...
New EWP Network users (HEIs or third party providers) need to undergo a two-tier admission process. The first part of this process is authentication to take part in EWP. The second part of the admission is about the technical ability of the partner to exchange information via the EWP network. Ultimately DG Education and Culture as business owner of Erasmus Without Paper is responsible for authorizing institutions to become part of the EWP network. DG EAC delegates this authority to the Competence CentreEWP governance structure.
Once an applicant institution is authenticated by the EWP Steering Committee (as DG EAC delegate), the applicant needs to be admitted technically in the production environment as well. The technical admission is only necessary for applicants who do not use a so-called trusted software provider. Trusted software providers are known by the EWP-partners and have shown their ability to develop good-working APIs. HEIs wanting to join the EWP network using one of the trusted software solutions, don’t need to undergo the complete technical admission process.
...
As a first step an interested institution will consult the information in the EWP Competence CentreKnowledge Base. Each institution needs to decide whether to follow the two-tier vetting process or whether they use a trusted software provider that does not need to undergo the technical vetting.
The EWP Steering Committee will require a formal MoU signed by the Legal Representative of the applying institution or the trusted software provider.
...
Once both admission processes have a positive outcome, the EWP Technical Support Team will add the URL of the manifest file of the applicant HEI to the production registry. By doing so the applicant becomes part of the EWP network and agrees to the EWP rules and obligations. In case of a serious violation or complaints by other EWP users a revocation procedure can be installed by contacting us via the Competence Centre Knowledge Base (see below). As part of the obligations, institutions agree not to add additional APIs to their production manifest file before it has released and tested these new APIs in the development environment.
...
We should keep in mind that things can go wrong. When institutions violate the use of EWP there should be an exit strategy. The Competence Centre contact section in the Knowledge Base will be the central point where institutions can report incidents and complain about the quality of APIs of any particular institution, the unavailability of a server, partners that are not trustworthy. The Competence Centre EWP Governance structure will try to settle disputes and has the ability to decide to exclude a certain institution from the production registry. The institution will need to prove again its ability and trustworthiness in the development environment. In cases of extreme violation the Competence Centre EWP governance structure has the competence to temporally exclude an institution from EWP.
...