eConcinnity.com

Please click on the 'Register' link at the top; it will take you to the required registration screens (There are 2 steps of registration process). Provide the necessary details and documents and await profile approval from our side. It may take sometime to get an approval.

We go through your credentials before approving your profile. In a few cases, you might be required to face an online interview over a internet chat (or voice) session.

Why can't I choose the groups I want to be part of directly? Why does it need an approval at your end?

The groups can be chosen at the time of registration but it is approved only when your supplied credentials match with the kind of work that the group is required to carry out. For e.g., if you are a developer and have requested to be part of 'Business Analysts' group then it is difficult for us to approve this until you have experience and credentials of a business analyst as well, in addition to a developer. It is however possible that a person is allocated to multiple groups based on his / her credentials.

More groups you are part of, more work offers you will get in your worksheet as the site matures up.

How many groups are there at present?

Currently there are seven groups available to be selected.

Online Associates need to request one of the following groups during step 1 of the registration process.

Ø Business Analysts

Ø Architects

Ø Project Managers

Service request initiators would request to be part of following

Ø Customer

Note :- People in other groups can also request for services via 'Engage Us' section.

Affiliates would request to be part of one or multiple of the following.

Ø Affiliate - Resource Providers

Ø Affiliate - Customer Relations

Ø Affiliate - Affiliate Providers

If a person requests to be part of 'Customer' group or one of 'Affiliate' groups, he would not be asked to furnish his experience details, documents etc on the Step 2.

Why is email verification required?

Because it is important for us to connect with people with genuine email Ids. Email verification proves that you have a genuine email address. In addition to being genuine, the email address provided needs to be a registered Paypal address as we send our payments through Paypal using email address as your identification.

Customers may not specify Paypal email addresses. Email verification would still be performed for them.

Why do I need to specify a Paypal email address at the time of registration?

Please see the response to earlier question.

I carry a digital certificate and want to use it for logging in. How do I create a profile attached to the certificate I have?

1) Install your certificate in the browser you use to access our site.

If you are planning to purchase a certificate from a CA (Certificate Authority), we recommend acquiring smart card based certificate from your CA. "e-Tokens", as they are called. These devices keep your private key absolutely safe. Private key is not allowed to be extracted out of eToken in any way and hence will be the best to protect you from identity thefts on the net.

2) Access site's home page and click 'Certificate Login'. This step will directly log you in if an approved profile exists for you. If profile doesn't exist, it will take you to profile creation page. Profile creation has 2 steps that are detailed here.

3) LoginId and Name (First and Last) are extracted from certificate's X500 principal as follows.

ii. LoginId is the space removed version of entire DN.

iii. First Name and Last Name is extracted from CN field of the principal.

LoginID and Name are locked for modification at the time of profile creation.

4) You would be required to specify password even when you are registering with a certificate. This is because in case you want to login from a different browser (possibly in a different location) that does not have your certificate installed, you have an option to login with your email Id and password. However, if your browser has your certificate installed and your profile is approved, you will not be asked to provide password for logging in.

Is there any benefit in certificate based login?

Yes definitely, it has a huge impact on the kind of work offered to you on the site. Some areas of work available on the site (and any new work types in future) demand security and if the work is available in those areas then as part of security plans we have, we would like to verify the people who are working with us. Digital certificates are the best way to do that on the internet. If one of our trusted CAs have issued a certificate to you, we trust you as well to have a valid identity. This would make more volume of work available to you as the site matures ups.

Which all Certificate Authorities are trusted at the moment?

List of entries in our trust store are as under

1) CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US

6) OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US

7) CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

9) OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

10) EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA

13) EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA

14) OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

16) EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

17) OU=Equifax Secure Certificate Authority, O=Equifax, C=US

18) EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA

19) EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

22) EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

23) CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

24) OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US

26) CN=GeoTrust Global CA, O=GeoTrust Inc., C=US

27) CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

28) OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

29) CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US

30) CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE

31) OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

32) OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US

33) CN=CCA India, O=India PKI, C=IN

Explain profile creation process.

Profile creation is a 2 step process. Click on the 'Register' link at the top to begin the process.

In case you possess a certificate, first do as directed here and then proceed.

1) Primary details like name, phone, date of birth, address, email(Paypal registered email), loginId, password etc are expected on step 1. User would also be expected to select the groups he/she would like to be part of. On submitting these details an email is sent to the user at the email address specified, to verify that the email account genuinely belongs to him / her.

2) Step 2 begins when user clicks on the link provided in the email. It asks for further details like qualification and the experience documentation. Once the details are submitted, the documentation is reviewed by our experts before the requested groups are allocated to you; or for that matter, whether your profile will be approved or not. Experts ensure that you carry the necessary experience to carry out the work. You may optionally be asked to appear for an online interview before approval.

