CCTT RfQ Q&A
In a perfect world the CCTT RfQ is a comprehensive and easy to understand requirement document that answers all questions and contains no ambiguities. TSC recognizes that this is not a perfect world.
Therefore this page tries to answer all questions that has come in regarding the requirements and will be kept updated until the deadline for responses has passed.
Please contact us if there are further questions.
| Requirement | Target phase | Task Description | Reference | Questions | Answers |
|---|---|---|---|---|---|
| R.SEC.001 | 1 | Test tool shall be developed according to security guidelines, such as those provided by OpenSSF. | https://openssf.org/ | There are many tools that can provide this that may have extra costs associated with it. How shall this be handled? | This requirement signifies the need for a methology and review of code integrity from a cyber security perspective. If specialized tools are required from your standpoint, list incuring cost as separate item in the RfQ response. |
| R.ENV.001 | 1 | Test tool shall run in containerized environment for inclusion into members toolchains. | |||
| R.ENV.002 | 1 | Test tool shall be able to run in a cloud instance to enable testing of cloud deployed VMS. | |||
| R.FUN.002 | 1 | Test tool shall act as a simulated device in interactions with Cloud Clients. | |||
| R.FUN.005 | 1 | Test tool shall not require manual intervention apart from initial setup configuration. | |||
| R.DEV.006 | 1 | System design document outlining the proposed design and selection of programming language(s). | |||
| R.DEV.001 | 2 | GitHub shall be used for development to work with: | |||
| · Source code | |||||
| · Documentation | |||||
| · Task tracking | |||||
| R.DEV.002 | 2 | The development environment shall be containerized | Please clarify your expectation | It shall be easy for any actively involved ONVIF member to replicate the development environment. In ONVIFs mind this translates to Docker container or equivalent. | |
| R.DEV.003 | 2 | Development environment shall include code debugging functionality for all languages used. | Is it related to the dev environment R.DEV.002 and just detailing it? | Yes | |
| R.DEV.004 | 2 | Test code shall be developed together with test tool for automatic regression testing before releases. | |||
| R.FUN.003 | 2 | Test tool shall provide conformance documents according to ONVIF Conformance Process Specification conformance requirements | https://www.onvif.org/profiles/conformance/ | ||
| · Correctness of documents generated by the Tool. | |||||
| · Correctness of test procedure. | |||||
| · Execute Test Tool with sample inputs provided by members of ONVIF. | What exacly needs to be done and what is the purpose? | The expectation is "real" conformance documents by using member provided prototype, not only simulated. | |||
| · Generation of DoC only after a completely successful run. | |||||
| R.FUN.006 | 2 | Test tool shall be able to include Errata process in generated conformance documents | Erratum is a confirmed bug or other issue in an officially released test tool version that causes conformance testing to unfairly fail a Client or Device under test. It shall be possible for a Client under test to refer to an errata number and provide a description for each failed test case(s) to be included in the generated conformance documents. | ||
| R.FUN.004 | 2 | Test tool shall be able to provide test case debug information when conformance tests fail (e.g. what part of the test case is failing). | |||
| R.DEV.007 | 2 | Prototype shall implement authentication over HTTP & HTTPS | https://www.onvif.org/specs/core/ONVIF-Core-Specification.pdf: | Cloud authenication seems not to match this requirement. Why is it here? | It is the intention that CCTT development starts with the implementation of the Device Management Service as a proof of concept (as well as a test to see if the current Client Test Tool can be replaced by CCTT). Even if some functions are not part of the cloud profile we still want it implemented in the device simulator approach. However, since one of the primary end goals with this project is to create a test tool for cloud profile, functionality not included in the cloud profile must be hidden in the in the device simulator when verifying conformance for the cloud profile. Otherwise the CCTT may cause clients using the tool to adopt incorrect behavior. |
| 5.9.1 Authentication over HTTP and HTTPS | This section includes several authentication methods, some of them is not a part of any currently released profile. Shall all of them be implemented? | No, focus should be on methods used in current Profiles except Profile S. | |||
| R.DEV.008 | 2 | Prototype shall implement Device Management Service - Capabilities | https://www.onvif.org/specs/core/ONVIF-Core-Specification.pdf: | (see answer to R.DEV.007) | |
| 8.1.1 - GetWsdlUrl | |||||
| 8.1.2.2 - GetServices | |||||
| 8.1.2.3 - GetServiceCapabilities | |||||
| R.DEV.009 | 2 | Prototype shall implement Device Management Service - Discovery | https://www.onvif.org/specs/core/ONVIF-Core-Specification.pdf: | (see answer to R.DEV.007) | |
