CN115982012A - Evaluation model and method for interface management capability maturity - Google Patents
Evaluation model and method for interface management capability maturity Download PDFInfo
- Publication number
- CN115982012A CN115982012A CN202211629280.3A CN202211629280A CN115982012A CN 115982012 A CN115982012 A CN 115982012A CN 202211629280 A CN202211629280 A CN 202211629280A CN 115982012 A CN115982012 A CN 115982012A
- Authority
- CN
- China
- Prior art keywords
- management
- api
- evaluation
- service
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an evaluation model and a method for interface management capability maturity, the evaluation model for the interface management capability maturity comprises: evaluation grading: the method comprises an initial stage, a management stage, a steady stage, a quantization stage and an optimization stage; evaluation range division: the evaluation scope comprises the capability items under each capability domain and the check points under each capability item. A method for evaluating the maturity of interface management capability comprises the following procedures: s1, providing a check list, S2, providing evaluation materials, S3, manually reviewing, S4, reviewing by a tool, S5, grading, and S6, modifying the service. The invention adopts the manual auditing and tool auditing methods to carry out all-around auditing on the interface service provider, and simultaneously realizes a man-machine combined evaluation method through technical modules such as rule engine processing, simulation request processing, intelligent analysis processing and the like, thereby greatly reducing the workload of auditing and realizing the unified management of services.
Description
Technical Field
The invention relates to an evaluation model and an evaluation method, in particular to an evaluation model and an evaluation method for interface management capability maturity, and belongs to the technical field of computer application.
Background
Information-based systems are often constructed in a chimney mode, interaction cost between the systems is high, and the business requirements of the front end cannot be quickly responded. In order to improve these problems, a mode of sharing interfaces or services is generated, and the number of interfaces is also increased dramatically with the accumulation of services, thereby bringing about several problems of interface management, such as lack of unified management, non-unified interface style, non-compliant operation on resources, non-safety guarantee of interfaces, and the like. Existing maturity assessments include the following two models:
CMMI: the Software Capability Maturity Model Integration is a set of Software system specifications and is mainly used For guiding the improvement of a Software development process and the evaluation of Software development Capability. CMMI authenticates a total of 5 levels, CMMI level 1, initial level; CMMI level 2, manageable level; CMMI level 3, defined level; CMMI4 level, quantization management level; CMMI level 5, optimization level. By referring to the method, the purpose of improving the software quality is achieved by controlling the project management process.
DCMM: a Data Management capability Maturity Assessment Model is the first national standard formally released in the Data Management field in China. The standard provides a data management capability maturity evaluation model and a corresponding maturity level, 4 capability domains and 13 capability items such as a data strategy, data governance, a data architecture, data application, data security, data quality, a data standard and a data life cycle are defined, and the method aims to help enterprises establish and evaluate own data management capability by utilizing advanced data management concepts and methods, continuously perfect data management organizations, programs and systems, and fully play the value of data in the aspect of promoting the enterprises to develop informatization, digitization and intellectualization.
In summary, the CMMI and DCMM are focused on the capability embodiment, and may have different forms in different enterprises or companies, and have the following defects:
1) Evaluation mode: the two maturity evaluation certifications provide the process description, the target, the capability level standard and the like of evaluation, but do not explain and unify the evaluation means of each capability item in detail, and the evaluation result is relatively qualitative;
2) Evaluation range: the two certificates have wide coverage range, are suitable for most software and data management enterprises, and lack detailed expansion of one capability.
Disclosure of Invention
In order to solve the defects of the technology, the invention provides an evaluation model and a method for interface management capability maturity, which evaluate the four aspects of the architecture style, the safety, the scalability and the manageability of an interface, provide the level evaluation of interface management and service capability by a modeling method, control from the source of API and play a powerful role in promoting the improvement of interface service quality.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows: an assessment model of interface management capability maturity, the assessment model comprising:
evaluation grading: the following 5 grades are classified: an initial stage, a management stage, a steady stage, a quantization stage and an optimization stage;
evaluation range division: the evaluation scope comprises the capability items under each capability domain and the check points under each capability item.
Preferably, the initial stage: API management is not carried out or only carried out in individual service systems, and unified management specifications and processes do not exist;
and (3) management level: the primary API management is carried out, but the API management specifications and the procedures of all modules or all business systems are not unified;
robust level: API management is implemented according to a uniform API management specification;
and (3) quantization level: the performance of API management can be quantitatively recorded, evaluated, analyzed and monitored;
and (3) optimization stage: management optimization can be performed according to the performance of API management, and the API management mode becomes the best practice.
Preferably, the capability domain includes architectural style, security, scalability, manageability;
the architecture style capability items comprise specification implementation, API style, API version management, resource operation and HTTP response information;
the capability items of security comprise API authentication and HTTPS protocol communication;
the capability items of the measurability comprise a statistical form, log records and service monitoring;
manageability capability items include classification management, document management, interface testing.
A method for evaluating a model of interface management capability maturity comprises the following procedures: s1 provides a check list, S2 provides evaluation materials, S3 manual review, S4 tool review, S5 grading and S6 service rectification.
Preferably, S1 provides a checklist that means: the "service evaluator" requires a summary list of evaluation materials provided by the "service provider" including, but not limited to, enterprise information and service collection tables, packages of services, service installation deployment documents, API usage documents, service log management reports or log viewing format descriptions, service monitoring and warning management reports or monitoring viewing format descriptions.
Preferably, S2 provides the evaluation material as: the "service provider" provides the assessment materials in accordance with the checklist, while the "service evaluator" needs to be provided with technical support for installation, deployment, logging, and monitoring of the program in coordination with the audit process.
Preferably, S3 a manual review, including a review of the following checkpoints:
301, judging resource operation, namely judging whether the standard HTTP verb is used by the API resource operation;
judging 302 response information, judging whether a state code return result meets an HTTP design specification or not, whether a proper state code is used or not, and verifying whether an API response returns an error state code or not;
303, sensitive information judgment, namely judging whether the HTTP response information exposes sensitive service information;
the step 304 of judging the normalization of the document, namely judging whether an API interface document is provided for a user, whether the document is readable and whether basic information of an interface is displayed;
305 statistics of results: and counting the result of the manual check point.
Preferably, the S4 tool audit includes the following processing modules:
401 rules engine processing module: the rule engine checks, analyzes and evaluates a plurality of dimensionalities of naming modes, word attributes and readability of the interface architecture style, and simultaneously supports the expansion of a self-defined rule in combination with the requirements of a user;
the rule engine judges whether all the API interface URLs are lower case letters, contain spaces and contain special characters through a rule base; judging whether the URL of the API is matched with the rule by using a predefined rule character string so as to filter the URL and give a matching result;
402 simulation request processing module: evaluating the identity authentication of the interface service, whether a filtering parameter is provided and whether HTTPS protocol communication is used;
the processing step is divided into three steps, namely, a request is sent to an interface server through a client or a browser, the server processes received data after receiving the request, and the correctness and the integrity of a returned result of the request are judged;
403 intelligent analysis processing module: the module comprises a keyword library, a user-defined word library and a stop word library function and is used for maintaining words which are allowed or forbidden to appear in the URL;
the module adopts an NLTK word segmentation means to perform word segmentation processing on the URL or the returned result of the API service, and after the word segmentation processing, the module performs comparative analysis on the word segmentation result and a word library of a server architecture, a development language, a self-defined sensitive word or a noun maintained in the word library so as to give an analysis conclusion on whether sensitive information is exposed or not or naming unused nouns is included;
404 statistics of results: and counting the result of the tool checking point.
Preferably, the rating of S5 score specifically includes:
inputting: "result statistics" of "manual review" and "instrument review";
and (3) outputting: providing a grade definition and an evaluation report of the interface management capability maturity by combining a grading model, and providing a service rectification suggestion by combining a corresponding specification;
501 grading model: the scoring model takes the capability items of the assessment model as a basis, and carries out detailed check point splitting on each capability item;
the principle of checkpoint splitting is that independent judgment of each checkpoint can be realized through a manual review or tool review mode;
the judgment results are divided into two types of yes/no and matching degree, each check point is fully divided into 10 points, score judgment of 0-10 is given according to the judgment results, and the specific scoring process is as follows:
A. and (3) scoring: full score = number of checkpoints 10, final score = checkpoint 1 score + checkpoint 2 score + \8230, + checkpoint N score;
B. a negative item of a ticket:
(1) if the API interface document cannot be provided for the user, the API interface document cannot be rated as a steady level or above;
(2) if the HTTPS protocol is not used, the system cannot be evaluated as a steady level or above;
(3) if all interfaces return 'HTTP' responses with the status codes of '200', the interfaces cannot be rated as a steady level or above;
(4) if the API which needs identity authentication does not carry out identity authentication, the API can not be evaluated to be a steady level or above;
(5) if the GET method is used for creating or updating the resources, the resources cannot be evaluated to be in a steady level or above;
(6) if the API service monitoring early warning is not carried out, the API service monitoring early warning cannot be evaluated to be the quantization level or above;
(7) if the API calls have no log records, the API calls cannot be evaluated as the quantization level or above;
502 rating definition assessment report:
and (3) grade definition: dividing the full score into 5 balanced intervals according to the grade, judging the grade interval according to the final score, and giving a final grade;
when the 'one-ticket negative item' appears, the self-definition is degraded to the next level controlled by the item, if the 'final score' is in the score interval of the 'quantification level', but the 'one-ticket negative item which can not be evaluated as the steady level' appears, the level is automatically adjusted to the 'management level';
and (4) evaluation report: the system comprises four parts of each checkpoint score, a final score, a grade definition and an amendment suggestion, and implements the suggestion when providing a reference specification for a service provider.
Preferably, S6 service rectification: and the service provider optimizes and perfects the service according to the rectification suggestion in the evaluation report given by the rating grading of the S5, and the service provider can provide the evaluation material again for a new round of evaluation grading after finishing the service rectification of the S6.
Based on theoretical knowledge of an interface management capability maturity evaluation model, the interface service provider is comprehensively checked by adopting a manual checking and tool checking method, and meanwhile, through technical modules such as rule engine processing, simulation request processing, intelligent analysis processing and the like, the man-machine combined evaluation method is realized, the checking workload is greatly reduced, the quality of a service process from interface development, interface checking to interface release is improved, and unified management of service is realized.
The method is based on the capability domains of architecture style, safety, scalability, manageability and the like, distinguishes the capability levels of the management capability of the API interface, comprises 5 levels of an initial level, a management level, a steady level, a quantization level and an optimization level, provides different inspection means or evaluation means which can be adopted by each level, realizes the maturity evaluation of the management capability of the API interface in a man-machine interaction evaluation mode, and realizes the maturity evaluation of the interface management capability of the government or enterprise through a modeling method. Meanwhile, based on evaluation grade judgment, the invention can also provide an improved target and a reference standard for improving the interface management capability, so that the source control of the API is realized, and an integrated management mode is realized.
The key point of the invention is evaluation model evaluation based on interface management capability maturity, which provides standardized and normalized capability evaluation and practical reference for API interface management, thereby improving the capability of each unit in API service management.
Drawings
FIG. 1 is a schematic diagram of the overall evaluation process of the present invention.
FIG. 2 is a flow chart of a manual review method according to the present invention.
Fig. 3 is a schematic flow chart of an instrument auditing method according to the present invention.