3) The documentation required by us is as follows

iv. Scanned copies of

1. Resume (Mandatory) [[It may be a submitted as a electronic document as well, viz, word document, plain text, pdf, etc]]

2. Under graduate, Graduate & Post Graduate Certificates (Optional)

3. Any experience certificates from previous or current employers (Optional)

4. Technical Certification (Optional). For eg, SCJP, SCJD etc.

v. More documents you submit from above list, more chances of your profile acceptance as we will have better confidence.

vi. Submit these documents in the following Zip file structure

documents/

high_school_certificate/

graduation_certificate/

post_graduation_certificate/

experience_certificates/

certifications_acquired/

resume/ [[resume is mandatory]]

4) Our decision on your profile acceptance will be communicated to you on email.

5) In case you have requested to be part of 'Customer' or 'Affiliate' groups, it won't be mandatory for you to furnish details about your qualification, experience, resume etc on Step 2. It is mandatory for only those who would like to work on the assignments available on our site. If you have requested for either for 'Customer' group or one of 'Affiliate' groups at the time of registration then your profile will be approved directly.

How long does it take for my profile to get approved?

For Customers and affiliates, it is approved directly.

For Associates, 1 - 3 days usually, but don't be anxious if you don't hear from us for a week even. Write to 'Candidate Admin' if you wish to know the current status.

In how many ways can I login? What is the difference?

There are 3 ways currently to log into the site.

1) Normal Http login. This can be done by specifying your login Id (or email Id) and password at the top and clicking 'Login' button. It would reveal your password to any traffic interceptors and hence not recommended. Available only for completeness.

2) Secure login is same as above but over SSL. Interceptors can't see the details you have submitted. Recommended if you don't have certificates.

3) Certificate login is for people having digital certificates from trusted CAs. Security sensitive work is only available to people with digital certificates. Simply install your certificate in the browser you use to access our site and click 'Certificate Login' link at the top right of the site. It will log you in if you have an approved profile existing with us.

I want to initiate a service request, why am I asked to register first?

We would like to know who we are serving. In addition, your email address will be used from your profile to convey service deliverables. Also, you would need to complete both the registration steps before you could post work to us.

Which group do I need to choose while registering, in order to request for a service?

All groups can request for services but if you wish to connect with us only to request for a service then we would recommend you to choose 'Customer' group. This group won't be asked to provide qualification, experience certificates and documents etc. It will be easier for you.

Do I need to specify a Paypal email address while registration?

If you are connecting with us as a service request initiator then it is not necessary.

What services are at offer currently?

Please check out our Services section.

How long does it take to fulfill a request?

It depends on the service requested and amount of work to be completed. Please check Services section to know more about it.

Are the services charged for?

Not all of them. Please check our Services section for more details.

I have submitted the work corresponding to the work offer made to me? How do I get paid?

Check out our General Payment Policy.

Where do I check my service credits?

After you login, you will see 'My Account' link in the header area. If you have further queries on your account, please forward them to 'Finance'.

How will I receive work offers?

Once your profile is approved, you need to login into our site. Approved profiles will see Worksheet tab appearing for them. It has three sub tabs, 'Offered Work', 'Accepted Work' and 'Completed Work'.

'Offered Work' sub tab will show the work currently at offer to you. If you do not accept the offer within the specified time, it will vanish from your work sheet. Once you accept the work here, it will take you to the work screen corresponding to work type you have accepted. The work offer itself will be shifted to 'Accepted Work' sub tab on your next visit.

'Accepted Work' sub tab will show you the work offers you have accepted before and those that are still alive. You would need to complete the offer within the stated time, failing which, the offer would expire and vanish. This tab also presents the option to 'Proceed' for the work screen corresponding to the work type accepted before.

'Completed Work' sub tab shows all the work offers you have submitted successfully.

How do I submit the work given to me?

Each work type has a corresponding work screen where you can submit work. Once you accept the work, you would automatically be taken there. If you cannot furnish the details immediately after accepting, you may visit the same screen again from 'Accepted Work' sub tab as described in previous response.

What skills and qualifications do I need to carry, in order to receive Estimation work?

You should be an estimation expert in your current role of an IT Architect, Business Analyst or Project Manager. You could be carrying out estimation exercise utilizing one or more of the following techniques

Function Point Analysis

Work Break Down Structure (WBS)

COCOMO - 2

Do we have work screens corresponding to each estimation technique that people usually apply to arrive at estimation figure?

Yes we have work screens corresponding to following estimation techniques

FP Tool => http://www.econcinnity.com/eConcinnity/faces/work/estimation/functionpoints/FunctionPointCapture.jsp

RCL Tool => http://www.econcinnity.com/eConcinnity/faces/work/estimation/rcl/RequirementsCapture.jsp

WBS Tool => http://www.econcinnity.com/eConcinnity/faces/work/estimation/wbs/WBSCapture.jsp

Notes :

1) RCL(Requirements Capture Language) is an under research subject at the moment. It facilitates requirements capture in a way that automatic requirements sizing is possible in terms of Function Points. Please see more about it at our Research tab.

How is estimation carried out?

