- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Mon, 11 Aug 2008 11:07:16 -0400
- To: XMLSec WG XMLSec W3C <public-xmlsec@w3.org>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
During the F2F we discussed principles from the original XML Signature requirements document and in my presentation I outlined possible principles for the requirements document going forward. At the F2F we agreed that we should have a list of principles that should be followed. http://www.w3.org/2008/07/16-xmlsec-minutes.html#item10 Do we agree on these principles, do we need changes or additions? I updated #6 to reflect our desire to minimize dependencies. 1. Be Consistent with the Web Architecture http://www.w3.org/TR/webarch/ 2. Be XML and XML Namespace compatible 3. XML Signatures are 1st class objects 4. Design for security and mitigating attacks 5. Enable extensibility where necessary but simplicity and reduced optionality by default 6. Re-use existing standards where possible but minimize dependencies on other standards as much as possible. 7. Don’t break backward compatibility unnecessarily 8. Manage versioning and interoperability - clearly call out compatibility issues 9. Acknowledge processing models with different software components/ layers. If someone would like to propose text to describe these further that would be useful. Thanks regards, Frederick Frederick Hirsch Nokia
Received on Monday, 11 August 2008 15:13:34 UTC