From 6111f69d579fee1a7d8a8f63b7920fe2d1319a03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20Sch=C3=A4fer?= Date: Tue, 24 Nov 2020 18:52:08 +0100 Subject: [PATCH] Accept inbox/file-metadata.xml as XEP-0446 --- xep-0446.xml | 152 +++++++++++++++++++++++++++++++++++++++++++++++++++ xep.ent | 1 + 2 files changed, 153 insertions(+) create mode 100644 xep-0446.xml diff --git a/xep-0446.xml b/xep-0446.xml new file mode 100644 index 00000000..8b71fc06 --- /dev/null +++ b/xep-0446.xml @@ -0,0 +1,152 @@ + + + %ents; + ]> + + +
+ File metadata element + This specification defines a generic file metadata element to be used in other specifications. + &LEGALNOTICE; + 0446 + Experimental + Standards Track + Standards + Council + + XMPP Core + XEP-0001 + XEP-0082 + XEP-0264 + XEP-0300 + + + + file-metadata + &larma; + + 0.1.0 + 2020-11-24 + XEP Editor (jsc) + Accepted by vote of Council on 2020-11-18. + + + 0.0.1 + 2020-11-03 + lmw +

First draft.

+
+
+ +

+ Several existing specification have the need to provide metadata on a file. + The only specification of an element that contains file metadata so far is + provided as part of &xep0234;. This resulted in the situation that XEPs like + &xep0385; depend on the mostly unrelated &xep0166; just for the metadata + element. The motiviation of this XEP is to get rid of such dependencies and + have a dedicated place to define a file metadata element. +

+
+ + + text/plain + test.txt + 2015-07-26T21:46:00+01:00 + 6144 + w0mcJylzCn+AfvuGdqkty2+KP48= +]]> +

The child elements of the <file/> element are as follows:

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Element NameDescriptionExample
dateTimestamp specifying the last modified time of the file (which MUST conform to the DateTime profile of &xep0082;).2015-07-26T21:46:00+01:00
dimensionsHorizontal and vertical dimensions of image or video files, in pixels.1920x1080
descA human readable description of the file. Multiple <desc/> elements MAY be included if different xml:lang values are specified.Picture of 24th XSF Summit
hashA hash of the file content, using the <hash/> element defined in &xep0300; and qualifed by the 'urn:xmpp:hashes:2' namespace. Multiple hashes MAY be included for hash agility.see specification
lengthLength of an audio or video file, in milliseconds.63000
media-typeThe media type of the file content, which SHOULD be a valid MIME-TYPE as registered with &IANA; (specifically, as listed at <http://www.iana.org/assignments/media-types>). If not specified, the content is assumed to be "application/octet-stream".text/plain
nameThe name of the file. The name SHOULD NOT contain characters or character sequences that would be interpreted as a directory structure by the local file system (e.g. "/", "\", "../", etc.). If any such characters or character sequences are present (possibly because the local and remote file systems use different syntax for directory structure), they SHOULD be escaped (e.g., via percent-encoding) before using the name as part of any file system operation. See Security Considerations.text.txt
sizeThe length of the file's content, in bytes.6144
thumbnailA thumbnail element of the file, using the <thumbnail/> element defined in &xep0264; and qualified by the 'urn:xmpp:thumbs:1' namespace. Multiple thumbnails MAY be included for media type and size agility.see specification
+

+ All child elements are OPTIONAL, however, specifications making use of the + file metadata object MAY require providing some of these elements as part + of their specification. +

+
+ +

+ Caution needs to be exercised when using the <name/> of the metadata + to control any interaction with a file system. For example, a malicious + user could request a file with <name>/etc/passwd</name> or + include file system specific control patterns such as + <name>../../private.txt</name> to try and access a sensitive + file outside of the set of files intended to be shared. Or a malicious user + could offer a file named /etc/passwd to try and trick the receiver into + overwriting that or other sensitive files. Therefore, implementations + SHOULD escape any file system path separators in the <name/> before + using that value in any file system calls. +

+

+ It is RECOMMENDED for implementations to use the strongest hashing + algorithm available to both parties. See &xep0300; for further discussion. +

+
+ +

This document requires no interaction with &IANA;.

+
+ + +

The ®ISTRAR; includes 'urn:xmpp:file:metadata:0' in its registry of protocol namespaces (see &NAMESPACES;).

+
    +
  • urn:xmpp:file:metadata:0
  • +
+
+
+ +

Thanks to the authors of &xep0234; which heavily inspired this XEP.

+
+
diff --git a/xep.ent b/xep.ent index 0106a53e..71367d24 100644 --- a/xep.ent +++ b/xep.ent @@ -1610,3 +1610,4 @@ IANA Service Location Protocol, Version 2 (SLPv2) Templates XMPP Compliance Suites 2021 (XEP-0443) XEP-0443: XMPP Compliance Suites 2021 <https://xmpp.org/extensions/xep-0443.html>." > Message Reactions (XEP-0444) XEP-0444: Message Reactions <https://xmpp.org/extensions/xep-0444.html>." > Pre-Authenticated In-Band Registration (XEP-0445) XEP-0445: Pre-Authenticated In-Band Registration <https://xmpp.org/extensions/xep-0445.html>." > +File metadata element (XEP-0446) XEP-0446: File metadata element <https://xmpp.org/extensions/xep-0446.html>." >