FIG. 4 is a flow chart of the grading method of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
An assessment model of interface management capability maturity, the assessment model comprising:
and (3) evaluating the maturity of the interface management capacity:
the interface management capability is divided into 5 levels: initial stage, management stage, robust stage, quantization stage, optimization stage. Each level is downward compatible, and each level of promotion contains practices of lower level, representing the improvement of the capacity and being capable of adding new capacity requirements.
An initial stage: the API management is not carried out or is only carried out in individual business systems, and unified management specifications and processes do not exist.
And (3) management level: the initial API management is performed, but the API management specifications and processes of the modules or the business systems are not uniform.
Robust level: API management is implemented in accordance with a unified API management specification.
Quantization level: the performance of the API management can be quantitatively recorded, evaluated, analyzed and monitored.
And (3) optimizing: management optimization can be performed according to the performance of API management, and the API management mode becomes the best practice.
The evaluation range of the interface management capability maturity comprises capability items under each capability domain and check points under each capability item, and the relationship between each capability domain and the corresponding capability item is as follows:
as shown in fig. 1, a method for evaluating maturity of interface management capability specifically includes the following steps: s1, providing a check list, S2, providing evaluation materials, S3, manually reviewing, S4, reviewing by a tool, S5, grading, and S6, modifying the service.
S1, providing a check list: the "service evaluator" requires a summary list of evaluation materials provided by the "service provider" including, but not limited to, enterprise information and service collection tables, packages of services, service installation deployment documents, API usage documents, service log management reports (or log view mode descriptions), service monitoring and warning management reports (or monitoring view mode descriptions), and the like. The "service evaluator" needs to review the manifest to see if sufficient material is available for the evaluation job, otherwise it determines that the capability is missing.
S2 provides the evaluation material: the "service provider" provides the assessment materials in accordance with the checklist, while the "service evaluator" needs to be provided with technical support for installation, deployment, logging, and monitoring of the program in coordination with the audit process.
S3, manual review:
as shown in fig. 2, the manual review method: the method is a flexible mode for service evaluators, and service providers need to provide paper according to checklists or to check after uploading corresponding evidence materials. The manual review is suitable for some check points with simple judgment modes or requiring subjective judgment. Fig. 2 illustrates an example of 4 cases for a checkpoint involved in a manual review.
301 audit point 1: and judging whether the standard HTTP verb is used for the resource operation of the API, such as whether a 'DELETE' method is used for deleting the resource, whether a 'POST' method is used for creating a new resource, whether a 'PUT' or 'PATCH' method is used for updating the resource, whether a 'GET' method is used for acquiring the resource information, and the like.
302 audit point 2: and judging the response information, namely judging whether the returned result of the state code meets the HTTP design specification or not and whether a proper state code is used or not. The verification API responds with whether an erroneous status code is returned, such as 200 when the interface is abnormal, 201 when the creation resource is successful, 400 when the parameter error is not returned, etc.
303 audit point 3: and judging the sensitive information, namely judging whether the HTTP response information exposes the sensitive service information. The sensitive business information is defined by the service evaluator, and the common sensitive information includes but is not limited to an identity card number, a password, a mobile phone number and the like.
Audit point N of 304: and judging the normalization of the document, namely judging whether an API interface document is provided for a user, whether the document is readable and whether basic information of an interface, such as a calling address, a request mode and the like, is displayed.
305 statistics of results: and counting the results of the manual check points.
And S4, tool auditing:
as shown in fig. 3, the tool auditing method: the output of the audit result can be realized by using a rule engine, a simulation request and an intelligent analysis technology processing means according to the specific audit requirement scene. The method has the advantages of low error rate, high auditing efficiency and low auditing cost. Fig. 3 illustrates 2 cases of checkpoints involved in three sub-modules of the tool audit.
