X3D MIME-Type

From Web3D.org
Revision as of 09:21, 20 February 2013 by Brutzman (Talk | contribs) (6. Security considerations: move TODO to work list)

Jump to: navigation, search

The X3D Working Group is preparing a formal submission to the Internet Engineering Task Force (IETF) to support X3D Mime-Types.

Current work to gain final MIME-type approval

In 1997 the Internet Engineering Task Force (IETF) approved IETF RFC 2077 for the Model MIME type. This supports VRML and establishes a MIME basis for other 3D model formats. However, the IETF has not yet approved X3D as an official MIME type, primarily due our incomplete prior efforts which did not submit a formal final application. This page is where we are building that formal application for official status of the X3D MIME-Type.

The current round of work started in 2008 with an initial application submission late that year. Review comments were received from IETF MIME-Type task force, reconciled and incorporated back into the application in February 2009. This effort was reported and collected as Registration of media type model/x3d+XXX.

The updated document appears below. All edits need to be done in conformance with the current application standard. When completed, the application needs to be sent to 'ietf-types@iana.org' with the subject line "Registration of media type model/x3d+XXX" included.

References

Work list

  • Ensure that the application is fully complete
    • Confirm correct use of conjunction with sub-type (+xml, -vrml)
    • Update all X3D specification references to the latest version and description
    • Resolve all TODO items
  • Comments on base reference RFC 2077
    • "Similarly, the VRML discussion list has been archived as: http://vrml.wired.com/arch" can be updated to X3D public mailing list - April 2009 to present [1]
    • If they ask us to modify RFC 2077, we can
    • Other model subtypes: on Wikipedia Media Type [2]
  • Perform public review on x3d-public@web3d.org mailing list
  • Gain approval of X3D Working Group and concurrence of Web3D Board of Directors

Submission steps

  • Review the IETF MIME Type Submission references
  • Finalize application details that follow
  • Submit to IETF and follow up on any resulting actions or approvals

Our goal is to make this submission during May 2012.

Registration application for X3D MIME type (draft)

Editors note: XML, ClassicVRML, and Binary responses merged together. In the end, three separate applications will need to be created. See RFC 3023, XML Media Types for requirements specific to XML media types.

1. Media Type Name

Model

2. Subtype names

Standards Tree

  • x3d+xml
  • x3d-vrml
  • x3d+fastinfoset

3. Required parameters

None

4. Optional parameters

None

5. Encoding considerations

This application represents the different MIME types used for three different encodings of the X3D ISO standard (see [1]). The standard defines an abstract information structural representation, for which several file formats are available. These formats are currently defined to be:

  • XML: '8-bit text'
  • ClassicVRML: '8-bit text'
  • Compressed Binary: 'binary'

6. Security considerations

Editors note: The following draft contains most of the relevant references and issues that we could find. We need to verify that this section addresses the questions and statements in RFC 4288, Media Type Specifications and Registration Procedures (Security Requirements). Specifically we need to address/state response for:

  • Complex media types: There are no X3D directives that access local resources except those related to the graphical display of content and the necessary system resources to make that happen. The X3D specification does allow for scripts to execute a variety of actions including changing the URL and accessing local resources. Any implementations that execute scripts MUST give consideration to their application's threat models and those of the individual features they implement; in particular, they MUST ensure that untrusted content is not executed in an unprotected environment.
  • Active content: We are interpreting active content to mean any and all content that is not static and unchanging while the designated URL is displayed. The intent of X3D is to provide active content to the user. This requires system resources in the form of memory, CPU processing, and graphics processing. Users of X3D desire active and are aware of the system demands.
  • Release of information: The X3D specification does not require any information be sent from the user's computer. A particular implementation may request information and distribute it. It is up to the implementer and user to negotiate the terms of service for that particular application.
  • Decompression issues: Several activities can occur when loading an X3D scene that have security implications.
    • X3D files can embed url links for loading other resources such as images, scripts, movies, audio files and other X3D scenes
    • Embedded or linked scripts can be in Javascript, Java or (optionally) other languages
    • Compressed binary scenes can contain two types of decompression: information-based (.gzip, Fast Infoset) and geometric-based (produces polygonal structures) which can be computationally expensive
    • Recursive techniques are not typically allowed in 3D scene constructs
    • Regular user-agent precautions used by Web browsers for HTML content should also apply
  • External security considerations: There is nothing in the X3D specification that requires or prevents security assurances. A particular implementation may request information and distribute it. It is up to the implementer and user to negotiate the terms of service for that particular application.

Scripting is defined as being available for the specification. Two languages are defined: Java and ECMAScript. Each scripting language is controlled by its local security model. As the content may run in many different situations, the X3D specification does not impose specific security policies. For example, some standalone applications will want to directly interact with the local file system, network or database, while others that run in a web browser would use the web-browser's security model.

X3D Graphics scenes can utilize the World Wide Web Consortium (W3C) Security Recommendations for XML Signature and XML Encryption, in either the .x3d (plain text) and .x3db (compressed binary) encodings.

