bluesteens
commented
1 year ago Triage:
- [x] Is Issue appropriate for OCI Architecture
- [x] Create Steering-level Summary of request
- [x] Assign Size
- [x] Assign Priority
- [x] Assign Label (if needed)
- [x] OCI affected Artifacts Identified
- [ ] Assign Triage - Artifact Version Target (v x.x.x Milestone)
- [ ] Assign Triage - Interop Profile Version Target (v x.x.x Milestone)
- [ ] Create sub-project (if needed)
Affected Parties (help determine Sunrise/Sunset):
- [x] Trading Partners
- [ ] Issuers
- [x] Wallet Solutions
- [ ] PI Verification Solutions
Affected OCI Artifact
- [ ] Schema Document
- [ ] Identity Schema
- [ ] ATP Schema
- [ ] Issuer Conformance Criteria
- [x] Wallet Conformance Criteria
- [ ] VRS Solution Conformance Criteria
- [ ] Wallet API Specification
- [ ] Governance Document
- [ ] Conformance Program
- [ ] OCI Website
- [ ] Internal Process
- [ ] Getting Started
Change Category (Guides Steering Review)
- Steering/Industry Review
- [x] Business-Level (May affect business operations)
- [ ] OCI Governance, Policy or website feature
- Steering/Industry Notification
- [ ] Technical-Level (Do not affect business operations)
- [ ] OCI Internal Process or Infrastructure
Steering summary: NFR requires wallets to keep transaction records for 6+ years. The duration of record-keeping should be dealt with in customer contracts. Suggest rewording to require capability of record storage & transfer without specifying the duration.
the criteria state,
The duration of record-keeping should be dealt with in customer contracts. This requirement ignores the fact that contracts may end before 6 years are up. Does OCI require a wallet provider to keep records of ex-customers (for free)? Customers and providers should negotiate data retention and transfer in their service contract. Setting the duration is beyond the scope of OCI in my opinion. What OCI can ask for is that wallets are capable of relevant data logging.
I suggest to re-word the criteria section as follows:
It may be added that: