Requirements

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

W3C Recommendation, XML Encryption Syntax and Processing

• The API MUST allow a programmer to encrypt and decrypt XML such that all of the SHOULD and MUST requirements specified by the W3C recommendation can be satisfied.
• The API MUST allow an implementation of the API to be created such that all of the SHOULD and MUST requirements specified by the W3C recommendation can be satisfied.

DOM-independent API

The API MUST NOT have dependencies on a specific XML representation, such as DOM. It MUST be possible to create implementations of the API for different XML processing and mechanism representations, such as DOM, JDOM or dom4j.

Extensible, provider-based API

It MUST be possible for a third-party to create and plug in an implementation responsible for managing and creating cryptographic and transform algorithms, dereferencing URIs, and marshalling objects to/from XML.

Support for a default XML mechanism type: DOM

An implementation MUST minimally support the default mechanism type: DOM. This ensures that all implementations of JSR 106 are guaranteed a minimal level of functionality. Implementations MAY support other mechanism types.

Interoperability for the default XML mechanism type: DOM

The API SHOULD ensure that applications using a DOM implementation are portable and interoperable.