Test plan for AP - Ekonomistyrningsverket

grapeafterthoughtSoftware and s/w Development

Dec 14, 2013 (3 years and 7 months ago)

87 views












ACCESS POINT TEST PLAN





Project Acronym:

PEPPOL

Grant Agreement number:

224974

Project Title:

Pan
-
European Public Procurement Online



PEPPOL Transport Infrastructure


START Access Point Services

Acceptance Test Plan



Version
:
1
.
0
0

Status:

In use



Editors
:


Kenneth Bengtsson

(DIFI/Alfa1lab)


Martin Forsberg

(ESV/Ecru)


Alexander Forst
-
Rakoczy

(BRZ/42virtual)













Project
co
-
funded by the European Commission within the ICT Policy Support Programme

Dissemination Level

P

Public

X

C

Confidential, only for members of the consortium and the Commission Services


PEPPOL Access Point Services

Acceptance Test Plan





2



Revision History


Version

Date

Editor

Org

Description

1.00

23
.
01
.
2012

Kenneth Bengtsson

DIFI/Alfa1lab

First version






















































































































Statement of o
riginality


This deliverabl
e contains original unpublished work except where clearly indicated otherwise.
Acknowledgement of previously published material and of the work of others has been made
through appropriate citation, quotation or both.

Statement of
copyright


This deliverable is released under the terms of the
Creative Commons Licence

accessed through
the following link:
http://creativecommons.org/licenses/by/3.0/
.


In short, it is free to

Share



t漠o潰yⰠ摩s瑲i扵瑥⁡ 搠瑲慮smi琠瑨攠w潲o

Remix



瑯t慤a灴pt桥

睯wk

啮摥r⁴桥⁦潬lo睩湧⁣潮di瑩潮s

Attribution



Yo甠u畳琠t瑴物t畴u⁴ e w潲o⁩渠nh攠e慮湥r⁳灥cifi敤 by 瑨t⁡ t桯rric敮s潲
b畴un潴o
i渠nny 睡y⁴ 慴as畧来s瑳⁴ 慴a瑨ey 敮d潲o攠yo甠潲oyo畲⁵ 攠ef⁴ 攠睯wk)⸠

PEPPOL Access Point Services

Acceptance Test Plan





3



Contributors


Organisations

DIFI
(
Direktoratet for forvaltning og IKT
)
1
,
Norway
,
www.difi.no

ESV (
Ekonomistyrningsverket
)
2
, Sweden,
www.esv.se

BRZ (
Bundesrechenzentrum)
3
, Austria,
www.brz.gv.at


Persons

Jens Aabol, DIFI

Kenneth Bengtsson, DIFI/Alfa1lab

Martin Forsberg, ESV/Ecru

Alexand
er Forst
-
Rakoczy, BRZ/42virtual









1

English: Agency for Public Management and eGovernment

2

English:
National Financial Management Authority

3

English:
Federal Computing Centre

PEPPOL Access Point Services

Acceptance Test Plan





4





Table of Contents


1

Introduction
................................
................................
................................
................................
................

5

1.1

Scope

................................
................................
................................
................................
................

5

2

Access Point Service Acceptance Test Plan
................................
................................
..........................

6

2.1

General

................................
................................
................................
................................
..............

6

2.2

START protocol

................................
................................
................................
................................
.

6

2.3

Service Level requirements
................................
................................
................................
...............

7


PEPPOL Access Point Services

Acceptance Test Plan





5



1

Introduction

This document describes the Acceptance Test Plan for a PEPPOL Access Point Service. The Acceptance
Test Plan is a list of functional and non
-
functional requirements that a P
EPPOL Access Point Service has to
fulfil in order to claim compliant with PEPPOL requirements.


The Acceptance Test Plan is a checklist that a PEPPOL Access Point Provider must go through in their self
-
assessment
of their PEPPOL conformance

and compliance
testing.
It describes on a high level the various
functionalities and requirements that must be tested and must be compliant with PEPPOL specifications and
policies. The Acceptance Test Plan does not specify how the testing must be carried out on an operat
ional
level.


As a product of the PEPPOL compliance and conformance testing the PEPPOL Access Point Provider must
submit the
results of the acceptance testing to its PEPPOL Regional Authority.

1.1

Scope

This Acceptance Test Plan is for testing the behaviour of an Access Point within the PEPPOL transport
infrastructure. It does
not
concern how to test local infrastructures, back
-
end systems or other components
not within the PEPPOL transport infrastructure
.




PEPPOL Access Point Services

Acceptance Test Plan





6



2

A
ccess
P
oint
S
ervice
A
cceptance
T
est
P
lan


Deliverable

Compliant

Not
compliant

Not tested

Comments

2.1

General

1.


The Access Point Provider has signed the
PEPPOL Access Point Provider
Agreement





2.


The Access Point Provider has received a
valid PEPPOL
certificate from the
Regional Authority





2.2

START protocol

3.


The Access Point signs START
messages with a
valid

certificate (either
the issued AP certificate or the certificate
of an identity provider)





4.


The Access Point uses HTTPS for
receiving
messages





5.


A message can be received from another
Access Point using valid production
certificates

issued by PEPPOL

for use in
the transport infrastructure





6.


A message is rejected if the sending
Access Point does not use a valid
certificate issued

by PEPPOL

for use in
the

transport infrastructure





7.


A message is rejected if the sending
Access Point uses an expired certificate





8.


The Access Point responds correctly to a
received PING message

(optional
requirement)





9.


The Access Point uses
HTTPS for
sending messages





10.


The Access Point can look up in the
SML/SMP the receiving capabilities of a
participant, and verifies that receiving
participant is capable of receiving the
messages being sent, including verifying
that the transport protoc
ol being used is
supported by the recipient






11.


The Access Point can retrieve the
published

endpoint URL when looking up
a participant in the SML/SMP





12.


A message can be
sent
to another
Access Point using valid production
certificates

issued by PEPPOL for use in
the transport infrastructure






PEPPOL Access Point Services

Acceptance Test Plan





7




Deliverable

Compliant

Not
compliant

Not tested

Comments

13.


The Access Point rejects sending a
message if the receiving Access Point
does not
sign the response messages
with

a valid certificate issued

by PEPPOL

for use in the
transport infrastructure





14.


The Access Point rejects sending a
message if the receiving Access Point
uses an expired certificate





15.


The Access Point rejects sending a
message if the certificate used by the
receiving Access Point does not match its
certificate published by
the SMP





16.


The Access Point can send a correct
PING message

(optional requirement)





17.


In case of errors the Access Point
responds with correct SOAP fault
messages as defined in START
specification





18.


The
Authentication Level

indicated by the
Access Point matches the level of
participant authentication implemented by
the Access Point Provider





2.3

Service Level requirements

19.


The Access Point is logging business
documents and necessary data and is
storing log files in a secure and safe
manner





20.


The Access Point has been designed to
meet uptime requirements and a
contingency plan has been developed





21.


The Access Point service responds to
other Access Point services within the
established timeframe and has an
established strategy for
scalability