Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Mission Contribution

The Sandbox contributes to the GovStack vision in providing a demonstration environment to learn and a technical environment to test “more effective and cost-efficient digital government services”.

In other words, the GovStack Sandbox…

  • makes the GovStack approach tangible. It is the key tool to raise awareness and educate people on the benefits of the GovStack approach.

  • is an isolated, safe environment (you can break everything, but it doesn't have a negative effect) simulating a small governmental e-service system (reference implementation).

  • is an architectural approach centered around APIs and microservices to help unlock monolithic legacy systems to increase the speed of IT project delivery, leading to more effective and cost efficient digital governments

  • encapsulates the business logic and data necessary to represent multiple GovStack capabilities such as APIs, building blocks, use cases and workflows.

High-Level Features

  • DevSecOps methodology and tooling to replicate the testing, configuration, deployment and operation of BB candidates

  • Generic architecture implementation of Information Mediator and Open Source Building Blockcandidates to build the functional foundation

  • Specific e-service use cases

    • as pre-determined test scenarios to validate the functioning of the BB architecture

    • as frontends to visually showcase citizen-journey (optional civil servant) and educate on functioning

    • with dummy data registries enabling the use cases

  • Software compliance testing harness

  • Training material and documentation

Users and User Stories

Personas sourced from:

View file
nameUser persona profiles.docx

Status
colourBlue
titlePRiority

Persona: “Policy Decision Maker” (Government, non-technical)

  • Status
    colourGreen
    titleHigh
    I want to experience an end-to-end use case (e.g. from new-born child registration to healthcare provision) so that I can understand the complexity of the complete business logic and usage of BB throughout the whole process.

  • Status
    colourGreen
    titleHigh
    I want to be guided in and around the sandbox itself for demonstration purposes so that I can get the full technical and non-technical picture without specific domain knowledge.

  • Status
    colourGreen
    titleHigh
    I want to see the BB interaction while clicking through a use case so that I can understand the distributed BB approach and combination of BB.

View file
nameBB-architecture-example-non_technical.pptx

  • Status
    colourGreen
    titleHigh
    I want to see the interaction between users (e.g. Citizen and civil servant) so that I can imagine the interaction between citizens of my country and my ministry employees.

  • Status
    colourGreen
    titleHigh
    I want to click through sector-diverse use cases with calling out used workflows (semi-generic) and used BB (generic) so that I can understand the conceptual abstraction layers of the SDG Digital Investment Framework.

  • Status
    colourYellow
    titleMedium
    I want to be informed about reuse of workflows among offered use cases in the sandbox so that I can understand dependencies between use cases.

  • Status
    colourYellow
    titleMedium
    I want to access resources that proof the usage of the GovStack Implementation Playbook when prototyping the shown use case/services by the GovStack team (e.g. documentation after each step) so that I see proof of the theoretical framework.

  • Status
    colourYellow
    titleMedium
    I want to experience BB-based use case without any access barrier (login, deployment time, different credentials for user groups e.g. switching between citizen and civil servant view) so that I do not lose attention and can access without tech experience.

  • Status
    colourYellow
    titleMedium
    I want to see the assumptions and framework conditions (e.g. organizational setup) the use cases/sandbox is based on so that I can compare it with the conditions in my country.

  • Status
    colourRed
    titleLow
    I want to see that the system is restricted and designed for different user groups (citizen, admin, civil servant) so that I see security and user management/rights being addressed.

  • Status
    colourRed
    titleSelection process
    I want to click through use cases and used common workflows that are of high importance for my country so that I can convince my colleagues/superiors.

  • Status
    colourRed
    titleLow
    I want to see what happens if a Government does not use the BB approach so that I can see benefits of the approach.

Persona: “Maintainer at Government” (Government, technical)

  • Status
    colourGreen
    titleHigh
    I want to deploy the sandbox with different BB candidates so that I can experience the interchangeability of software components.

  • Status
    colourGreen
    titleHigh
    As an IT expert in a Ghanian ministry/contracted IT consultant I want to be able to select for each BB 1 out of 3 Govstack-Compliant applications and deploy them with a particular use-case configuration so that I can understand Govstack interoperability concept and consider using the architecture and methodology in my own digital transformation. (Owner: Taylor Downs )

  • Status
    colourGreen
    titleHigh
    I want to test the performance and other metrics (e.g. latency, network speed, response time, compression, carbon footprint) so that I can evaluate the potential usage of the architecture.

  • Status
    colourGreen
    titleHigh
    I want to read an up-to-date documentation (technology stack, licenses, architecture diagram,…) so that I can inform myself about details of use software and architecture.

  • Status
    colourGreen
    titleHigh
    I want to experience accessibility and UX so that I can assess the usability for my target group.

