Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Vision

The GovStack Sandbox makes the GovStack approach tangible. It is the key tool to raise awareness and educate people on the benefits of the GovStack approach.

The GovStack Sandbox is a safe environment/playground (you can break everything, but it doesn't have a negative effect) simulating a small governmental e-service system (reference implementation).
The GovStack Sandbox is an architectural approach centered around APIs and microservices to help unlock monolithic legacy systems to increase the speed of IT project delivery, leading to more effective and cost efficient digital governments

The sandbox shall encapsulate the business logic and data necessary to represent multiple GovStack capabilities such as APIs, building blocks, use cases and transaction flows.

The GovStack Sandbox serves Policy Makers, Technical Government Experts, and Technical Vendor Experts with functionalities to lower the barrier to using the GovStack approach or getting involved in GovStack Initiative.

The GovStack Sandbox can also serve as a demo or model “Digital Government Services Platform” for learning and capacity-building purposes.

The GovStack Sandbox provides a unified environment for various digital government ecosystem actors to discover, understand, engage, experiment, innovate, and build digital government solutions using the GovStack platform.

High-level Components

  • Software Factory/DevSecOps methodology and tooling

  • Generic Building Block Architecture

  • Specific e-service use cases

  • Registries and Synthetic Data

  • Software compliance testing harness

  • Training material and documentation

Users and User Stories

Policy Maker/Subject Matter Expert

  1. I want to see example results of the service design process described in the “GovStack Implementation Playbook” so that I see proof of the theoretical framework.

  2. I want to experience BB-based use cases without any access barrier (login, deployment time) so that I do not lose attention and can access without tech experience.

  3. I want to click through sector-diverse use cases so that I can experience the generic nature of the BB approach.

  4. I want to click through use cases that are of high importance for my country so that I can convince my colleagues/superiors.

  5. I want to see the data flow in the background while clicking through a use case so that I can understand the BB interaction.

  6. I want to see interactions with among use cases highlighted so that I can understand dependencies between use cases.

  7. I want to see the assumptions and framework conditions (e.g. organizational setup) the use cases/sandbox is based on so that I can compare it with the conditions in my country.

Technical Government Expert

  1. I want to create my own instance of the sandbox so that I can analyze the system in a safe environment.

  2. I want to change APIs so that I can test integration with the test environment of my country.

  3. I want to be able to change registries, API calls of use cases, UI or any other aspect in a save environment, so that I can showcase a customized deployment to my colleagues/superiors.

  4. I want to save my custom sandbox deployment so that I can continue working with it another time.

  5. I want to deploy the sandbox with different software products so that I can experience the interchangeability of software components.

  6. I want to get recommendations for DevSecOps environment so that I can build up my own BB-based system.

  7. I want to get security recommendations on how to set up such an environment so that I can build a secure testing ground for my country's systems.

Technical Vendor Expert

  1. I want to see how my organization can suggest our software product to be integrated into the GovStack sandbox so that I can showcase our spec-compliant software product.

  2. I want to run functional requirements-based test scripts so that I can check the compliance of my software product.

  3. I want to deploy a sandbox instance with my software product so that I can advertise my product as a component of the GovStack BB-based system.

Additional Requirements introduced by GovStack Team

DevSecOps Environment

From the ToR:

  1. WP_2.1 Developing the software factory using Open Container Initiative (OCI)
    compliant containers and Cloud Native Computing Foundation (CNCF)
    certified Kubernetes to orchestrate and manage the containers.

  2. WP_2.2 Designing the GovStack software factory such that it should be possible to host the software factory in any general-purpose public/ private cloud, or multi-tenant environments, as well as in disconnected and classified
    environments.

  3. WP_2.3 Developing the DevSecOps approach for automating the development and deployment activities as much as possible

  4. WP_2.4 Setting up the tools and process workflows created and executed on the tools to support all the activities throughout the full DevSecOps lifecycle.
    WP_2.5 Setting up of the CI/CD Orchestrator as the central automation engine of the CI/CD pipeline for managing the pipeline creation, modification, execution, and termination.

  5. WP_2.6 Prepare documentation and other assets for reuse of the GovStack
    DevSecOps software factory by other actors.

See also DEV.1. to DEV.10., page 15, ToR

Building Block Architecture

Sources for building blocks (purely Open Source):

  1. ITU Procurements: ID, Payment, (IM), Consent

  2. Ukraine (Registries)

  3. DIGIT (30 possibly components, e.g. workflow, messaging)

  4. UNCTAD (Registries)

  5. GIZ (OpenIMIS)

  6. SunBird

  7. Typo3 Association

  8. MOSIP (Identity)

  9. Others? Open for suggestions

Apply security best practices even though it is a testing environment (One possible scenario: in Germany, there are white hat hacker testing systems developed by the government. They reveal, if what the government or assigned companies promise, is true.)

See also SNB.1. to SNB.16., page 17, ToR

See also QLTY.1. to QLTY.13., page 19, ToR

See also HOST.1. to HOST.8., page 19, ToR

Use Cases

The selection of use cases should consider the following criteria:

  1. has been already implemented

  2. has an owner who could describe the user journey in detail

  3. uses as many BB as possible

  4. have interconnections with other use cases

  5. use a core registry (e.g. civil, business, land)

  6. Political priorities (G2P, Social Protection, Gender)

Side products to be produced

  • Onboarding methodology for Building Block suppliers

  • Styleguide

Further Resources

Description of vision, tasks, and deliverables as part of the public tender (February 2022):

View file
nameSandbox ToR-1.1.pdf

Sketch-up by the technical committee: Sandbox Procurement and Tech Committee Overlap - Technical - GovStack Wiki (atlassian.net)

Notes from the Kick-Off Session with GoFore:

View file
nameSandbox Kick-off.pdf

Sketches