SESM v0.3.0 external review: semantic metadata in safe-profile SVG
SESM is a non-executable semantic SVG metadata profile. It embeds a small JSON metadata block inside the existing SVG <metadata> element so standalone SVG assets can carry public, asset-level identity, provenance, interpretation, crawler, archive, theme, and integrity context.
SESM does not make arbitrary SVG safe. SESM-safe SVG means non-executable SVG plus a valid SESM metadata block.
Release tag: https://github.com/APTlantis/CityHall/releases/tag/SESM-v0.3.0
Tag source: https://github.com/APTlantis/CityHall/tree/SESM-v0.3.0/SESM
Review Framing
I am looking for review on SESM, a candidate safe profile for embedding non-executable semantic metadata in SVG assets. It includes an explainer, safe profile, threat model, privacy considerations, validator rules, reference implementation, and fixture corpus.
The main review questions are whether the metadata model is useful, whether the safety boundary is clear, and whether the validator behavior is practical for crawlers, archives, design systems, and AI-adjacent tooling.
What Reviewers Should Read First
- EXPLAINER.md
- SAFE-PROFILE.md
- THREAT-MODEL.md
- PRIVACY.md
- CONFORMANCE.md
- VALIDATOR-RULES.md
- REFERENCE-IMPLEMENTATION.md
- SUBMISSION-PITCH.md
Reference Implementation
Questions To Ask Reviewers
- Is the asset-level metadata use case clear and distinct from JSON-LD?
- Is the relationship between embedded metadata and sidecar files clear?
- Is the SESM safe profile strict enough for broad ingestion?
- Are privacy risks and covert tracking risks sufficiently addressed?
- Is
llm.interpretation_hints clearly non-authoritative?
- Are the validator labels and exit codes practical?
- What fields should be removed, renamed, or constrained before wider review?
Non-Claims
SESM does not claim to be a browser feature, change SVG rendering, make arbitrary SVG safe, grant crawler permission, grant AI training permission, replace JSON-LD, replace sidecar files, replace SVG sanitization, or have standards-body adoption.
SESM v0.3.0 external review: semantic metadata in safe-profile SVG
SESM is a non-executable semantic SVG metadata profile. It embeds a small JSON metadata block inside the existing SVG
<metadata>element so standalone SVG assets can carry public, asset-level identity, provenance, interpretation, crawler, archive, theme, and integrity context.SESM does not make arbitrary SVG safe. SESM-safe SVG means non-executable SVG plus a valid SESM metadata block.
Release tag: https://github.com/APTlantis/CityHall/releases/tag/SESM-v0.3.0
Tag source: https://github.com/APTlantis/CityHall/tree/SESM-v0.3.0/SESM
Review Framing
I am looking for review on SESM, a candidate safe profile for embedding non-executable semantic metadata in SVG assets. It includes an explainer, safe profile, threat model, privacy considerations, validator rules, reference implementation, and fixture corpus.
The main review questions are whether the metadata model is useful, whether the safety boundary is clear, and whether the validator behavior is practical for crawlers, archives, design systems, and AI-adjacent tooling.
What Reviewers Should Read First
Reference Implementation
Questions To Ask Reviewers
llm.interpretation_hintsclearly non-authoritative?Non-Claims
SESM does not claim to be a browser feature, change SVG rendering, make arbitrary SVG safe, grant crawler permission, grant AI training permission, replace JSON-LD, replace sidecar files, replace SVG sanitization, or have standards-body adoption.