Feat/add certification process2

[garloff]

Explain SCS DigiSov and Certs. How to get into compliance.

- Explain the motivation for the SCS certification levels rooted in
  the levels of digital sovereignty.
- Give a practical example how to achieve the SCS certification by
  running the tests.
- Hints on how to get listed, why we have the HM there and how to
  react to failed runs.

[garloff]

Note that I have pushed the changes to the staging branch, so we should see the results in https://docs-staging.scs.community/ in a few minutes.

[garloff]

This one supercedes PR #251.

Please review the end results, I unfortunately went through some trial and error for getting docusaurus to do what I need.

Note that the Markdownlint check fails with or without this patch. It barfs on the generated index files, not sure whether the generation process can be tweaked or whether we'd need to filter things out for that check. In any case, that's unrelated to the contribution from this PR.

[maxwolfs]

Looks good overall. Just two things:

1. Adjust sidebar item titles

I suggest to shorten the sidebar item texts to keep them one liners for better readability such as:

• From Getting SCS-compatible certification (for operators) to Certification Process or Getting Certified
• From Example testing and adjustment for SCS IaaS-compatible compliance to Testing Compliance' or Compliance Testing`
• From Compliant cloud environments overview to 'Compliant Clouds'

2. Move "The taxonomy of digital sovereignty" from Certification Overview Page

Starting with a short introduction and the list of scs certification levels helps engage visitors, reducing the chance of overwhelming with too much text at in the beginning. Introduction sentence could be:

The SCS certification levels build upon the concept of digital sovereignty, categorizing various degrees of control and transparency for cloud services.

[fkr]

This comment applies in the same way as the other: IF this is not the leading document on this matter:

Please don't place infos at arbitrary locations that might then be outdated. I think, it makes sense to point here to the forum but I would refrain from making statements regarding fees since this will lead to be errors on the long run.

[fkr]

I would suggest a different style here:

I think this is a very good place to define our taxonomy and reflect upon it.
I think it is also good to point to the DuD, cloudical and cloudahead articles - however I would not dive into "We'll skip stage 0, introduced by Gregor Schuhmacher in his description, which
specifies using a cloud at all as the pre-step to be taken. This has relevance," because with that you mix the styles. While we're in the process of a (more or less) formal definition, you here fall into a conversational style.

[garloff]

True, good observation. Will fix.

[fkr]

Suggested change

	The levels as seen by the SCS movement are:
	The levels as seen by the SCS movement are:

why is the term 'SCS movement' suddendly introduced? We're not a SCS project or community anymore?

[garloff]

Right, should be SCS project (and in the future maybe Forum SCS-Standards),

[fkr]

Like in my other comment, I would recommend to not hardcode the conditions here unless this becomes the leading document for this. IF this becomes the leading document for this, this should be the place where also the forum then needs to update stuff if things change.

[garloff]

Ideally, we'd have a preliminary Forum Page that we can point to already.
The other option is to sketch the forum conditions here and then remove it as soon as we have the page that we can point to.
Fortunately, the content is not controversial, as this has all been agreed up already thanks to your and Dirk's great work.

[fkr]

I think it is not good practice to talk about future plans in such a document. Document the "as is" case and update if the "as is" case changes.

[garloff]

• From Compliant cloud environments overview to 'Compliant Clouds'

This page was called overview before and the document's name is still overview (and should stay so, as it is linked to from various places). That's why I kept the word "overview" in the title. A compromise could be 'Compliant Clouds overview' to keep the relation with the link name.

[garloff]

3. Move "The taxonomy of digital sovereignty" from Certification Overview Page

Starting with a short introduction and the list of scs certification levels helps engage visitors, reducing the chance of overwhelming with too much text at in the beginning. Introduction sentence could be:

Agreed. While I think we should explain how our understanding of digital sovereignty drives the levels of SCS certification, not everyone wants to read through it, so splitting out additional background info into a separate page makes sense.