Once a service requester submits requirements to us ('Engage Us' section), our work scheduler will pick up experts from the panel of our online associates, depending on their current work load, productivity and skill levels. It will then forward the requirements to them as part of work offers made to them. Experts do have the option to ignore the work offers made to them based on their availability. A single requirement is currently forwarded to maximum of 3 experts in the panel, at a time. If a few experts do not accept the offer within acceptance SLA, the offer is forwarded to other experts in the panel until sufficient numbers of experts have accepted the offer OR none are available. Minimum 1 expert is needed to carry out each stage of estimation. Once an expert accepts the offer, he / she then receive a 'complete by' SLA. If the later SLA is not met for some reason, the offer expires and a fresh offer is made to another expert.

Estimation work flow in a bit more detail

Current work flow has 3 stages as described below. At each stage maximum 3 experts are allowed to work. Once they work out the details related to a stage, they submit the work back to us that we then aggregate before forwarding to next stage.

1) Documentation Review => Experts at this stage are expected to count the number of relevant pages in the requirements documents. This is required because as per our study, 10% - 25% pages that are submitted to us do not contain core requirements but other general unrelated information. The count of relevant pages submitted to us by experts is then aggregated and the future service credits will be given based on these aggregated figures. So, for e.g., a service requester may submit 100 pages to us but only 75 may be relevant (aggregated figure) and we then take this 75 as the number of requirement pages for next stage where estimates are worked out. See our Estimation Payment Policy to understand more about service credits for each stage. On the other hand, if we get a one liner requirement for a big system then our network would deploy their experience to suggest the relevant page count. For eg, if we get a one liner requirement like "we need a payroll system" then our network might come up with an aggregate relevant page count of may be 100 pages as those many pages might actually be required to cover the detailed requirements for a payroll system.

2) Estimate Submission => Experts at this stage are expected to work out 'person days / person hours' estimates according to the estimation methodology of their choice and then submit the figures back to us. We again aggregate the estimates submitted by experts and forward to the next stage. They may choose the estimation technique templates of their choice to make the submissions. However, if the customer has shown preference for a few estimation techniques then only the templates corresponding to those customer chosen estimation techniques will be available for selection.

3) Estimate approval => Aggregated estimation figure is sent to master of 'Estimation & Planning desk' for approval. Master reviews the figure and either approves or rejects. In either case, we forward the aggregated figure back to the service requester. Master's approval means we have more confidence and rejection means less.

How is online security taken care of?

This is an elaborate subject; however, our management has decided to cater to following aspects to carry out security sensitive work to gain better trust levels from our customers and associates. If you have suggestions, do drop in a mail to us or send a message in 'Live Help' section. Security sensitive services are marked in our Services section. (Security sensitive operations are not yet started on this site so please treat this piece as a pre-information to what we are planning and provide suggestions if possible.)

Associate Identity establishment

1) Allowing only those associates to work on security sensitive packets that have proven their identities by means of digital certificates (class 2 and above). They need to sign the work deliverable packets they are submitting before delivering to us.

2) Accepting deliveries on secure socket layer (SSL / TLS) with client certificate authentication enabled. After certificate authentication (Certificate Login), it is verified that a valid profile exists corresponding to that certificate and that the delivery is digitally signed by the submitter using the private key corresponding to the same certificate. Class of certificate will also be verified.

Dividing work in smaller chunks before allocation to our associates

3) Since the large work piece is sub divided into smaller parts, anyone who has access to small part can't do much with it. Some smaller portions may, however, be extremely security sensitive and should not be seen by anyone other that customer who demanded it. In such cases, smaller portion is further sub divided on customer's request.

4) Some small pieces may, however, cannot be further sub divided and they are security critical, we cannot guarantee security of code for such work pieces at the moment.

Ensuring that the integrated chunks are not directly downloadable by anyone other that customer

5) Although the design for the software will be known fully to the architects on our site and there is associated risk of design leak. Code will not be allowed to be seen in total by anyone other than customer. Following operations where code is required to be seen by our associates will be carried out by dividing the work as above.

a. Developer - It will be ensured that developer develops only a small subsection of the entire design so much so that the small piece of code that he/she is developing is meaning less in itself to be used alone. We would additionally have exclusive rights agreement with our associates for security sensitive work.

b. Code Reviewers - Code will be distributed among many code reviewers so the portion of code that any one code reviewer is seeing; cannot be used on its own and is meaning less. We will try to have a feature on the site that will enable us to create a code review policy for the entire design and get it approved by customers before source code development begins.

6) Architecture and design of the software cannot be prevented to be seen in its entirety by architects for the reason that it might cause inconsistency in design if it is allowed to be divided among multiple people. Design work for a project may be given to multiple architects but in a fashion that all of them can see the work of others to be in sync and avoid inconsistencies. So design cannot be as secure as the code will be. We will try to improve here as the time goes.

7) Test data we will use while testing will either be provided by customer or we will generate it as per the guidelines received from customers. If customers provide it, it will be their responsibility to remove and replace any security sensitive data with dummy values before providing to us.

8) Integrated and tested code can only be seen, in its entirety, by the customer who requested for the work. It will be downloadable over SSL.

Online software services delivery has risks of information leaks? How are you planning to address this?

Please see the response above.

Updated On: 9/7/2010 4:24 PM