Is this a "Quality" document describing the quality of software
or a set of requirements? It reads more like a set of requirements.
The test requirements themselves look reasonable and pretty much
mirror the test suites that are used in EMI certification of 
security components. One question that comes to mind is that is
EGI expecting a new set of test-suites to run in a particular
framework or will they use the results of EMI certification?

1.1

OK.

1.2

1.3

OK

2.1

OK

2.2

OK

2.3

ATTAUTH_ WEB_2

This follows the previous (EGEE/LCG) policy documents?
If so, OK.

3.1

OK

3.2

OK

3.3

AUTHZ_ PDP_1

"PDPs must support the XACML interface" This is a bit
general. Internally Argus uses XACML but the WHOLE 
XACML spec is not used.

Rest OK

3.4

OK

4.1

OK

4.2

OK