Open ronaldtse opened 1 month ago
cmheazel
commented
1 month ago We want to avoid requirements which are not testable. Including the conformance tests should help enforce this discipline. Rather than give sloppy authors a get out of jail free card, we should emphasize the role that the conformance tests play in creating good standards. After all, a standard which is not testable is not much of a standard.
ronaldtse
commented
1 month ago After all, a standard which is not testable is not much of a standard.
@cmheazel I agree with this philosophy, that a standard providing both the requirement statements and conformance tests that validate those statements that would be ideal.
However there are 4 additional considerations:
While philosophically it is clean to mandate that requirements must come with associated tests, it is not always desired or practical.
Instead, why not keep this requirement of bundling requirements and conformance tests only within OGC as a policy, and other organizations can use ModSpec with some flexibility?
cmheazel
commented
1 month ago Even in an Implementation Standard (Specification) the tests are rather abstract. The true work of writing conformance tests lies in creating the Executable Test Suite (ETS). The Abstract Test Suite provides sufficient information that a developer, who did not participate in the development of the standard, can still create a valid ETS for that standard. Witness GeoTIFF 1.1.
Also, I find that in creating the ATS I always identify errors in the requirements. Writing the ATS is a good quality control practice.
cmheazel
commented
1 month ago Perhaps the ModSpec should distinguish between an abstract conformance test and an executable test. Analogous to the distinction between a test plan and a test procedure.
cnreediii
commented
1 month ago @cmheazel Sure. Could add ETS to the T&D section.
ronaldtse
commented
1 month ago @cmheazel I agree with the answers 1-4 as best practice. That said, it is not always possible.
Requirements are also of many forms.
This is an example from ISO 9001:2015, 5.2.1.
This is demonstrated in the two requirements below. The first requirement is unambiguous and self-contained, but the second requires a lot more context:
<root> element shall contain at least one element <name>".The second requirement here is not easily made "executable". There is a spectrum of requirements that are: easily executable, not easily executable, and also "not executable".
For the second requirement, without further breaking down the requirement and making it bite sized, it is impossible to develop any "executable test" because many words in there are subject to interpretation.
NOTE: Of course, it depends whether ModSpec is meant to handle things like this.
We need to recognize that a conformance test has the following attributes:
The whole industry of management system standards, ISO 9001, 14001, 27001, 50001, etc only provide requirements. They are all published by ISO and IEC, but they do not dictate any tests.
The same goes for lab certifications, only requirements, no tests.
There are guidelines for conformity testing, such as ISO 19011, ISO 170xx, but they are not prescriptive tests.
The "conformance tests" in that case is managed by many different entities:
The conformance test against for example, ISO 9001:2015, 5.2.1 as shown above, is performed by the CB:
Different ABs interpret 5.2.1 differently, and their audit guidelines for CBs for 5.2.1 are slightly different. Every CB's interpretation on how to best check 5.2.1 will also be different, some are more lax, some are more rigid, some allow compensatory controls...
At this point we can see there is no "single, unambiguous, unquestionable interpretation" on what 5.2.1 means (there is general agreement, but not specifically into details), and of course, there cannot be any 100% agreement on what the conformance test for 5.2.1 is.
Yes, for technical standards, it is easier to come up with an unambiguous test for a requirement (even still, not all the time!). Yet there are standards that fall outside of this frame.
In OGC and ISO/TC 211 standards, I have seen too many "abstract to a point it is worthless" kind of ATS. They basically just regurgitate the contents of the requirements, and serve no purpose except sow confusion to the reader and place an unnecessary burden to the standard authors. I imagine that I'm not the only one experiencing this?
If ModSpec is meant to be a generic requirements model, we need to relax the "requirement" that "a requirement must have a conformance test". This requirement can be made an OGC policy so OGC always have good and testable standards? But we can let other organizations who adopt ModSpec decide for themselves?
cnreediii
commented
1 month ago @ronaldtse There may be a simple solution - I like simple solutions. On the call yesterday there was a suggestion - with agreement - that there will be a very short OGC centric companion document that 1.) states that the ModSpec is OGC Policy and 2.) could contain OGC specific guidance. Specific guidance could be an OGC profile of the ModSpec that contains the requirement that every requirement shall have a conformance test. We would then also need to redo some wording in the core ModSpec document to that effect.
As to ambiguous or not well done ATSs - that is a different issue and not a ModSpec problem.
One major hesitation on standards adopting ModSpec is the requirement that every requirements class / requirement needs to be paired with their corresponding conformance class / conformance test.
Most of the time, the standards author will just "wing" the conformance part by making a generic conformance test, or just a rephrase of the original requirement, which means the result is not useful.
The new ModSpec can recognize that Requirements and Conformance can potentially be in separate types of documents.
In the ISO "management systems" world, they are:
If I can use management system standards as an example: