- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Thu, 25 Sep 2008 15:13:24 -0400
- To: XMLSec WG Public List <public-xmlsec@w3.org>
- Message-Id: <4C906DAD-6B6C-47E6-B477-5CCFEAA3052B@nokia.com>
I propose we adopt the following draft as content for the Principles section of the Requirements document [1]. This based on our previous F2F discussion of principles [2] as well as the EXI principles shared by Ed Simon [3]. regards, Frederick Frederick Hirsch Nokia [1] http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/Overview.html#principles [2] http://www.w3.org/2008/07/16-xmlsec-minutes.html#item10 [3] http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0005.html Part a] Proposed content for section 2, Principles: The following design principles will be used to guide further development of XML Signature and Canonical XML and to encourage consistent design decisions. They are listed here to provide insight into design rationale and to anchor discussions on requirements and design. This list includes items from the original requirements for XML Signature [XMLDSIG-REQS] as well as general principles from EXI [EXI]. General: One of primary objectives of XML Signature is to support a wide variety of use cases requiring digital signatures, including situations requiring multiple signatures, counter-signatures, and signatures including multiple items to be included in a signature. Specialized approaches optimized for specific use cases should be avoided. Extensibility should be possible, but by default options should be constrained when the flexibility is not needed. XML Interoperable: XML Signature must integrate well with existing XML technologies, be compatible with the XML Information Set [InfoSet], in order to maintain interoperability with existing and prospective XML specifications. XML Signatures are First Class Objects: XML Signatures should themselves be self-describing first class XML objects. Consistent with the Web Architecture: The XML Signature design must be consistent with the Web Architecture [WebArch] . Backward compatible: Backward compatibility with XML Signature should not be broken unnecessarily. Versioning should be clearly considered. Consideration must also be given for interoperability with the First and Second Editions of XML Signature [XMLDSIGSecondEdition]. Minimal: To reach the broadest set of applications, reduce the security threat footprint and improve efficiency, simple, elegant approaches are preferred to large, analytical or complex ones. Efficient: XML Signature should enable efficient implementations, in order to remove barriers to adoption and use. Secure: XML Signature must be adhere to security best practices, and minimize the opportunities for threats based on XML Signature mechanisms. Reuse Existing Open Standards Existing open standards should be reused where possible, as long as other principles can be met. Pragmatic: Recognize pragmatic issues, including recognizing that software might be implemented in layers, with a security layer independent of a security layer. --- Part B] Additions to references section [EXI] Efficient XML Interchange (EXI) Format 1.0, W3C Working Draft 28 July 2008, J. Schneider, T. Kamiya http://www.w3.org/TR/2008/WD-exi-20080728/ [InfoSet] XML Information Set (Second Edition), W3C Recommendation 4 February 2004. J. Cowan, R. Tobin http://www.w3.org/TR/2008/WD-exi-20080728/#XMLInfoset [XMLDSIGSecondEdition] XML Signature Syntax and Processing (Second Edition), W3C Recommendation 10 June 2008 http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/ [WebArch] Architecture of the World Wide Web, Volume One, W3C Recommendation 15 December 2004, I. Jacobs, N. Walsh. http://www.w3.org/TR/webarch/
Received on Thursday, 25 September 2008 19:14:11 UTC