401 rules engine processing module: the rule engine adopts an independent rule engine architecture, is internally provided with rich rule algorithms (rule base), and can check, analyze and evaluate a plurality of dimensions such as naming modes, word attributes, readability and the like of the interface architecture style. Meanwhile, the rule engine also supports the expansion of the self-defining rule in combination with the requirements of a user.
The rule base adopts a method of a rule expression, the method describes a character string matching mode, and can check whether the character string contains a certain substring, replace the corresponding substring or take out the corresponding substring from the certain character string, and the like. The rule engine can judge whether all the URLs of the API interface are lowercase letters, contain spaces, contain special characters and the like through a rule base. The module uses a predefined "rule string" to determine whether the URL of the API matches a rule, thereby filtering the URL and giving a matching result.
The rule engine processing module can perform batch processing on all API interfaces included in the service provided by the service provider, has very strong flexibility, logicality and functionality, and achieves complex judgment on the URL in a simple mode.
402 simulation request processing module: the simulation request processing module can evaluate the dimensions of identity authentication of the interface service, whether filtering parameters are provided and whether HTTPS protocol communication is used. The processing steps of the module are roughly divided into three steps, namely sending a request to an interface server through a client or a browser, processing received data after the server receives the request, and judging the correctness and the integrity of a returned result of the request.
403 intelligent analysis processing module: the module contains keyword library, custom word library, and deactivation word library functions, which are used to maintain the allowed or forbidden vocabulary in URL. The word stock is disabled for improving the efficiency of information retrieval and analysis, and the word stock is maintained for automatically filtering out certain words before or after intelligent analysis processing.
The module adopts NLTK word segmentation technology to perform word segmentation processing on the URL or the return result of the API service. The NLTK is a natural language processing tool, provides a comprehensive and easy-to-use interface, and covers functions of multiple NLP fields such as word segmentation, part of speech tagging, named entity recognition and the like. After word segmentation processing, the module compares and analyzes the word segmentation result with a word library of 'server architecture', 'development language', 'custom sensitive word' or 'noun' maintained in the word library, so as to give an analysis conclusion whether the word library includes exposure sensitive information or naming unused nouns.
404 statistics of results: and counting the result of the tool checking point.
S5, grading:
as shown in fig. 4, the scoring and grading method includes:
inputting: and the result statistics of the manual review and the tool review.
And (3) outputting: and (4) giving a grade definition and evaluation report of the interface management capability maturity degree by combining a 'grading model', and giving a service modification suggestion by combining a corresponding specification.
501 grading model: the scoring model is based on the capability items in the interface management capability maturity evaluation model, and performs detailed checkpoint splitting on each capability item. The principle of checkpoint splitting is that independent determination of each checkpoint can be achieved through manual or tool review. The judgment result is divided into two types of yes/no and matching degree. Each check point is divided into 10 points, and a point judgment of 0-10 is given according to the judgment result.
1) And (3) scoring: full score = number of checkpoints 10, final score = checkpoint 1 score + checkpoint 2 score + \8230, + checkpoint N score;
2) A negative item of a ticket:
(1) if the API interface document cannot be provided for the user, the API interface document cannot be rated as a steady level or above;
(2) if the HTTPS protocol is not used, the system cannot be evaluated as a steady level or above;
(3) if all interfaces return 'HTTP' responses with the status codes of '200', the interfaces cannot be rated as a steady level or above;
(4) if the API which needs identity authentication does not carry out identity authentication, the API can not be evaluated as a steady level or above;
(5) if the GET method is used for creating or updating the resources, the resources cannot be evaluated as a steady level or above;
(6) if the API service monitoring early warning is not carried out, the API service monitoring early warning cannot be evaluated to be the quantization level or above;
(7) if the API calls have no log records, the API calls cannot be evaluated as the quantization level or above;
502 rating definition assessment report:
grade definition: dividing the full score into 5 balanced intervals according to the grade, judging the grade interval according to the final score, and giving the final grade.
