Difference between revisions of "Project Information:template OpenSign Server Project - Final Review - Second Reviewer - F"

From OWASP
Jump to: navigation, search
(New page: Clik here to return to the previous page. {| style="width:100%" border="0" align="center" ! colspan="3" align="center" style="bac...)
 
Line 17: Line 17:
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
1. At what extent have the project deliveries & objectives been accomplished?  Having in consideration [[OWASP Summer of Code 2008 Applications#Online code signing and integrity verification service for open source community (OpenSign Server)|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.
 
1. At what extent have the project deliveries & objectives been accomplished?  Having in consideration [[OWASP Summer of Code 2008 Applications#Online code signing and integrity verification service for open source community (OpenSign Server)|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.
| colspan="2" style="width:75%; background:#cccccc" align="left"|
+
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 +
 
 +
At this point the core functionality of the OpenSign project has been developed and tested. This includes the issuing and verifying of certificates within a client server infrastructure. Users must be authenticated and approved by an issuer to use the issuing-service. The issuing is done easily by making use of the client application or online via a web-form. However, OpenSign is not an independent solution for code signing yet. It relies on java-keytool (or an application with the same intention) to generate the client side keys and the certificate sign requests. There is no graphical interface for the client in place. Also the support of .NET code signing was not taken into account yet.
 +
 
 +
OK
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
2. At what extent have the project deliveries & objectives been accomplished?  Having in consideration [[OWASP Summer of Code 2008 Applications#Online code signing and integrity verification service for open source community (OpenSign Server)|'''the assumed ones''']], please quantify in terms of percentage.
 
2. At what extent have the project deliveries & objectives been accomplished?  Having in consideration [[OWASP Summer of Code 2008 Applications#Online code signing and integrity verification service for open source community (OpenSign Server)|'''the assumed ones''']], please quantify in terms of percentage.
| colspan="2" style="width:75%; background:#cccccc" align="left"|
+
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 +
 
 +
OpenSign Server: 80%
 +
 
 +
OK
 +
 
 +
Client Tools – OSSJClient: 90%
 +
 
 +
OK
 +
 
 +
Documentation: 30%
 +
 
 +
OK
 
  |-  
 
  |-  
 
  | style="width:25%; background:#7B8ABD" align="center"|
 
  | style="width:25%; background:#7B8ABD" align="center"|
 
3. Please do use the right hand side column to provide advice and make work suggestions.
 
3. Please do use the right hand side column to provide advice and make work suggestions.
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 +
'''Second comments''':
 +
 +
* I was able to get this running fine on MS OS with Java/Maven and compile in the Eclipse IDE
 +
* it would be nice it it would be possible to simply download and run the code
 +
for the server and the client  - AGREE
 +
* available user documentation: what can I do with each tool, how (for instance under the form of a '5 minutes introduction' and reference list of available functions) ? - AGREE
 +
* I would like to see the C# version as well
 +
* it would be nice if the 'trunk' would be documented in a way that let the user know:
 +
* how to run the server and clients (a global 'readme' file is missing).
 +
* The 'opensign-design' documentation could be completed.
 +
 +
 
  |-  
 
  |-  
 
  | style="width:25%; background:white" align="center"|'''PART II'''  
 
  | style="width:25%; background:white" align="center"|'''PART II'''  
Line 44: Line 72:
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
2. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Beta Quality''' status?
 
2. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Beta Quality''' status?
| colspan="2" style="width:75%; background:#cccccc" align="left"|
+
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 +
* Include user documentation in Project's OWASP Wiki page(s)
 +
OK
 
  |-  
 
  |-  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
3. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Release Quality''' status?
 
3. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Release Quality''' status?
| colspan="2" style="width:75%; background:#cccccc" align="left"|
+
| colspan="2" style="width:75%; background:#cccccc" align="left"|
 +
* Include online documention built into tool (based on required user documentation)
 +
* Be run through Fortify Software's open source review (if appropriate) and FindBugs
 +
OK
 
  |-   
 
  |-   
 
  | style="width:25%; background:#7B8ABD" align="center"|
 
  | style="width:25%; background:#7B8ABD" align="center"|

Revision as of 07:41, 30 October 2008

Clik here to return to the previous page.

FINAL REVIEW
PART I

Project Deliveries & Objectives

OWASP OpenSign Server Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

At this point the core functionality of the OpenSign project has been developed and tested. This includes the issuing and verifying of certificates within a client server infrastructure. Users must be authenticated and approved by an issuer to use the issuing-service. The issuing is done easily by making use of the client application or online via a web-form. However, OpenSign is not an independent solution for code signing yet. It relies on java-keytool (or an application with the same intention) to generate the client side keys and the certificate sign requests. There is no graphical interface for the client in place. Also the support of .NET code signing was not taken into account yet.

OK

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

OpenSign Server: 80%

OK

Client Tools – OSSJClient: 90%

OK

Documentation: 30%

OK

3. Please do use the right hand side column to provide advice and make work suggestions.

Second comments:

  • I was able to get this running fine on MS OS with Java/Maven and compile in the Eclipse IDE
  • it would be nice it it would be possible to simply download and run the code

for the server and the client - AGREE

  • available user documentation: what can I do with each tool, how (for instance under the form of a '5 minutes introduction' and reference list of available functions) ? - AGREE
  • I would like to see the C# version as well
  • it would be nice if the 'trunk' would be documented in a way that let the user know:
  • how to run the server and clients (a global 'readme' file is missing).
  • The 'opensign-design' documentation could be completed.


PART II

Assessment Criteria

OWASP Project Assessment Criteria

QUESTIONS ANSWERS

1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status?

2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status?

  • Include user documentation in Project's OWASP Wiki page(s)

OK

3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status?

  • Include online documention built into tool (based on required user documentation)
  • Be run through Fortify Software's open source review (if appropriate) and FindBugs

OK

4. Please do use the right hand side column to provide advice and make work suggestions.