Simple Engineering is promoting a twofold open business model ("outside-in" and "inside-out") and is going to build a test automation value chain.

Upstream in the chain, developers, researchers, and practitioners produce innovative, advanced, sometimes revolutionary automation technologies for functional, security, robustness, and performance testing.

In the middle, the simplyTestify Test Automation Platform as a Service makes these technologies available as services (what we call Test Automation Methods) to businesses of all industries and administrations in the global market. 

Downstream in the chain, added-value partners (integrators, vendors and professional consultants) resell simplyTestify digital services, provide professional services, customize and adapt these technologies to the particular needs and use cases of the end customers, and wrap simplyTestify test automation services in their products.

In the last twenty years, the software engineering research community, and, in particular, the EU-funded research have been prolific in innovative testing approaches, methods, and tools. 

Unfortunately, much of these most remarkable research results remained below the industrialization stage for lack of real-world case studies, development support, trial opportunities, and other reasons. 

With the traditional commercialization approach of packaging software technology into on-premise licensed products, the road to the market could be long and steep for researchers and developers. 

The Simple Engineering "outside-in" business model removes all the financial, organizational, and technical barriers and opens to talented developers the shortest and easiest route to the market for their innovative test automation tools. 

The simplyTestify Test Automation Platform as a Service offers to developers the environment, the mechanisms, the guidelines, and the support for importing (installing, configuring, and deploying) their test automation tools as services (methods) on the Platform. 

Once analyzed, evaluated, tested, and certified by Simple Engineering, the imported tools are registered in the simplyTestify Test Automation Method Portfolio. Beyond the effectiveness, efficiency, and reliability, critical evaluation hallmarks are ease-of-use (including detailed and complete documentation without marketing jargon) and a trial experience on real-world use cases. 

The certification procedure of an imported method is collaborative. For instance, either the developer comes with some early adopter of her method, or Simple Engineering promotes the trials of the method among its customers and prospects. We can propose to our clients proofs of concept carried out by "success teams" that combine the imported tool developers and the simplyTestify customer service. 

Once registered in the simplyTestify Portfolio, there is no difference between the imported and the in-house methods. They are listed and documented in the Portfolio, can be invoked via the current simplyTestify API and GUI, and run on the elastic and reliable simplyTestify Platform. Per-use royalties remunerate the imported method developer.

For instance, we are working with an ISTI/CNR team [1] on the X-CREATE framework [2] whose development has been partially funded by the EC FP7 under Grant Agreement N. 216287 (TAS3 - Trusted Architecture for Securely Shared Services) [3].

X-CREATE (XaCml REquests derivAtion for TEsting) is a tool for the automated derivation of a test suite starting from an XACML policy [4]. XACML stands for "eXtensible Access Control Markup Language" and is an OASIS (Organization for the Advancement of Structured Information Standards) [5] famous and successful standard.

XACML defines: (i) a declarative fine-grained, attribute-based access control policy language, and (ii) an architecture and a processing model describing how to evaluate access requests according to the rules defined in policies. 

XACML is an award winning standard (ITU-T X.1142) and is the lingua franca of authorization; it is the only broadly known access control architecture that allows the definition of declarative authorization policies. With an XACML-compliant implementation, as soon as you change the policy, the change will take effect immediately on every access control request. 

Although the organization of the authorization and access control system for a complex organization is practically impossible without a system that is able to manage declarative access control policies, the endeavor of building such a system is challenging. Your policies can be incomplete (holes) and even unsound (errors). The distributed system that implements your policy-based access control can be flawed. 

So, businesses face two different obligations: (i) testing the completeness and soundness of the policies; (ii) testing that the access control system implements the policies accurately. 

The aim of the X-CREATE framework is to generate automatically the suites of access control requests that allows testing both the policies and the policy implementations. The general availability of a Test Automation Method for authorization and access control systems could break the barriers hampering a larger adoption of the policy-based authorization and access control, which nevertheless becomes mandatory within more and more complex architectures, such as those integrating Internet of Things applications [6]. 

If you have developed an innovative testing technology, and you are interested in bringing it to the market, participate in our Innovation Provider Program.

[1] http://www.isti.cnr.it/

[2] http://labsewiki.isti.cnr.it/labsedc/tools/xcreate/public/main

[3] http://www.tas3.eu/

[4] https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml

[5] https://www.oasis-open.org/org

[6] https://catalogue.fiware.org/enablers/authorization-pdp-authzforce