When a "one-vote-overrule" occurs, then the self-contained downgrade is to the next level controlled by that item. If the "final score" is within the "quantization level" score interval but a single negative occurs that "cannot be rated as a robust level", then the rating is automatically adjusted to "management level".
And (4) evaluation report: the method comprises four parts of each check point score, a final score, a grade definition and an improvement suggestion. And implements the recommendations when providing reference specifications for the "service provider".
S6, service rectification: and the service provider optimizes and perfects the service according to the rectification suggestion in the evaluation report given by the rating grading of the S5, and the service provider can provide the evaluation material again for a new round of evaluation grading after finishing the service rectification of the S6.
The above embodiments are not intended to limit the present invention, and the present invention is not limited to the above examples, and those skilled in the art may make variations, modifications, additions or substitutions within the technical scope of the present invention.
Claims (10)
1. An evaluation model of interface management capability maturity, characterized by: the evaluation model includes:
evaluation grading: the following 5 grades are classified: an initial stage, a management stage, a steady stage, a quantization stage and an optimization stage;
evaluation range division: the evaluation scope includes the capability item under each capability domain and the check point under each capability item.
2. The interface management capability maturity assessment model of claim 1, wherein:
the initial stage is as follows: API management is not carried out or only carried out in individual service systems, and unified management specifications and processes do not exist;
the management level comprises the following steps: the primary API management is carried out, but the API management specifications and the flow of each module or each service system are not uniform;
the robust stage: API management is implemented according to a uniform API management specification;
the quantization step: the performance of API management can be quantitatively recorded, evaluated, analyzed and monitored;
the optimization stage is as follows: management optimization can be performed according to the performance of API management, and the API management mode becomes the best practice.
3. The interface management capability maturity assessment model of claim 1, wherein: the capability domain comprises architecture style, security, scalability and manageability;
the architecture style capability items comprise specification implementation, API style, API version management, resource operation and HTTP response information;
the capability item of the security comprises API authentication and HTTPS protocol communication;
the capability items of the measurability comprise a statistical form, log records and service monitoring;
the manageability capability items include classification management, document management, and interface testing.
4. A method of evaluating a model for the maturity of the management capabilities of an interface according to any one of claims 1 to 3, characterized by: the evaluation method comprises the following steps: s1, providing a check list, S2, providing evaluation materials, S3, manually reviewing, S4, reviewing by a tool, S5, grading, and S6, modifying the service.
5. The method for model evaluation of interface management capability maturity of claim 4 wherein: s1 providing the checklist means: the "service evaluator" requests a summary list of evaluation materials provided by the "service provider" including, but not limited to, a business information and service collection table, a package of services, a service installation deployment document, an API usage document, a service log management report or log viewing style specification, a service monitoring and forewarning management report or monitoring viewing style specification.
6. The method for model evaluation of interface management capability maturity of claim 4 wherein: s2 provides evaluation materials that: the "service provider" provides the assessment materials in accordance with the checklist, while the "service evaluator" needs to be provided with technical support for installation, deployment, logging, and monitoring of the program in coordination with the audit process.
7. The method for evaluating a model for interface management capability maturity of claim 4 wherein: s3, manual review, including review of the following check points:
301, judging resource operation, namely judging whether the standard HTTP verb is used by the API resource operation;
judging 302 response information, judging whether a state code return result meets an HTTP design specification or not, using a proper state code or not, and verifying whether an API response returns an error state code or not;
303, sensitive information judgment, namely judging whether the HTTP response information exposes sensitive service information;
the step 304 of judging the normalization of the document, namely judging whether an API interface document is provided for a user, whether the document is readable and whether basic information of an interface is displayed;
305 statistics of results: and counting the result of the manual check point.
