[this post is a wiki, you can modify directly if desired]
Discussion thread for approaching formal conformance specifications, tools, test environments etc. The openEHR board has agreed to formally support a conformance project that will result in some conformance testing capability by Nov/Dec 2021, in order to support increasing procurement activities. It also wants a roadmap for work in 2022.
Goals
- enabling procuring orgs to be provided ‘standard’ (comprehensible) conformance statements by tendering vendors for their offerings;
- enabling procuring bodies to perform conformance testing on products to determine veracity of claims in tender responses, also post integration (does this thing still work when hooked up to product xyz?), open source offerings etc;
- enabling vendors & implementers to self-test and initially self-certify;
- (eventually) enabling reliable 3rd party testing with certification.
The summary of the above may be understood as: ensure that dubious claims for dubious offerings can be distinguished from genuine products in which substantial investment has been made.
Below is my current view on this based on the unfinished CNF spec done a couple of years ago; we need the SEC to crystallise a common view, so just take the below as a draft to be worked on.
Principles
I believe we should work to the following principles (feel free to adjust):
- conformance is concretely tested against ITS specifications, since these are the concrete instantiations of the specifications whose correct implementation we want to test;
- this means that a product can’t claim to universally conform to e.g. ‘the RM’ or ‘Task Planning’ or whatever, but instead to openEHR REST API v1.1.0, with e.g. JSON, XML etc payloads, or some other ITS artefacts;
- the service model is useful to capture pure semantics, particularly pre- and post-conditions, also modified parts of the RM, so that we always know the intended semantics of what we have in REST, XSD, etc - this is important because how things are represented in HTTP headers / body, where certain parameters are, XSD tricks that we need to use all can obscure the underlying semantics a bit;
- the service model also provides a useful way to name the capabilities being tested, e.g.
I_DEFINITION_ADL14
.list_all_opts()
;- this may be applied in different concrete ITS forms (e.g. XML OPTs, JSON OPTs, different versions of REST API etc);
- we can construct the list of capabilities for a component from the service model - known as the Conformance Schedule below;
- we assume that the legal veracity of conformance claims made for products by vendors is the business of commercial contracts, i.e. the conformance framework can only provide a technical basis for testing, not a guarantee that a claim is true, until such time as we have certificated conformance undertaken by a trusted 3rd party org (or openEHR).
- more?
Framework structure
We’ve done a fair bit of work on this over the last few years. At the bottom end, I think we have the following concepts:
- Product
- component [*]
- capability [*]
- test [*]
- capability [*]
- component [*]
For a platform, this will be:
- Platform - e.g. ACME openEHR Platform, including CDR, Terminology, Definitions, Demographics, …
- service [*] - e.g.
EHR service
- call [*] - e.g.
I_EHR.create_ehr()
- test [*] - e.g. 5 tests to demonstrate this call working in some ITS profile
- call [*] - e.g.
- service [*] - e.g.
In the existing Conformance spec, there are the high-level notions of:
- Conformance Schedule - list what can possibly be tested
- Conformance Profiles - collections of Components/capabilities to make up viable products / business components
- Conformance Statement - some subset of the Conformance Schedule, usually defined or related to a profile, that describes what some product actually supports, and indicates which tests it passes
- Conformance Certificate - a Conformance Statement + report of how tested + certification of having been tested;
I am happy to revisit this. @pablo may have suggestions for improvement.
Roadmap
What we need to achieve:
- a v1.0 Conformance spec, rewritten as necessary and containing Conformance Schedule, Profiles etc as we agree them to be;
- a set of test suites and test cases covering the Schedule in the spec, for existing ITS, most likely derived from the EhrBase environment;
- an up to date Service model spec (relatively easy - @pablo and I can do this);
- Medium term: a plan to establish a CI-based tool environment that is either hosted & publicly usable and/or locally instantiable (e.g. forked from Github);
- Longer term: a plan for establishing 3rd part testing and certification.
- anything else?
The vendors represented here most likely have views on all of this, and/or some public IP to contribute to help the work along. That input will be important now.
This work will take a bit of effort but I think everyone will agree is needed in order to protect investments and to ensure quality for customers.
One question I have is: do we want to make all the conformance testing materials completely public and free, or make them free only for some level of membership payment to openEHR?