Closed bluesteens closed 1 year ago
lleifermann
commented
2 years ago I also agree that this should be part of product or customer negotiations - Not a requirement of the OCI as SOC concentrates a lot around the practices and rules inside of a company.
I am currently working on v3.0.0 of this specification. If we want we can already integrate this change there.
alexcolganLD
commented
2 years ago Agree with @bluesteens and @lleifermann, this is an SLA question not an interoperability conformance question.
bluesteens
commented
1 year ago Triage:
Affected Parties (help determine Sunrise/Sunset):
Affected OCI Artifact
Change Category (Guides Steering Review)
- Steering/Industry Review
- Steering/Industry Notification
rceleste125
commented
1 year ago OCI Affected Artifact: Digital Wallet Conformance Criteria
alexcolganLD
commented
1 year ago Agree this seems like an SLA-level question. The criterion doesn't even specify to whom the report should be provided, which suggests that it's not an interoperability requirement.
bluesteens
commented
1 year ago July, 27: to be released in Digital Wallet Criteria v3.3.0, interop profile v3.2.0
Steering summary: Proposal to remove the hard requirement for a SOC Report.
The requirement is essentially: The Digital Wallet provider SHALL provide a SOC report. See here.
Is this within the scope of OCI to demand this report over all other alternatives? Should it not be left to customer contract negotiations, SLA etc. to specify such requirements?
I suggest to change SHALL to SHOULD if the wording was not to be changed much. (After all, the ISO requirement is also a SHOULD.) Otherwise I suggest to rework the section to be more general in its request and offer SOC only as an example.