Uses can register for specific Web Applications and their functional offerings. This registration will trigger (an existing) backend process and will determine the individual access privileges for the specific application. In addition, all detail needs to be registered in Azure B2C. The interface to this identity management service will enable Uniper to customize and control how users securely interact with your web applications. Hence the B2C Web Portal will offer functions where users can sign up, sign in, reset passwords, and edit their profiles. Since Azure AD B2C implements a form of the OpenID Connect and OAuth 2.0 protocols the web developer will need to use these protocols and its security tokens.
In addition to managing the application access , user will be able to post tickets (issues, requests) to Uniper. Therefore, a simple ticket tracking needs to be implemented as well. Adhering to GDPR regulations a special ticket needs to offered, where user can request to forget their personal data @ Uniper.
The Web Application should implemented meeting the OWASP Top10 Internet security criteria. An independent penetration test will be done and the web developer will responsible any identified short comings. The web portal will also include an information channel for Uniper where Uniper offers news (versions, fixes, maintenance or similar) regarding their web applications. The overall development needs to be based on Azure. Therefore corresponding CI/CD tools and practices (namely git, Azure DevOps) are to be used and as a principle, the web development should follow a cloud native design and make use of PaaS or containers wherever possible.
The development and execution of test cases is included in the project as well as a functional documentation and provisioning of help pages. The scope is limited to this particular web front-end and its backend integration.