W3C home > Mailing lists > Public > public-xmlsec@w3.org > August 2008

Principles for requirements document

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Mon, 11 Aug 2008 11:07:16 -0400
Message-Id: <73FEEDDD-9AC3-49C4-AEF9-C5C61F56B384@nokia.com>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
To: XMLSec WG XMLSec W3C <public-xmlsec@w3.org>

During the F2F we discussed principles from the original XML  
Signature requirements document and in my presentation I outlined  
possible principles for the requirements document going forward.

At the F2F we agreed that we should have a  list of principles that  
should be followed.

http://www.w3.org/2008/07/16-xmlsec-minutes.html#item10

Do we agree on these principles, do we need changes or additions? I  
updated #6 to reflect our desire to minimize dependencies.

1. Be Consistent with the Web Architecture
http://www.w3.org/TR/webarch/

2. Be XML and XML Namespace compatible

3. XML Signatures are 1st class objects

4. Design for security and mitigating attacks

5. Enable extensibility where necessary but simplicity and reduced  
optionality by default

6. Re-use existing standards where possible but minimize dependencies  
on other standards as much as possible.

7. Donít break backward compatibility unnecessarily

8.  Manage versioning and interoperability - clearly call out  
compatibility issues

9. Acknowledge processing models with different software components/ 
layers.

If someone would like to propose text to describe these further that  
would be useful.

Thanks

regards, Frederick

Frederick Hirsch
Nokia
Received on Monday, 11 August 2008 15:13:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:54 GMT