8. The method for evaluating a model for interface management capability maturity of claim 4 wherein: and S4, auditing the tool, which comprises the following processing modules:
401 rules engine processing module: the rule engine checks, analyzes and evaluates a plurality of dimensionalities of naming modes, word attributes and readability of the interface architecture style, and simultaneously supports the expansion of a self-defined rule in combination with the requirements of a user;
the rule engine judges whether all the API interface URLs are lower case letters, contain spaces and contain special characters through a rule base; judging whether the URL of the API is matched with the rule by using a predefined rule character string so as to filter the URL and give a matching result;
402 simulation request processing module: evaluating the identity authentication of the interface service, whether a filtering parameter is provided and whether HTTPS protocol communication is used;
the processing step is divided into three steps, namely, a request is sent to an interface server through a client or a browser, the server processes received data after receiving the request, and the correctness and the integrity of a returned result of the request are judged;
403 intelligent analysis processing module: the module comprises a keyword library, a user-defined word library and a stop word library function and is used for maintaining words which are allowed or forbidden to appear in the URL;
the module adopts an NLTK word segmentation means to perform word segmentation processing on the URL or the returned result of the API service, and after the word segmentation processing, the module performs comparative analysis on the word segmentation result and a word library of a server architecture, a development language, a self-defined sensitive word or a noun maintained in the word library so as to give an analysis conclusion on whether sensitive information is exposed or not or naming unused nouns is included;
404 statistics of results: and counting the result of the tool checking point.
9. The method for model evaluation of interface management capability maturity of claim 4 wherein: s5, grading, specifically comprising:
inputting: "result statistics" of "manual review" and "instrument review";
and (3) outputting: providing a grade definition and an evaluation report of interface management capacity maturity by combining a 'grading model', and providing a service rectification suggestion by combining a corresponding specification;
501 scoring model: the scoring model takes the ability items of the assessment model as a basis, and carries out detailed check point splitting on each ability item;
the principle of checkpoint splitting is that independent judgment of each checkpoint can be realized through a manual review or tool review mode;
the judgment result is divided into two types of 'yes/no' and 'matching degree', each check point is fully divided into 10 points, the score judgment of 0-10 is given according to the judgment result, and the specific scoring process is as follows:
A. and (3) scoring: full score = number of checkpoints 10, final score = checkpoint 1 score + checkpoint 2 score + \8230, + checkpoint N score;
B. a negative item of a ticket:
(1) if the API interface document cannot be provided for the user, the API interface document cannot be rated as a steady level or above;
(2) if the HTTPS protocol is not used, the system cannot be evaluated as a steady level or above;
(3) if all interfaces return 'HTTP' responses with the status codes of '200', the interfaces cannot be rated as a steady level or above;
(4) if the API which needs identity authentication does not carry out identity authentication, the API can not be evaluated to be a steady level or above;
(5) if the GET method is used for creating or updating the resources, the resources cannot be evaluated to be in a steady level or above;
(6) if the API service monitoring early warning is not carried out, the API service monitoring early warning cannot be evaluated to be the quantization level or above;
(7) if the API calls have no log records, the API calls cannot be evaluated as the quantization level or above;
502 rating definition assessment report:
grade definition: dividing the full score into 5 balanced intervals according to the grade, judging the grade interval according to the final score, and giving a final grade;
when the 'one-ticket negative item' appears, the self-definition is degraded to the next level controlled by the item, if the 'final score' is in the score interval of the 'quantification level', but the 'one-ticket negative item which can not be evaluated as the steady level' appears, the level is automatically adjusted to the 'management level';
and (4) evaluation report: the system comprises four parts of each checkpoint score, a final score, a grade definition and an amendment suggestion, and implements the suggestion when providing a reference specification for a service provider.
