NFR003 contains a mix of SHALL and SHOULD that makes it unclear whether the auditability and logging are obligations or -good-to-haves. suggest determining OCI's intention and reword accordingly.
wording:
Solution SHOULD implement an audit trail including non-repudiable digital signatures for all ATPCredential transactions realized on the system. User authentication and activities SHALL be logged. Audit trail SHALL be available for user inspection.
Triage:
[x] Is Issue appropriate for OCI Architecture
[x] Assign Size
[x] Assign Priority
[x] Assign Label (if needed)
[x] OCI affected Artifacts Identified
[ ] Assign Triage - Artifact Version Target (v x.x.x Milestone)
[ ] Assign Triage - Interop Profile Version Target (v x.x.x Milestone)
[ ] Create sub-project (if needed)
Affected Parties (help determine Sunrise/Sunset):
[ ] Trading Partners
[ ] Issuers
[x] Wallet Solutions
[ ] PI Verification Solutions
Affected OCI Artifact
[ ] Schema Document
[ ] Identity Schema
[ ] ATP Schema
[ ] Issuer Conformance Criteria
[x] Wallet Conformance Criteria
[ ] VRS Solution Conformance Criteria
[ ] Wallet API Specification
[ ] Governance Document
[ ] Conformance Program
[ ] OCI Website
[ ] Internal Process
Change Category (Guides Steering Review)
- Steering/Industry Review
[x] Business-Level (May affect business operations)
[ ] OCI Governance, Policy or website feature
- Steering/Industry Notification
[ ] Technical-Level (Does not affect business operations)
bluesteens
commented
1 year ago
for Steering
NFR003 contains a mix of SHALL and SHOULD that makes it unclear whether the auditability and logging are obligations or -good-to-haves. suggest determining OCI's intention and reword accordingly.
wording:
Triage:
Affected Parties (help determine Sunrise/Sunset):
Affected OCI Artifact
Change Category (Guides Steering Review)
- Steering/Industry Review
- Steering/Industry Notification
Communication