lisaredux
commented
5 years ago @ASprinkle @davemcorwin Have we solved the development question and the privacy question for design to pick this up?
Closed ASprinkle closed 4 years ago
lisaredux
commented
5 years ago @ASprinkle @davemcorwin Have we solved the development question and the privacy question for design to pick this up?
ASprinkle
commented
5 years ago @lisaredux To my knowledge, we have not worked out the Privacy question for design to pick this up.
lisamcmichael
commented
5 years ago For 532 – not MVP; need to look into storing PII. @ASprinkle to check with Aaron.
Talk to Development!
aaronburk
commented
5 years ago I recall this question. My understanding is the current design does not allow the user to save the session part way through. I am also recalling the most of the information gets send to the system of record which is SUDS and Open FOrest is not meant to store much of the information. Thus as mentioned above there will be need discussion related to what it would take to build in such functionality on both back and front end but also if that impacts the current security posture. We will need to engage @JonathanLerner54 Jon lerner to look at what PII information is being proposed for storage vs what was approved in the security impact analysis to determine what is needed (if anything from that perspective for this story.
JonathanLerner54
commented
5 years ago Do we have a data dictionary established for this? For ePermits we avoided the PII by pushing the Credit Card information off on the pay.gov. So let's start with the data elements and figure out where it will be held while processing and at rest and go from there. If someone can point me to any documentation we have on this, I can get started with initial review. THANKS!
aaronburk
commented
5 years ago I am not sure if we have a data dictionary per se ( the developers may know) one could easily be created i suspect. THe current system for MBS was reviewed closely and all types of info being collected were approved in the ATO package which included PII, SIA etc. The main difference is it appears the user story would create a "holding area" of sorts or a profile for a user that stores their information for retrieval before final submission and ease of access for future submission. While SUDS would still be the system of record it will be good to have a data dictionary of some sort by workflow for ease of reference for security staff and others. thanks for being so responsive everyone. This is what DevSecOps looks like! :) @carlsonem @ASprinkle @JonathanLerner54 @smahmudFS @mwreiss
ASprinkle
commented
5 years ago For MVP launch 2019/early 2020, we can mock a design to implement informing the applicant early on, that their application cannot be saved to complete later and to ensure they have all documents necessary to complete the application etc... @lisamcmichael @lisaredux Looks like we've got some research to do in the meantime around what it would look like to accomplish the "save and return later" feature.
JonathanLerner54
commented
5 years ago Two approaches:
davemcorwin
commented
5 years ago If the user is logged in at the time you may be able to leverage a solution that involves encrypting the PII with the user's password and keeping it in the session so it's possible for them to "save and continue later" with certain constraints. If you're interested in learning more about this approach, I believe Login.gov does something similar during the Identify Proofing process and I can connect y'all with Jonathan Hooper who is a mastermind at this sort of thing.
lisamcmichael
commented
5 years ago @ASprinkle and @lisaredux a meeting with this group, and Jonathan, would help us better define any MVP option and/or option for later release. Thoughts?
lisaredux
commented
5 years ago @lisamcmichael @ASprinkle Agreed. With a meeting, at least we could scope out the option for a future release if saving options don't make it into the MVP.
In the meantime, for this story, we can design an approach where we put text on the Learn More page and near the PII checkbox (#467). I'll take suggestions for verbiage and will implement into a design as soon as this story is ready to take on
lisamcmichael
commented
5 years ago @lisamcmichael @ASprinkle Agreed. With a meeting, at least we could scope out the option for a future release if saving options don't make it into the MVP.
In the meantime, for this story, we can design an approach where we put text on the Learn More page and near the PII checkbox (#467). I'll take suggestions for verbiage and will implement into a design as soon as this story is ready to take on
Based on the 10/24 "icebox" meeting, we'll wait until Amber is ready to schedule our team's meeting to go over the ideas Joe and Dave have for this story.
lisaredux
commented
4 years ago @ASprinkle Verbiage here in bold in the design: 
ASprinkle
commented
4 years ago @lisaredux can we use the following text: "Please allow up to an hour to complete this form. This session cannot be saved." so that it coincides with the "Application time: Appx. 1 hour" information on the landing page? see tasks list above..
JonathanLerner54
commented
4 years ago Are we saying that the user should expect the completion of the form takes an hour to fill out? or are we saying, that the system will time out if the form is not completed within a one hour time period and they user will have to start over?
ASprinkle
commented
4 years ago @JonathanLerner54 we are expecting the time to complete the application to take up to an hour. We do not expect that the form will time-out at any point in the process. We want people to be able to plan their day and understand that if they start the application, and then stop/walk away without submitting it, that the information they enter won't be saved.
ASprinkle
commented
4 years ago waiting on results of #1003 before we decide on the language.
ASprinkle
commented
4 years ago The Results Are In:
"It may take a while to complete the application. To save time, have all of your documents ready. You won’t be able to save the application to complete it later. The application will be saved once it’s submitted."
lisamcmichael
commented
4 years ago Hi @lisaredux, 4 days ago Amber and I reviewed survey results of the best way to explain that applications cannot be saved. This is the updated content. We have a task to mock it up before going to development. Any questions, just let me know.
It may take a while to complete the application. To save time, have all of your documents ready. You won’t be able to save the application to complete it later. The application will be saved once it’s submitted.
lisaredux
commented
4 years ago @lisamcmichael thanks for the update. That is definitely a nice, clear and concise version. Well-done!
lisaredux
commented
4 years ago Working on the mockup this afternoon
lisaredux
commented
4 years ago @ASprinkle @lisamcmichael here's the latest... feel free to give feedback or, if none, to move it to ready for DEV
ASprinkle
commented
4 years ago @lisaredux that looks like our plan. I would suggest making it a gray hint text. I realize it's bold in the tasks list above, but I don't think we want it bold here. Also, is there anything we can do to the design/flow of the series of information here to make it feel friendlier? Looking at the header, followed by required fields, followed by PII, followed by our new text feels a bit wonky. Any thoughts on how we could present this series of information so that it's friendlier?
lisaredux
commented
4 years ago 
lisaredux
commented
4 years ago @ASprinkle @lisamcmichael @Rebekah-Hernandez Updated designs —
Temporary outfitter:
Noncommercial:
@briandavidson I grabbed the the hint text class from Xmas trees, and it is "usa-form-hint"
lisamcmichael
commented
4 years ago For non-commercial, it's a streamlined application. What do @lisaredux @ASprinkle @Rebekah-Hernandez think about having this (instead of the full "disclaimer)? You won’t be able to save the application to complete it later. The application will be saved once it’s submitted.
Otherwise both applications look good-to-go!
ASprinkle
commented
4 years ago Ahh, good suggestion since it only takes 20 minutes or so. However if someone decided to type in a bunch of detail it could take a while....
Rebekah-Hernandez
commented
4 years ago I think it would be fine to take the bit off about time. Even if they input a lot of details, I don't think we would need to include that it would take "a while". Going into the application, it mentions that it should take 20-30 minutes.
ASprinkle
commented
4 years ago Lets mock it up for the non-commercial group use side. Sounds good? @lisaredux
ASprinkle
commented
4 years ago BTW the Temp OG mocks look really good.
lisaredux
commented
4 years ago @ASprinkle @lisamcmichael @Rebekah-Hernandez Updated non-commercial:
ASprinkle
commented
4 years ago I wonder if "You won't be able to..." as the first intro leaves the user feeling good, or not. Perhaps we should lighten it and switch the order of things... "Your application will be saved once it is submitted. You won't be able to save the application to complete it later." Sound ok?
Rebekah-Hernandez
commented
4 years ago I think that sounds a lot better personally.
lisaredux
commented
4 years ago @ASprinkle OK, here are both mockups...
@briandavidson @mtlaney I grabbed the the hint text class from Xmas trees, and it is "usa-form-hint"
Non-commercial: "Your application will be saved once it is submitted. You won't be able to save the application to complete it later."
Temporary outfitters: "It may take a while to complete the application. To save time, have all of your documents ready. You won’t be able to save the application to complete it later. The application will be saved once it’s submitted."
ASprinkle
commented
4 years ago @lisaredux awesome!
ASprinkle
commented
4 years ago Thanks @briandavidson this looks great on staging!
Notes
Acceptance Criteria
Tasks
Definition of Done