You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Requirements specification

 

Initial discussion mailing list: self-assessment-tool@lists.ewti.eu

Initial discussion notes: http://etherpad.ewti.eu:9001/p/g.bIyUOSNaD6Z1zFWX$selfassessmenttool


Summary: 

 

Tool Use Cases: 
    - LoA assessment for IdPs
    - Sirtfi compliance for IdPs and SPs
    - DPCoCo for EU/EEA
    - SP Assurance level ("inverse" of IdP LoA assessment)
    
Tool Requirements:
    - Responsibility for the tool should be at a federation level. This does not preclude running the tool centrally. This will aid scalability
    - The tool should send assessment requests to organisations based on contact information in metadata
    - The tool should support multiple question types, yes/no and multiple choice
    - Machine readable responses (yes/no/multiple choice) should be supported by secondary, evidence-based free text
    - The tool should facilitate peer review; peer assignment should not be determined by the assessee 
    - Results of assessments should be made available; individual assessee results would be private to the assessee but an agregated view should be freely available
    - Fed Ops should have access to all results of the assessments within their federation
    - Access control for an assessment should facilitate private and public sharing
    - The tool should support re-assessment and have configurable behaviour in the event that the re-assessment is not done or if it fails


  • No labels