Spec

WARNING

This page is work in progress. Related issue: #1

Functional Requirements

See also: Functional Requirement on Wikipedia

Productivity

• networked/synced folders

  • per-user folders
  • shared folders (possibly with distinct permissions per user groups)

• powerful mail, calendar and user directory software with either

  • KOrganizer/KMail
  • Thunderbird
  • Webmail such as OpenExchange

• integration with enterprise-grade network printing services accessible from PDF reader, office software, email etc.

• password manager software with integration in browser

• multi-format compression tool (like 7zip)

• option to deploy self-service software catalogue (like flathub)

Device Management

• central management of devices
  • patch management
  • inventar function (end-of-life, software versions etc.)
  • software distribution
  • Lifecycle management

Scalability

• integration with directory service for identity and policy management as well as Single-Sign-On with either

  • Microsoft Active Directory
  • a free alternative, such as FreeIPA (https://www.freeipa.org/)

• automatic deployment of custom certificates

  • import organisation-specific SSL certificates (e.g. to access intranet)
  • import of per-user certificates (e.g. for WiFi or S/Mime)

Security and Robustness

• software update mechanism supporting

  • separate roll-out for different hardware configurations
  • non-interactive unattended updates
  • non-interrupting updates
  • roll back in cases of breaking updates

• regular automated backups of (selected) user folders and application configuration data as well as restore from such backups

  • most important apps: office software, internet browser, KDE profile

• full disk encryption (FDE) supporting

  • password-less unlocking of FDE
  • per-user or per-device secrets for FDE

• support for Security-Enhanced Linux (SELinux) or equivalent

• granular configuration/hardening of the browser

• support for monitoring of network access (highly dependend on organisation requirements)

  • web proxy?
  • VPN?

• optional: seamless login to internet/intranet resources and applications (Kerberos)

Non-Functional Requirements

See also: Non-Functional Requirement on Wikipedia

• secure

  • open source (as per project philosophy) for broad auditability
  • automation with modern DevOps paradigms (declarative or imperative) for reproducible builds and reproducability

• sovereign

  • built to the requirements for the EU public sector
  • highly reusable (promoting sharing across organisations to permit sharing of workload and responsability between EU, national, regional and communal administrations)
  • highly customisable

• sleek: efficient and eco-friendly

  • runs smoothly on hardware procured for Windows 7 and later
  • best use of hardware features for e.g. hardware-accelerated video calls and FDE
  • caching of software packages and updates close the users

• supporting the compliance with

  • General Data Protection Regulation (GDPR) or for entities of the EU administration, the European Union Data Protection Regulation (EUDPR)
  • Network and Information Security Directive 2 (NIS2)
  • EU Cyber Resilience Act
  • ISO 27001 and its national variants
    • 🇩🇪 IT-Grundschutz
    • 🇫🇷 https://cyber.gouv.fr
  • National Sovereignty Schemes
    • 🇫🇷 SecNumCloud (if applicable?)