Lightweight MBT Testing for National e-Health Portal in Norway

We present lightweight model-based testing (MBT) of privacy and authorization concepts of national portal for electronic health services in Norway (which has over a million of visits per month). We have developed test models for creating and updating privacy levels and authorization categories using finite state machine. Our models emphasize not only positive but also negative behavioral aspects of the system. Using edge and edge-pair coverage as an acceptance criteria we identify and systematically derive abstract tests (high level user scenario) from models. Abstract tests are further refined and transformed into concrete tests with detailed steps and data. Although derivation of abstract tests and their transformation into concrete ones are manual, execution of concrete tests and generation of test report are automated. In total, we extracted 85 abstract test cases which resulted in 80 concrete test cases with over 550 iterations. Automated execution of all tests takes about 1 hour, while manual execution of one takes about 5 minutes (over 40 times speedup). MBT contributed to shift the focus of our intellectual work effort into model design rather than test case design, thus making derivation of test scenarios systematic and straight forward. In addition, applying MBT augmented and extended our traditional quality assurance techniques by facilitating better comprehension of new privacy and authorization concepts. Graphical models served as a useful aid in learning these concepts for newcomers.