This is all correct... but I'd like to add:
You can use DW spry validation to add client validation to the fields, that seems to be left out.
I would like to also add that step 2 can be accomplished in the Validation Toolkit User interface if you happen to own that extension and you could browse and select the validations you want to add instead of editing the code.
The same goes for #3 if you own DataAssist, you can just update the server behavior.