From e8f8957410ecd65c071a5ca392c5960d65976185 Mon Sep 17 00:00:00 2001 From: Ben Hoxie Date: Thu, 31 May 2018 14:25:35 -0400 Subject: [PATCH 1/3] checklist versino --- certification_checklists.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 certification_checklists.md diff --git a/certification_checklists.md b/certification_checklists.md new file mode 100644 index 0000000..ba2d6c3 --- /dev/null +++ b/certification_checklists.md @@ -0,0 +1,28 @@ +## Overview +As an open-source project, there is no centralizing body that can assess if implementations of OpenGDPR are following the spec correctly. Instead implementors can self-certify their implementation by testing it against the following two checklists, one for processors and one for controllers. + +## Self-Certification Checklist: Processors + +- [ ] New requests: validations and correctly processing new requests, including included extensions +- [ ] Request status objects: sending correct status objects and `expected_completion` time +- [ ] Request cancellation +- [ ] Generating and securing results files in the `results_url` field +- [ ] `/discovery`: public certificate, supported identity types, extensions +- [ ] API security: authentication & authorization +- [ ] Requests are signed with the private key +- [ ] Private key is protected and securely managed +- [ ] Callbacks are sent on status changes +- [ ] Major version number in URLs +- [ ] Logging activity +- [ ] Publishing any required extensions +- [ ] Defined process for fulfilling each request type +- [ ] Metrics on the fulfillment to ensure correct operations + + +## Self-Certification Checklist: Controllers +- [ ] New `opengdpr_requests`: correctly populating required fields especially `identity_types` and `extensions` +- [ ] Request status: polling or callbacks to track progress +- [ ] Callback receipt: stable endpoint for receiving status objects +- [ ] Certificate validation and caching +- [ ] Signature validations on requests +- [ ] Logging From ecf0d19ea591e01f8288856a8cbc832c69c0f37b Mon Sep 17 00:00:00 2001 From: Ben Hoxie Date: Thu, 31 May 2018 14:26:10 -0400 Subject: [PATCH 2/3] checklist version --- certification_checklists.md | 28 ---------------------------- 1 file changed, 28 deletions(-) delete mode 100644 certification_checklists.md diff --git a/certification_checklists.md b/certification_checklists.md deleted file mode 100644 index ba2d6c3..0000000 --- a/certification_checklists.md +++ /dev/null @@ -1,28 +0,0 @@ -## Overview -As an open-source project, there is no centralizing body that can assess if implementations of OpenGDPR are following the spec correctly. Instead implementors can self-certify their implementation by testing it against the following two checklists, one for processors and one for controllers. - -## Self-Certification Checklist: Processors - -- [ ] New requests: validations and correctly processing new requests, including included extensions -- [ ] Request status objects: sending correct status objects and `expected_completion` time -- [ ] Request cancellation -- [ ] Generating and securing results files in the `results_url` field -- [ ] `/discovery`: public certificate, supported identity types, extensions -- [ ] API security: authentication & authorization -- [ ] Requests are signed with the private key -- [ ] Private key is protected and securely managed -- [ ] Callbacks are sent on status changes -- [ ] Major version number in URLs -- [ ] Logging activity -- [ ] Publishing any required extensions -- [ ] Defined process for fulfilling each request type -- [ ] Metrics on the fulfillment to ensure correct operations - - -## Self-Certification Checklist: Controllers -- [ ] New `opengdpr_requests`: correctly populating required fields especially `identity_types` and `extensions` -- [ ] Request status: polling or callbacks to track progress -- [ ] Callback receipt: stable endpoint for receiving status objects -- [ ] Certificate validation and caching -- [ ] Signature validations on requests -- [ ] Logging From 4358ec92228c7b08be4d2ca07ce19eb62104983c Mon Sep 17 00:00:00 2001 From: Ben Hoxie Date: Thu, 31 May 2018 14:27:09 -0400 Subject: [PATCH 3/3] new checklist filename --- certification_checklists.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 certification_checklists.md diff --git a/certification_checklists.md b/certification_checklists.md new file mode 100644 index 0000000..ba2d6c3 --- /dev/null +++ b/certification_checklists.md @@ -0,0 +1,28 @@ +## Overview +As an open-source project, there is no centralizing body that can assess if implementations of OpenGDPR are following the spec correctly. Instead implementors can self-certify their implementation by testing it against the following two checklists, one for processors and one for controllers. + +## Self-Certification Checklist: Processors + +- [ ] New requests: validations and correctly processing new requests, including included extensions +- [ ] Request status objects: sending correct status objects and `expected_completion` time +- [ ] Request cancellation +- [ ] Generating and securing results files in the `results_url` field +- [ ] `/discovery`: public certificate, supported identity types, extensions +- [ ] API security: authentication & authorization +- [ ] Requests are signed with the private key +- [ ] Private key is protected and securely managed +- [ ] Callbacks are sent on status changes +- [ ] Major version number in URLs +- [ ] Logging activity +- [ ] Publishing any required extensions +- [ ] Defined process for fulfilling each request type +- [ ] Metrics on the fulfillment to ensure correct operations + + +## Self-Certification Checklist: Controllers +- [ ] New `opengdpr_requests`: correctly populating required fields especially `identity_types` and `extensions` +- [ ] Request status: polling or callbacks to track progress +- [ ] Callback receipt: stable endpoint for receiving status objects +- [ ] Certificate validation and caching +- [ ] Signature validations on requests +- [ ] Logging