Requirements

After some time, I managed to write this list of requirements for Fenrir:

• Efficiency: The protocol must not be above the 5th layer of the ISO/OSI pile and must be a binary one -- no XML.
• Completeness: The protocol must handle authentication, authorization, encryption of the connection.
• Flexibility: It must be adaptable to multiple needs:
  • multiple streams
  • both reliable and _unreliable connections
  • both ordered and unordered messages
  • both bytestream and datagram transmission
  • any combination of the above
  • Forward Eror Correction support
• Interoperbility: A developer must be able to use a single library for multiple vendors, without any change (f**k OAuth).
• Federation: As in kerberos, federated authentication must be possible.
• Token-based: We don't like to give our password away too often.
• Nonce-based: I really don't like to keep synchronized clocks between client and server...
• Securely desinged: The protocol must not have any amplification attack. and provide formal proofs.
• multiple authorization levels. We'd like to grant different levels of privilege to different applications.

These are just the main requirements. A lot of other small but important stuff is:

• Reconnect Without big handshakes: - tcp handshake + ssl handshake + OAuth handshake takes a LOT of time, being able to associate once and then reuse the association even after a quick network failure is a good thing.
• Multi-homing support: Possibly dynamic for long connections and mobile clients.
• Mobility support: the connection stays up even if we change IPs.
• Do something about the ridiculous X.509 certificate situation.