  • Status
    colourYellow
    titleMedium
    I want to create self-hosted instance of the sandbox so that I can analyze the system in a safe environment

  • Status
    colourYellow
    titleMedium
    I want to be able to access and change source code or any other aspect in a safe environment, so that I can showcase a customized deployment to my colleagues/superiors.

  • Status
    colourYellow
    titleMedium
    I want to get a blueprint for DevSecOps environment so that I can build up my own BB-based system.

  • Status
    colourYellow
    titleMedium
    I want to see the infrastructure performance requirements that is needed to assess the sustainability of the BB based approach.

  • Status
    colourYellow
    titleMedium
    I want to check the administration and maintainability concept so that I can evaluate the potentially needed Maintenace efforts.

  • Status
    colourRed
    titleLow
    I want to save my custom sandbox deployment so that I can continue working with it another time.

  • Status
    colourRed
    titleLow
    I want to change API so that I can test integration with the test environment of my country.

  • Status
    colourRed
    titleLow
    I want to get security recommendations on how to set up such an environment so that I can build a secure testing ground for my country's systems.

Persona: “CEO / Entrepreneur” (of a company supplying a BB candidate, technical)

  • Status
    colourYellow
    titleMedium
    I want to run functional and API requirements-based test scripts (and possibly other compliance checks, see status of compliance concept) so that I can proof compliance of my software product.

  • Status
    colourYellow
    titleMedium
    I want to deploy a sandbox instance with my BB candidate so that I can advertise my product as a possible component of the GovStack BB-based system.

  • Status
    colourRed
    titleLow
    I want to see how my organization can suggest my BB candidate to be integrated into the GovStack sandbox so that I can showcase our spec-compliant software product.

Use Cases

1. Unconditional Social Cash Transfer/G2P Use Case

Use Case description to be inserted Nico Lueck

Building Blocks Candidates

  • Consent

  • Identification and Verification: ITU Procurement

  • Messaging

  • Payments: ITU Procurement

  • Registration: OpenCRVS?

  • Scheduling

  • Workflow and Algorithm

  • Client Case Management: OpenIMIS?

2. Construction Permits (from Djibouti)

Service design process ongoing

Additional (Non-)Functional Requirements

Requirements with abbreviations are taken from the ToR

View file
nameSandbox ToR-1.1.pdf

Automated Testing Requirements

Status
colourGreen
titleHigh
Usage of the existing BB repo structures, sketched out here: Sandbox Procurement and Tech Committee Overlap
Status
colourRed
titleLow
TSTA.1 Automated test scheduling, executing and reporting shall be manageable in a central, multi-user environment.
Status
colourYellow
titleMedium
TSTA.2 Automated tests shall be reusable and customizable in order to run in different environments and by different GovStack implementing actors.
Status
colourYellow
titleMedium
TSTA.3 Automated tests shall follow a unified reporting and monitoring.

Manual Testing Requirements

Status
colourRed
titleLow
TSTM.1 Guides shall describe user scenarios which cover as much functional
requirements as possible.
Status
colourRed
titleLow
TSTM.2 Guides shall include adversarial scenarios for basic security testing.

Quality Requirements

Status
colourYellow
titleMedium
QLTY.1 Accessibility: Use case frontends shall be usable by people with disabilities by “direct access” (i.e. unassisted) and "indirect access" meaning compatibility with a person's assistive technology.
Status
colourGreen
titleHigh
QLTY.2 Compatibility: User interfaces shall be compatible to end user devices with latest versions of Microsoft Edge, Google Chrome, Mozilla Firefox and Apple
Safari browsers.
Status
colourGreen
titleHigh
QLTY.3 Customizability: The system shall be flexible to add new use cases.
Status
colourGreen
titleHigh
QLTY.4 Interchangeability: The system shall enable software products which act as building block implementations to be added or interchanged with other
software products.
Status
colourGreen
titleHigh
QLTY.5 Interoperability: The system shall use open standards for all internal or external interfaces.
Status
colourGreen
titleHigh
QLTY.6 Maintainability: The system shall be open for corrective, adaptive, perfective and preventive changes during the whole software life cycle.
Status
colourGreen
titleHigh
QLTY.7 Open: The system shall use open standard, built on open-source software (where possible), support open development, use cloud-native standards and be publicly available (see also chapter on open source licences).
Status
colourYellow
titleMedium
QLTY.8 Reliability: The system shall maintain reliability when scaled in real world use cases.
Status
colourGreen
titleHigh
QLTY.9 Reproducibility/replicability: The system shall be easily replicable by other actors (e.g. implementing governments) through the means of documentation and providing DevSecOps guidance.
Status
colourGreen
titleHigh
QLTY.10 Reusability: The System and its artifacts shall be developed to be reusable by other actors (e.g. published code, containers, testing suits, UI designs).
Status
colourGreen
titleHigh
QLTY.11 Robustness: The system shall be able to perform with low bandwidth and
unreliable connectivity (act as a best practice reference to low-resource
environments).
Status
colourGreen
titleHigh
QLTY.12 Testability: The system shall be (automatically) testable and validatable.
Status
colourGreen
titleHigh
QLTY.13 Responsive: User interfaces adapt to screen size and allow displaying on mobile or kiosk devices.

