...
Please comment in the document or send the editors (Hannah Short and Mikael Linden) an email if there is anything specific you would like to discuss.
...
Initial discussion mailing list: self-assessment-tool@lists.ewti.eu
Initial discussion notes: http://etherpad.ewti.eu:9001/p/g.bIyUOSNaD6Z1zFWX$selfassessmenttool
Draft requirements specification (please comment!): Google doc
Summary
Tool Use Cases
- LoA assessment for IdPs
- Sirtfi compliance for IdPs and SPs
- SP Assurance level ("inverse" of IdP LoA assessment)
...
- Responsibility for the tool should be at a federation level. This does not preclude running the tool centrally. This will aid scalability
- The tool should send assessment requests to organisations based on contact information in metadata
- The tool should support multiple question types, yes/no and multiple choice
- Machine readable responses (yes/no/multiple choice) should be supported by secondary, evidence-based free text
- The tool should facilitate peer review; peer assignment should not be determined by the assessee
- Results of assessments should be made available; individual assessee results would be private to the assessee but an agregated view should be freely available
- Fed Ops should have access to all results of the assessments within their federation
- Access control for an assessment should facilitate private and public sharing
- The tool should support re-assessment and have configurable behaviour in the event that the re-assessment is not done or if it fails
...
