W3C home > Mailing lists > Public > public-xmlsec@w3.org > September 2008

Proposal for principles to add to Requirements document

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Thu, 25 Sep 2008 15:13:24 -0400
Message-Id: <4C906DAD-6B6C-47E6-B477-5CCFEAA3052B@nokia.com>
To: XMLSec WG Public List <public-xmlsec@w3.org>
I propose we adopt the following draft as content for the Principles  
section of the Requirements document [1].

This based on our previous F2F discussion of principles [2] as well as  
the EXI principles shared by Ed Simon [3].

regards, Frederick

Frederick Hirsch
Nokia

[1] http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/Overview.html#principles

[2] http://www.w3.org/2008/07/16-xmlsec-minutes.html#item10

[3] http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0005.html


Part a] Proposed content for section 2, Principles:

The following design principles will be used to guide further  
development of XML Signature and Canonical XML and to encourage  
consistent design decisions. They are listed here to provide insight  
into design rationale and to anchor discussions on requirements and  
design. This list includes items from the original requirements for  
XML Signature [XMLDSIG-REQS] as well as general principles from EXI  
[EXI].
General:
One of primary objectives of XML Signature is to support a wide  
variety of use cases requiring digital signatures, including  
situations requiring multiple signatures, counter-signatures, and  
signatures including multiple items to be included in a signature.  
Specialized approaches optimized for specific use cases should be  
avoided. Extensibility should be possible, but by default options  
should be constrained when the flexibility is not needed.
XML Interoperable:
XML Signature must integrate well with existing XML technologies,  be  
compatible with the XML Information Set [InfoSet],  in order to  
maintain interoperability with existing and prospective XML  
specifications.
XML Signatures are First Class Objects:
XML Signatures should themselves be self-describing first class XML  
objects.
Consistent with the Web Architecture:
The XML Signature design must be consistent with the Web Architecture  
[WebArch] .
Backward compatible:
Backward compatibility with XML Signature should not be broken  
unnecessarily. Versioning should be clearly considered. Consideration  
must also be given for interoperability with the First and Second  
Editions of XML Signature [XMLDSIGSecondEdition].
Minimal:
To reach the broadest set of applications, reduce the security threat  
footprint and improve efficiency, simple, elegant approaches are  
preferred to large, analytical or complex ones.
Efficient:
XML Signature should enable efficient implementations, in order to  
remove barriers to adoption and use.
Secure:
XML Signature must be adhere to security best practices, and minimize  
the opportunities for threats based on XML Signature mechanisms.
Reuse Existing Open Standards
Existing open standards should be reused where possible, as long as  
other principles can be met.
Pragmatic:
Recognize pragmatic issues, including recognizing that software might  
be implemented in layers, with a security layer independent of a  
security layer.
---
Part B] Additions to references section

[EXI] Efficient XML Interchange (EXI) Format 1.0, W3C Working Draft 28  
July 2008, J. Schneider, T. Kamiya
http://www.w3.org/TR/2008/WD-exi-20080728/

[InfoSet] XML Information Set (Second Edition), W3C Recommendation 4  
February 2004. J. Cowan, R. Tobin
http://www.w3.org/TR/2008/WD-exi-20080728/#XMLInfoset

[XMLDSIGSecondEdition] XML Signature Syntax and Processing (Second  
Edition), W3C Recommendation 10 June 2008
http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/
[WebArch] Architecture of the World Wide Web, Volume One, W3C  
Recommendation 15 December 2004, I. Jacobs, N. Walsh. http://www.w3.org/TR/webarch/
Received on Thursday, 25 September 2008 19:14:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:55 GMT