| 7 - Device Discovery (WS-Discovery) | |||||
| 8.3.14 - GetScopes | |||||
| 8.3.15 - SetScopes | |||||
| 8.3.16 - AddScopes | |||||
| 8.3.17 - RemoveScopes | |||||
| 8.3.18 - GetDiscoveryMode | |||||
| 8.3.19 - SetDiscoveryMode | |||||
| R.DEV.010 | 2 | Prototype shall implement Device Management Service – Network Configuration | https://www.onvif.org/specs/core/ONVIF-Core-Specification.pdf: | (see answer to R.DEV.007) | |
| 8.2.1 - GetHostname | |||||
| 8.2.2 - SetHostname | |||||
| 8.2.4 - GetDNS | |||||
| 8.2.5 - SetDNS | |||||
| 8.2.6 - GetNTP | |||||
| 8.2.7 - SetNTP | |||||
| 8.2.10 - GetNetworkInterfaces | |||||
| 8.2.11 - SetNetworkInterfaces | |||||
| 8.2.12 - GetNetworkProtocols | |||||
| 8.2.13 - SetNetworkProtocols | |||||
| 8.2.14 - GetNetworkDefaultGateway | |||||
| 8.2.15 - SetNetworkDefaultGateway | |||||
| R.DEV.011 | 2 | Prototype shall implement Device Management Service – System | https://www.onvif.org/specs/core/ONVIF-Core-Specification.pdf: | (see answer to R.DEV.007) | |
| 8.3.1 - GetDeviceInformation | |||||
| 8.3.6 - GetSystemDateAndTime | |||||
| 8.3.7 - SetSystemDateAndTime | |||||
| 8.3.8 - SetSystemFactoryDefault | |||||
| 8.3.13 - SystemReboot | |||||
| R.DEV.012 | 2 | Prototype shall implement Device Management Service – Security | https://www.onvif.org/specs/core/ONVIF-Core-Specification.pdf: | (see answer to R.DEV.007) | |
| 8.4.3 - Get users | |||||
| 8.4.4 - Create users | |||||
| 8.4.5 - Delete users | |||||
| 8.4.6 - SetUser | |||||
| R.DEV.013 | 2 | Prototype shall implement Device Management Service – Auxiliary commands | https://www.onvif.org/specs/core/ONVIF-Core-Specification.pdf: | (see answer to R.DEV.007) | |
| 8.7 – SendAuxiliaryCommand (tt:IRLamp|Auto) | |||||
| R.DEV.019 | 2 | UI running as an API-driven webservice | Look and feel shall be similar to current CTT | ||
| R.DEV.005 | 3 | Test tool shall be designed is such a way as to be able to incorporate existing ONVIF Profiles (on-premises technologies) | |||
| R.DEV.014 | 3 | Prototype shall implement Cloud Uplink Service | https://www.onvif.org/specs/srv/uplink/ONVIF-Uplink-Spec.pdf | Which part of the service? Only Cloud Profile related or all? | Only Cloud Profile related functionality. |
| R.DEV.017 | 3 | Prototype shall implement Authentication Service | https://www.onvif.org/specs/srv/security/ONVIF-Security-Service-Spec.pdf | ||
| 5.2.6.2.1 - CreateRSAKeyPair | |||||
| 5.2.6.2.2 - CreateECCKeyPair | |||||
| 5.2.6.2.4 - GetKeyStatus | |||||
| 5.2.6.2.6 - GetAllKeys | |||||
| 5.2.6.2.7 - DeleteKey | |||||
| 5.2.6.3.5 - GetCertificate | |||||
| 5.2.6.3.6 - GetAllCertificates | |||||
| 5.2.6.3.7 - DeleteCertificate | |||||
| 5.2.6.3.3 - UploadCertificate | |||||
| 5.2.6.3.1 - CreatePKCS10CSR | |||||
| 5.2.6.5.1 - CreateCertPathValidationPolicy | |||||
| 5.2.6.5.2 - GetCertPathValidationPolicy | |||||
| 5.2.6.5.3 - GetAllCertPathValidationPolicies | |||||
| 5.2.6.5.4 - DeleteCertPathValidationPolicy | |||||
| 5.5.1 - GetAuthorizationServerConfigurations | |||||
| 5.5.2 - CreateAuthorizationServerConfiguration | |||||
| 5.5.3 - SetAuthorizationServerConfiguration | |||||
| 5.5.4 - DeleteAuthorizationServerConfiguration | |||||
| R.SEC.002 | 4 | Threat modelling shall be performed on relevant interfaces that can be exposed to the internet. | https://owasp.org/www-project-threat-model/ | ||
| R.DEV.015 | 4 | Prototype shall implement WebRTC Service | https://www.onvif.org/specs/stream/ONVIF-WebRTC-Spec.pdf | Shall both TURN and STUN be supported? | Yes |
| R.FUN.001 | 5 | Test tool shall be able to evaluate correctness of Cloud Clients interactions with test tool according to ONVIF Test Specifications derived from ONVIF Network Interface Specifications and ONVIF Profile “Cloud” (name tbd) | https://www.onvif.org/profiles/specifications/ | ||
| R.DEV.016 | 5 | Prototype shall implement ONVIF Profile “Cloud” (name tbd) | https://github.com/onvif/wg_profile_cloud | Currently the scope of profile is under discussions and the final content may deviate from how it looks today. This makes it difficult to estimate required work. | This is understandable. Please make assumtions based on how the scope looks today. |
| R.DEV.019 | 5 | Prototype shall include a help file for operating instructions and trouble shooting | https://github.com/onvif/wg_profile_cloud | ||
| R.DEV.018 | 5 | Prototype shall implement Object Store Recording | https://www.onvif.org/specs/core/ONVIF-Core-Specification.pdf: | ||
| 8.8.2 - GetStorageConfigurations | |||||
| 8.8.3 - CreateStorageConfiguration | |||||
| 8.8.4 - GetStorageConfiguration | |||||
| 8.8.5 - SetStorageConfiguration | |||||
| 8.8.6 - DeleteStorageConfiguration | |||||
| https://www.onvif.org/specs/srv/rec/ONVIF-RecordingControl-Service-Spec.pdf | |||||
| 5.4 - CreateRecording | |||||
| 5.5 - DeleteRecording | |||||
| 5.6 - GetRecordings | |||||
| 5.7 - SetRecordingConfiguration | |||||
| 5.8 - GetRecordingConfiguration | |||||
| 5.9 - CreateTrack | |||||
| 5.10 - DeleteTrack | |||||
| 5.16 - SetRecordingJobConfiguration | |||||
| 5.17 - GetRecordingJobConfiguration |