Hosting Requirements

Status
colourGreen
titleHigh
HOST.1 Scope: All components of the sandbox including information mediator building blocks, synthetic data storage and use cases, excluding all other interfacing building blocks, excluding procured foundational BB or BB provided by partnerships shall be hosted by the contractor.
Status
colourYellow
titleMedium
HOST.2 Minimum types of environments: Integration, Staging and Production
Status
colourGreen
titleHigh
HOST.3 Cloud based: The system shall run on a cloud-based infrastructure.
Status
colourGreen
titleHigh
HOST.4 Provider agnostic: The setup shall be easily replicable on other cloud platforms to meet our principle of being neutral and generic (cloud native).
Status
colourGreen
titleHigh
HOST.5 Availability: The system’s uptime shall be above 99.00% (max. of 7.31 hours downtime a month).
Status
colourYellow
titleMedium
HOST.6 Recoverability: The system shall be subject of continuous back-up routine and a well-defined disaster-recovery process.
Status
colourGreen
titleHigh
HOST.7 ISO27001 compliance: The hosting provider shall be certified under
ISO27001.
HOST.8 SOC 2 and 3 compliance: The hosting provider shall be certified under SOC and 3.

Synthetic data requirements

Status
colourGreen
titleHigh
DATA.1 Use case relevant: The data shall comprise all use case relevant properties.
Status
colourRed
titleLow
DATA.2 Citizen representative: The data shall replicate all important statistical properties of real data.
Status
colourGreen
titleHigh
DATA.3 No attribution: The data shall be fully synthetic which make identification of any single unit impossible. At the same time all variables are still fully available.

DevSecOps Environment

Status
colourGreen
titleHigh
Contribute to and use deployment and configuration scripts of the BB repos, sketched out here: Sandbox Procurement and Tech Committee Overlap

Status
colourGreen
titleHigh
WP_2.1 … use Open Container Initiative (OCI) compliant containers and Cloud Native Computing Foundation (CNCF) certified Kubernetes
Status
colourGreen
titleHigh
WP_2.2 ... host in any general-purpose public/ private cloud, or multi-tenant environments, as well as in disconnected and classified
environments.
Status
colourGreen
titleHigh
WP_2.3 … for automating the development and deployment activities as much as possible
Status
colourYellow
titleMedium
WP_2.4 … support all the activities throughout the full DevSecOps lifecycle.
Status
colourYellow
titleMedium
WP_2.5 CI/CD Orchestrator as the central automation engine of the CI/CD pipeline for managing the pipeline creation, modification, execution, and termination.
Status
colourGreen
titleHigh
WP_2.6 Documentation and other assets for reuse of the GovStack
DevSecOps software factory by other actors.

Status
colourYellow
titleMedium
DEV.1 Citizen-centric: Design is centered around typical high-priority user journeys and use cases related to the SDGs. Ideally, citizens are involved at certain stages of the development cycle.
Status
colourGreen
titleHigh
DEV.2 Generic: No single/exclusive methodological product or supporting software product is required.
Status
colourGreen
titleHigh
DEV.3 Standard-based: Captured and guided by industry-recognized standards.
Status
colourGreen
titleHigh
DEV.4 Open: Published under open source or creative commons licence (see chapter 3.3.7).
Status
colourGreen
titleHigh
DEV.5 Reusable: Reusable by other actors (e.g. implementing governments) to setup an own instance of the sandbox or implement the GovStack approach.
Status
colourGreen
titleHigh
DEV.6 Agile: Quick and short cycles to setup, test and validate the sandbox/GovStack implementation and then go for the next iteration.
Status
colourYellow
titleMedium
DEV.7 Efficient: Incorporating security checks while maintaining deployment speed (through e.g. automate security gates).
Status
colourYellow
titleMedium
DEV.8 Security: Incorporate measures/steps in DevSecOps approach to increase security (also known as DevSecOps). Use supporting tools to scan for
dependencies and perform static code analysis (e.g. Snyk, SonarQube or
similar).
Status
colourGreen
titleHigh
DEV.9 Documented: Document crucial activities, customizations, configurations or code (using documentation generated from the code, through e.g. docbook, asciidoc or similar)
Status
colourGreen
titleHigh
DEV.10 Integrated: In case of the GovStack sandbox implementation, usage of tools the GovStack Community is already working with: Gitlab and Gitbook.