10. The method for evaluating a model for interface management capability maturity of claim 4 wherein: s6, service rectification: and the service provider optimizes and perfects the service according to the rectification suggestion in the evaluation report given by the rating grading of the S5, and the service provider can provide the evaluation material again for a new round of evaluation grading after finishing the service rectification of the S6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211629280.3A CN115982012A (en) | 2022-12-19 | 2022-12-19 | Evaluation model and method for interface management capability maturity |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211629280.3A CN115982012A (en) | 2022-12-19 | 2022-12-19 | Evaluation model and method for interface management capability maturity |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115982012A true CN115982012A (en) | 2023-04-18 |
Family
ID=85973291
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211629280.3A Pending CN115982012A (en) | 2022-12-19 | 2022-12-19 | Evaluation model and method for interface management capability maturity |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115982012A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116739393A (en) * | 2023-08-14 | 2023-09-12 | 福建福诺移动通信技术有限公司 | Evaluation method and device for emergency capability maturity of application system |
| CN117112449A (en) * | 2023-10-19 | 2023-11-24 | 深圳市华傲数据技术有限公司 | Maturity assessment method, device, equipment and medium of data management tool |
| CN117436106A (en) * | 2023-11-02 | 2024-01-23 | 中国信息通信研究院 | Classified evaluation model for maturity of password service |
-
2022
- 2022-12-19 CN CN202211629280.3A patent/CN115982012A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116739393A (en) * | 2023-08-14 | 2023-09-12 | 福建福诺移动通信技术有限公司 | Evaluation method and device for emergency capability maturity of application system |
| CN116739393B (en) * | 2023-08-14 | 2023-11-14 | 福建福诺移动通信技术有限公司 | Evaluation method and device for emergency capability maturity of application system |
| CN117112449A (en) * | 2023-10-19 | 2023-11-24 | 深圳市华傲数据技术有限公司 | Maturity assessment method, device, equipment and medium of data management tool |
| CN117112449B (en) * | 2023-10-19 | 2024-04-09 | 深圳市华傲数据技术有限公司 | Maturity assessment method, device, equipment and medium of data management tool |
| CN117436106A (en) * | 2023-11-02 | 2024-01-23 | 中国信息通信研究院 | Classified evaluation model for maturity of password service |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN115982012A (en) | Evaluation model and method for interface management capability maturity | |
| US10115058B2 (en) | Predictive modeling | |
| US20090259685A1 (en) | Infrastructure and Architecture for Development and Execution of Predictive Models | |
| AU2014400621B2 (en) | System and method for providing contextual analytics data | |
| CN114168830A (en) | Public opinion data processing system and method, computer storage medium and electronic equipment | |
| CN114785710A (en) | Method and system for evaluating service capability of industrial internet identification analysis secondary node | |
| CN116069838A (en) | Data processing method, device, computer equipment and storage medium | |
| CN113901476A (en) | Vulnerability verification method, system, equipment and medium based on virtualization environment | |
| CN115730320A (en) | Security level determination method, device, equipment and storage medium | |
| CN112822210A (en) | Vulnerability management system based on network assets | |
| CN116680261A (en) | Data reporting method, system and device | |
| CN111429110A (en) | Store standardization auditing method, device, equipment and storage medium | |
| CN109871211B (en) | Information display method and device | |
| CN114022053B (en) | Auditing system and equipment based on risk factors | |
| CN111045915A (en) | Safety test method and device based on product function test case | |
| CN114049100A (en) | Wisdom government affairs integration platform based on letter creates environment | |
| CN112346938B (en) | Operation auditing method and device, server and computer readable storage medium | |
| CN115168297A (en) | Bypassing log auditing method and device | |
| CN113190461B (en) | System testing method, device and server | |
| KR100816628B1 (en) | Knowledge management system and method using the same | |
| CN113434404B (en) | Automatic service verification method and device for verifying reliability of disaster recovery system | |
| CN116893966A (en) | Test case processing method, device, equipment and storage medium | |
| CN112380210A (en) | Real-time data analysis and statistical reporting method and system | |
| CN117807971A (en) | Report generation method, device, terminal equipment and storage medium | |
| CN116029667A (en) | Optimizing method and system for government portal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |