Project

General

Profile

Actions

Quality management » History » Revision 4

« Previous | Revision 4/9 (diff) | Next »
Detlef Hühnlein, 10/22/2015 11:56 AM


Quality management

The quality management consist of two big parts. The first part is covered by the Developer Guide which contains the rules regarding to the code quality, code style, etc. The second part is a description of test which ensure have to be completed before a new version of the Open eCard App is released.

Quality Assurance Process

ISO 9000 defines quality assurance as a "part of quality management [...] focused on the providing confidence that quality requirements will be fulfilled." [ISO05]. In this sense quality assurance is a process targeting the objective to guarantee that a product works as intended. This task is mostly done by specifying tests which may be automated or not. The Open eCard project uses a mixture of manual and automated tests in the form of Continuous Integration and acceptance tests where automation is not feasible.

Continuous Integration

The Open eCard team uses Jenkins as tool for this task. The Jenkins server builds the complete project after a new version has been uploaded to the main Git repository after that all unit and integration tests available and enabled are performed. If an error occurs while this procedure the responsible release manager and if contact information are available the developers are informed. In the case that are all test successfully executed the release manger has to decide whether to accept or reject the changes.

Acceptance Testing

The main focus of the acceptance testing is the compliance to the technical guideline BSI-TR03124 part 2 and the practical usability with
existing services.

  1. eID-Client-Test-Suite
    The conformance is tested with the latest available version of the official test suite issued by the BSI. This is a specialized test which ensures that the Open eCard App works as described in BSI-TR03124 part 1. So it cover just the functionality of the German eID card but there are general parts which are also usable for other cards like the directions regarding error messages, information to display on the UI e.g retry counters of a PIN, etc.
  1. Services which accept the German eID Card
    An important requirement is that the
  1. Cards with TLS-Client-Authentication
    Besides the user interface testing for other cards which is currently restricted to the PIN entry dialog there is a need to test the card possibilities like creation of a electronic signature or creating a random number. Currently there is just the procedure of testing an TLS authentication where the card signs a challenge by performing the operation Perform Security Operation Digital Signature or Internal Authenticate (according to ISO/IEC 7816 part 4). This includes also some more smart card related methods to select and read the specific files containing required certificates and separate applications which may contain the signing key.

ISO05: ISO. 9000:2005 Quality management systems Fundamentals and vocabulary. ISO 9000:2005, International Organizations for Standardization, 2005.

Updated by Detlef Hühnlein about 9 years ago · 4 revisions

Also available in: PDF HTML TXT