X3D security considerations are a close match to HTML. JavaScript or Java scripts may be linked internal to an X3D scene, or external to an X3D scene by an encapsulating HTML browser. Relevant references follow.

  • HTML Mime Type Security Considerations
    • Excerpt: In addition, the introduction of scripting languages and interactive capabilities in HTML 4.0 introduced a number of security risks associated with the automatic execution of programs written by the sender but interpreted by the recipient. User agents executing such scripts or programs must be extremely careful to insure that untrusted software is executed in a protected environment.
  • HTML4 Recommendation, B.10 Notes on security
    • Excerpt: Anchors, embedded images, and all other elements that contain URIs as parameters may cause the URI to be dereferenced in response to user input. In this case, the security issues of [RFC1738], section 6, should be considered. The widely deployed methods for submitting form requests -- HTTP and SMTP -- provide little assurance of confidentiality. Information providers who request sensitive information via forms -- especially with the INPUT element, type="password" -- should be aware and make their users aware of the lack of confidentiality.
  • HTML5 security references
    • Most (perhaps all) of the details regarding specific HTML5 elements seem to be not applicable to X3D mime types
  • W3C Working Draft HTML5 differences from HTML4
    • Section 2 Syntax includes some media type (i.e. MIME type) details. Interestingly it refers to multiple media types, providing both text/html and application/xml examples.
    • Perhaps we should discuss both model/x3d and application/xml examples.
    • Interesting point, possibly relevant to X3D: Some MIME types (e.g. text/plain) that are guaranteed to never be supported as scripting types for script were specified, so authors can safely use them for custom data blocks.

7. Interoperability considerations

The definition of the file format is maintained by the Web3d Consortium and published through the ISO process. Several revisions of the specification have been made and it continues to be made. All revisions use the same MIME type definitions, and are backwards compatible internally and structurally. In addition, each of the file format encodings may be losslessly transformed between each other.

There are no known interoperability issues. There are existing applications that run on PC, Macintosh, and Unix/Linux systems that work with the file format. The Web3D Consortium makes an effort to keep the file format interoperable across all platforms.

8. Published specification

See RFC 4288, Media Type Specifications and Registration Procedures (Publication Requirements) for detailed instructions. All revisions of the X3D specification is maintained online at http://www.web3d.org/realtime-3d/specification/all The most recent specification is available from the ISO website (for a fee) or from Web3D Consortium

9. Applications that use this media type

The applications that use (or would use) the

  • model/x3d+xml
  • model/x3d-vrml
  • model/x3d+fastinfoset

media type are those that display, create, edit, import, or export 3D model content using the X3D standard. A short list of the applications include:

  • Blender (Open source, runs on Windows, Macintosh, Linux)
  • BS Contact (from Bitmanagement, runs on Windows, Macintosh, Linux)
  • Flux (from Media Machines, runs on Windows)
  • FreeWRL (Open source, runs on Windows, Macintosh, Linux)
  • Instant Reality (Fraunhofer, runs on Windows, Macintosh, Linux)
  • Octaga VS Player (from Octaga VS, runs on Windows)
  • Rawkee (Open source Maya exporter, runs in Maya)
  • Vivaty (from Vivaty, runs on Windows, Flash based)
  • X3D-Edit and X3D Validator (from Naval Postgraduate School, Java based)
  • X3DOM (Open source, runs on Windows, Macintosh, Linux, iPad)
  • Xj3D (Open source from Web3D Consortium, Java based)
  • See X3D Resources for a comprehensive list of supporting applications

10. Additional information

  • XML Encoding
    • Magic number(s): None
    • File extension: '.x3d'
    • Macintosh File Type Code(s): TEXT
    • Object Identifier(s): None
  • ClassicVRML Encoding
    • Magic number(s): #X3D
    • File extension: '.x3dv'
    • Macintosh File Type Code(s): TEXT
    • Object Identifier(s): None
  • Compressed Binary Encoding
    • Magic number(s): None
    • File extension: '.x3db'
    • Macintosh File Type Code(s): None
    • Object Identifier(s): None

11. Intended usage

COMMON

12. Other Information/General Comment

Editors note: It is not clear what should (or needs) to go in this section. The text below is what was previously here.

The X3D standard is a continuation of the VRML standard that is defined in RFC2077. As part of this work, several large modifications were made to the file format and specification. The basic premise for the specification continues the VRML design rational. The MIME types and file extensions were changed to indicate this modified standard.

  1. Content Sub-types

Each content type may have an additional Content-Encoding to indicate whether the content has been compressed using GZIP in addition to the basic textual encoding. This is also indicated by modifying each file extension with the character "z". For example, the plain text VRML-encoded file format would use the extension ".x3dv", and if compressed using GZIP uses the extension ".x3dvz"

13. Person to contact for further information

  • Name: Leonard Daly (X3D Working Group Co-Chair)
  • E-mail: <use appropriate alias>
  • Author/Change controller: The Web3D Consortium