Closed ASprinkle closed 4 years ago
@ASprinkle @davemcorwin Have we solved the development question and the privacy question for design to pick this up?
@lisaredux To my knowledge, we have not worked out the Privacy question for design to pick this up.
For 532 – not MVP; need to look into storing PII. @ASprinkle to check with Aaron.
Talk to Development!
I recall this question. My understanding is the current design does not allow the user to save the session part way through. I am also recalling the most of the information gets send to the system of record which is SUDS and Open FOrest is not meant to store much of the information. Thus as mentioned above there will be need discussion related to what it would take to build in such functionality on both back and front end but also if that impacts the current security posture. We will need to engage @JonathanLerner54 Jon lerner to look at what PII information is being proposed for storage vs what was approved in the security impact analysis to determine what is needed (if anything from that perspective for this story.
Do we have a data dictionary established for this? For ePermits we avoided the PII by pushing the Credit Card information off on the pay.gov. So let's start with the data elements and figure out where it will be held while processing and at rest and go from there. If someone can point me to any documentation we have on this, I can get started with initial review. THANKS!
I am not sure if we have a data dictionary per se ( the developers may know) one could easily be created i suspect. THe current system for MBS was reviewed closely and all types of info being collected were approved in the ATO package which included PII, SIA etc. The main difference is it appears the user story would create a "holding area" of sorts or a profile for a user that stores their information for retrieval before final submission and ease of access for future submission. While SUDS would still be the system of record it will be good to have a data dictionary of some sort by workflow for ease of reference for security staff and others. thanks for being so responsive everyone. This is what DevSecOps looks like! :) @carlsonem @ASprinkle @JonathanLerner54 @smahmudFS @mwreiss
For MVP launch 2019/early 2020, we can mock a design to implement informing the applicant early on, that their application cannot be saved to complete later and to ensure they have all documents necessary to complete the application etc... @lisamcmichael @lisaredux Looks like we've got some research to do in the meantime around what it would look like to accomplish the "save and return later" feature.
Two approaches:
If the user is logged in at the time you may be able to leverage a solution that involves encrypting the PII with the user's password and keeping it in the session so it's possible for them to "save and continue later" with certain constraints. If you're interested in learning more about this approach, I believe Login.gov does something similar during the Identify Proofing process and I can connect y'all with Jonathan Hooper who is a mastermind at this sort of thing.
@ASprinkle and @lisaredux a meeting with this group, and Jonathan, would help us better define any MVP option and/or option for later release. Thoughts?
@lisamcmichael @ASprinkle Agreed. With a meeting, at least we could scope out the option for a future release if saving options don't make it into the MVP.
In the meantime, for this story, we can design an approach where we put text on the Learn More page and near the PII checkbox (#467). I'll take suggestions for verbiage and will implement into a design as soon as this story is ready to take on
@lisamcmichael @ASprinkle Agreed. With a meeting, at least we could scope out the option for a future release if saving options don't make it into the MVP.
In the meantime, for this story, we can design an approach where we put text on the Learn More page and near the PII checkbox (#467). I'll take suggestions for verbiage and will implement into a design as soon as this story is ready to take on
Based on the 10/24 "icebox" meeting, we'll wait until Amber is ready to schedule our team's meeting to go over the ideas Joe and Dave have for this story.
@ASprinkle Verbiage here in bold in the design:
@lisaredux can we use the following text: "Please allow up to an hour to complete this form. This session cannot be saved." so that it coincides with the "Application time: Appx. 1 hour" information on the landing page? see tasks list above..
Are we saying that the user should expect the completion of the form takes an hour to fill out? or are we saying, that the system will time out if the form is not completed within a one hour time period and they user will have to start over?
@JonathanLerner54 we are expecting the time to complete the application to take up to an hour. We do not expect that the form will time-out at any point in the process. We want people to be able to plan their day and understand that if they start the application, and then stop/walk away without submitting it, that the information they enter won't be saved.
waiting on results of #1003 before we decide on the language.
The Results Are In:
"It may take a while to complete the application. To save time, have all of your documents ready. You won’t be able to save the application to complete it later. The application will be saved once it’s submitted."
Hi @lisaredux, 4 days ago Amber and I reviewed survey results of the best way to explain that applications cannot be saved. This is the updated content. We have a task to mock it up before going to development. Any questions, just let me know.
It may take a while to complete the application. To save time, have all of your documents ready. You won’t be able to save the application to complete it later. The application will be saved once it’s submitted.
@lisamcmichael thanks for the update. That is definitely a nice, clear and concise version. Well-done!
Working on the mockup this afternoon
@ASprinkle @lisamcmichael here's the latest... feel free to give feedback or, if none, to move it to ready for DEV
@lisaredux that looks like our plan. I would suggest making it a gray hint text. I realize it's bold in the tasks list above, but I don't think we want it bold here. Also, is there anything we can do to the design/flow of the series of information here to make it feel friendlier? Looking at the header, followed by required fields, followed by PII, followed by our new text feels a bit wonky. Any thoughts on how we could present this series of information so that it's friendlier?
@ASprinkle @lisamcmichael @Rebekah-Hernandez Updated designs —
Temporary outfitter:
Noncommercial:
@briandavidson I grabbed the the hint text class from Xmas trees, and it is "usa-form-hint"
For non-commercial, it's a streamlined application. What do @lisaredux @ASprinkle @Rebekah-Hernandez think about having this (instead of the full "disclaimer)? You won’t be able to save the application to complete it later. The application will be saved once it’s submitted.
Otherwise both applications look good-to-go!
Ahh, good suggestion since it only takes 20 minutes or so. However if someone decided to type in a bunch of detail it could take a while....
I think it would be fine to take the bit off about time. Even if they input a lot of details, I don't think we would need to include that it would take "a while". Going into the application, it mentions that it should take 20-30 minutes.
Lets mock it up for the non-commercial group use side. Sounds good? @lisaredux
BTW the Temp OG mocks look really good.
@ASprinkle @lisamcmichael @Rebekah-Hernandez Updated non-commercial:
I wonder if "You won't be able to..." as the first intro leaves the user feeling good, or not. Perhaps we should lighten it and switch the order of things... "Your application will be saved once it is submitted. You won't be able to save the application to complete it later." Sound ok?
I think that sounds a lot better personally.
@ASprinkle OK, here are both mockups...
@briandavidson @mtlaney I grabbed the the hint text class from Xmas trees, and it is "usa-form-hint"
Non-commercial: "Your application will be saved once it is submitted. You won't be able to save the application to complete it later."
Temporary outfitters: "It may take a while to complete the application. To save time, have all of your documents ready. You won’t be able to save the application to complete it later. The application will be saved once it’s submitted."
@lisaredux awesome!
Thanks @briandavidson this looks great on staging!
Notes
Acceptance Criteria
Tasks
Definition of Done