Minimum standard - SML2
Expected standard - SML3
Excellent standard - SML5
SML1 - Initial usability: Application operates in single user mode, there is no fine-grained authorisation.
SML2 - Use is feasible: Application supports multiple users, but there is no fine-grained authorisation (i.e. all users have the same role).
SML3 - Use is possible by most users: Multiple users, fine-grained authorisation (i.e. users can have different roles).
SML4 - Software is usable: Authentication is externalised (e.g. via social login, federated access management etc) and authorisation is fine-grained (supporting groups and roles).
SML5 - Demonstrable usability: Full rights management by users, sharing/delegation of permissions/access to individual data from within the system. Authentication is externalised. Authorisation is fine-grained and can be externalised (e.g. via LDAP).