[garloff]

I suggest to shorten the sidebar item texts to keep them one liners for better readability such as:

* From `Getting SCS-compatible certification (for operators)` to `Certification Process` or `Getting Certified`

* From `Example testing and adjustment for SCS IaaS-compatible compliance` to `Testing Compliance' or `Compliance Testing`

* From `Compliant cloud environments overview` to 'Compliant Clouds'

Do I need to change the titles in the pages? Or is there a straight-forward way to do it in sidebarStandards.js?

[mbuechse]

I'm not sure I am in a position right now to really review this.

Just a few observations:

• The "welcome page" (top-level page) regarding certification is now a big wall of text. I wouldn't bother to read all of that or try to find the things that interest me. I suggest to make the welcome page quite short and just provide a big-picture overview (2--3 paragraphs) plus a list of links to the pages about specific topics for those who are interested.
• The "Getting certification" page repeats the (authoritative) standard scs-0004-v1. It may be warranted to translate the standard into a more accessible language, but (a) I would be prefer to have the standard accessible as-is, and (b) the redundancy is a flood-gate for divergence and contradictions. There is a reason why I merely linked to the standard.
• The example page is great, but I would make that a blog article and then link to the blog article from the welcome page. To me, the example shows that the scripts are still too cumbersome. For instance, why do we need -V v4? Also, we could use scs-test-runner.py, whose CLI syntax is simpler, but that one immediately sends the report to the compliance monitor (because we don't want to make cherry-picking results a thing).

[garloff]

Just a few observations:

• The "welcome page" (top-level page) regarding certification is now a big wall of text. I wouldn't bother to read all of that or try to find the things that interest me. I suggest to make the welcome page quite short and just provide a big-picture overview (2--3 paragraphs) plus a list of links to the pages about specific topics for those who are interested.

Did you have a look after e23e99c ?
I tried to address this, as Max had pointed this out as well and I agree.

[garloff]

• The "Getting certification" page repeats the (authoritative) standard scs-0004-v1. It may be warranted to translate the standard into a more accessible language, but (a) I would be prefer to have the standard accessible as-is, and (b) the redundancy is a flood-gate for divergence and contradictions. There is a reason why I merely linked to the standard.

• The example page is great, but I would make that a blog article and then link to the blog article from the welcome page. To me, the example shows that the scripts are still too cumbersome. For instance, why do we need -V v4? Also, we could use scs-test-runner.py, whose CLI syntax is simpler, but that one immediately sends the report to the compliance monitor (because we don't want to make cherry-picking results a thing).

Hmmm, I wanted to write a blog article first and then opted for improving the documentation.
So, maybe we do the following:

• Keep the new intro (after e23e99c !) in the docs, hiding the wall of text (explanation of DigiSov) in a separate page.
• We have another look at scs-0004 and check whether it can be made easier to read
• Move the example into the blog article -- additional hints on how to get certification could probably be added there if they don't fit into scs-0004.

Thoughts?

[maxwolfs]

LGTM

[garloff]

PR for blog article still has to be done (cloning the website repo takes ages over satellite internet).
PR for standards is in SovereignCloudStack/standards#781

[garloff]

The PRfor the blog article SovereignCloudStack/website#1029

[mbuechse]

Is this page still a thing?

[mbuechse]

Suggested change

	The technical compatibility validation corresponding to the *SCS-compatible* certification does
	exist since more than a year. There are certificates for two layers of the SCS architecture
	The technical compatibility validation corresponding to the *SCS-compatible* certification has
	existed for more than a year. There are certificates for two layers of the SCS architecture

better yet (insert correct date)

Suggested change

	The technical compatibility validation corresponding to the *SCS-compatible* certification does
	exist since more than a year. There are certificates for two layers of the SCS architecture
	The technical compatibility validation corresponding to the *SCS-compatible* certification has
	existed since 2023. There are certificates for two layers of the SCS architecture