
+ provide additional guidance around the expression of arbitrary data and markup.</ p >
1312
1313
1313
- < p > RDF uses IRIs as term identifiers.
1314
+ < p > RDF uses < a > IRIs</ a > as term identifiers.
1314
1315
Applications interpreting data expressed in RDF SHOULD address the security issues of
1315
1316
[[[RFC3987]]] [[RFC3987]] Section 8,
1316
1317
as well as [[[RFC3986]]] [[RFC3986]] Section 7.</ p >
1317
1318
1318
- < p > Multiple IRIs may have the same appearance
1319
+ < p > Multiple < a > IRIs</ a > may have the same appearance
1319
1320
Characters in different scripts may look similar
1320
- (a Cyrillic "о " may appear similar to a Latin "o").
1321
+ (a Cyrillic "о " may appear similar to a Latin "o").
1321
1322
A character followed by combining characters may have the same visual representation
1322
1323
as another character (LATIN SMALL LETTER "E" followed by COMBINING ACUTE ACCENT
1323
1324
has the same visual representation as LATIN SMALL LETTER "E" WITH ACUTE).
@@ -1326,18 +1327,11 @@ <h2>Security Considerations</h2>
1326
1327
and avoid IRIs that make look similar.
1327
1328
Further information about matching of similar characters can be found
1328
1329
in [[[UNICODE-SECURITY]]] [[UNICODE-SECURITY]] and
1329
- [[[RFC3987]]] [[RFC3987]] Section 8.
1330
- </ p >
1330
+ [[[RFC3987]]] [[RFC3987]] Section 8.</ p >
1331
1331
1332
1332
< p class ="note "> These considerations are a more generic form
1333
1333
of Security Considerations for [[RDF12-TURTLE]], [[RDF12-TRIG]], [[RDF12-N-TRIPLES]],
1334
1334
and [[RDF12-N-QUADS]].</ p >
1335
-
1336
- < p class ="issue " data-number ="11 ">
1337
- There's a concern that no implementations can be compliant as it is virtually
1338
- impossible forimplementations to ensure that malignant strings
1339
- cannot be used to mislead the reader.
1340
- </ p >
1341
1335
</ section >
1342
1336
1343
1337
< section id ="internationalization ">
0 commit comments