"Designed For Windows XP Application Specification" v 2.3, January 2002 Section S2.6, page 59:

S2.6 Enable traversing Network Address Translation

To ensure end-to-end connectivity, applications should use Universal Plug and Play (UPnP) to detect the presence of an UPnP-compliant IGD [Internet Gateway Device]. Upon detection of the UPnP-compliant IGD, the application should create port mappings in the NAT to allow inbound connectivity. [...]

A user should not have to manually enter port mappings in the NAT for an application to receive traffic from the Internet. Manual configuration is unwelcome by customers and in some cases is not possible due to the technical nature of the task.

An application should remove all port mappings at the conclusion of session. Applications that run as a service and have a static port mapping may leave the port mapping to allow for Internet connectivity.

Huh? I guess I misunderstood some fundamentals of security, firewalls and trustworthy computing. Let me rephrase this requirement: "If you want your server application to receive the 'Designed for Windows XP' logo, it should detect firewalls and re-configure them automatically to allow inbound traffic. Do this without any intervention by the user. Don't care about network security - your application won't have any unsafe buffers, right?. You really shouldn't care about the user who maybe wouldn't want internet connectivity to your application because he doesn't trust your skills."

Or as some kids would put it "Don't ask. You can always apologize later."

I guess this requirement should be dropped immediately. Let's just assume we've never ever seen it, ok?