[Ietf-not43] Requirements Matrix Review

[Hollenbeck, Scott]

> Since the authors have now both asserted that the current drafts of
> their documents meet all of the requirements in the requirements
> document, it would be a good time for those who volunteered
> to cross-check to let the working group know the results of
> their work.  To refresh your memory on who volunteered,
> 
> LDAP Matrix Review: Peter Gietz, Richard Shockey
> 
> IRIS Matrix Review: Ed Lewis, Scott Hollenbeck
> 
> Rick Wesson is to maintain the matrix, so he should be cc:'ed on
> any commments (particularly if they are sub-document reviews,
> rather than a full set).

Before jumping right into comparing specifications to the matrix, I wanted
to check the matrix against the requirements document again to make sure the
foundation for analysis is solid.  I found a few potential issues with the
requirements document and the matrix.  Starting with the requirements:

1. The requirements document mixes upper and lower case versions of the 2119
keywords such as "must" and "MUST".  The distinction is described in section
1.3, but even with this explanation I've seen the IESG resist this practice
in the past.  Is this something everyone is comfortable with?

2. Similarly, there are uses of upper case 2119 key words in non-requirement
sections of the document, including sections 5, 6, and 7.  Given the text in
section 1.3 and the fact that they're not included in the matrix I'm not so
sure that the key words should be in upper case in these sections.

The matrix:

1. There is a MUST in section 3.2 that isn't listed in the matrix.  The
might be because this MUST isn't a protocol requirement, but that gets back
to the potential confusion of mixing case with the keywords and the words in
section 1.3 describing when a MUST will be used.

2. The matrix for section 3.2.9 currently separates the last SHOULD from
section 3.2.9 into two requirements, but the second requirement isn't
clearly identified as a MUST or SHOULD in the requirements document.  This
is the current requirement text:

"and SHOULD be able to provide contact data in US-ASCII, other character
sets, and capable of specifying the language of the data." 

Perhaps the requirements document should read like this to make the
distinction between the two requirements more clear:

"and SHOULD be able to provide contact data in US-ASCII and other character
sets, and SHOULD be capable of specifying the language of the data."

3. The numbering of requirements for section 4.x is incorrect in the matrix.
There are two requirements found in section 4.1, but they are number as
being in sections 4.1 and 4.2; the requirement attributed to section 4.2 is
actually in 4.1.  The requirement attributed to section 4.3 is in 4.2, the
requirement attributed to section 4.4 is in 4.3, and the requirement
specified in section 4.4 is missing altogether.  So, the section numbers
should be fixed and the requirement from section 4.4 should be added.

I'm going to use a matrix with the requirements adjusted as I described
above for my analysis.  I'm also going to ignore the MUST in 3.2 for now.
Does this approach work for the rest of you who will be doing a similar
analysis?

-Scott-