R24.03 Managed Identity Wallets - Release Checks

[kelaja]

Release Info

Please provide information on what you want to be included in the Eclipse Tractus-X release. If you are not owner of this issue, please provide the information as comment to the issue.

Version to be included in Eclipse Tractus-X release: version placeholder

Leading product repository: repository link

Compliance Verifications

This issue tracks all compliance related checks, that need to be performed for a product release in Eclipse Tractus-X.

• [x] Gaia-X compliance confirmed
• [x] GDPR compliance confirmed (personal data, data protection + privacy DPP)
• [x] Interoperability checks performed
• [x] Data Sovereignty checks performed
• [x] Compliant with relevant published CX Standards (see the Catena-X standard library)

Documentation

• [x] Arc24 documentation up-to-date
• [x] Administrators Guide up-to-date
• [x] End-User manual up-to-date
• [x] Interface documentation up-to-date

Security Checks

• [x] Thread Modelling Analysis passed
• [x] Static Application Security Testing (SAST) scans passed
• [x] Dynamic Application Security Testing (DAST) tests passed
• [x] Secret Scans passed
• [x] Software Composition Analysis (SCA) passed
• [x] Container Scans passed
• [x] Infrastructure as Code (IaC) scans passed

General Checks

• [x] Tractus-X Release Guidelines fulfilled https://github.com/eclipse-tractusx/sig-release/issues/498#issuecomment-1956093662
• [x] Compliant with the Style Guide

Test Results

• [x] E2E Integration Test passed
• [x] User Journey approved

Helpful Links

• Eclipse Tractus-X openAPI specs on SwaggerHub
• Catena-X standard library

[Siegfriedk]

@OSchlienz do we now release it? Or is the issue only the 24.05 release?

[OSchlienz]

@OSchlienz do we now release it? Or is the issue only the 24.05 release?

Hi @Siegfriedk yes we are part of R24.03

[ThomasObermeyer]

No fundamental changes in current release in terms to interoperability. Will review in 24.05 release.

@kelaja Approved for the time being.

[OSchlienz]

@kelaja All relevant published CX-Standards were considered as well as foreseen standard-requests were reviewed (as good as possible).

[OSchlienz]

Documentation for @vialkoje

• Interface documentation
• Architecture Documents Arc42
• Administrators Guide
• End-User manual

[OSchlienz]

@jjeroch could you please confirm compliance with the Style Guide (as MIW has no own UI)

[OSchlienz]

Gaia-X compliance not applicable: the respective operators of the MIW have to provide a self description of their serviceoffering and for themself as participants. @wjost could you please confirm?

[wjost]

Hereby confirmed.

[ThomasObermeyer]

Nö changes regarding interoperability since last release. We will recalibrate with 24.05.

@kelaja approved.

[OSchlienz]

@kelaja please update the information above Version to be included in Eclipse Tractus-X release: 0.3.0 Leading product repository: https://github.com/eclipse-tractusx/managed-identity-wallet

[RoKrish14]

SAST: Approved SCA: Approved DAST: Approved Infrastructure as Code: Approved Secret scans: Approved

[OSchlienz]

@kelaja as there were no significant changes related to GDPR, the declaration of R23.09 can be used. See Jira-ticket https://jira.catena-x.net/browse/CXRM-1883

[szymonkowalczykzf]

Threat Modeling (Security Assessment Process) - Approved The assessment was last updated by Pablo at 28th November 2023. For the upcoming release there is no open critical & high findings. Some security related work based on currently existing recommendations are planned for the release in May and will be evaluated in the following assessment that have to be updated before the release 24.05.

[OSchlienz]

Overview E2E Test Result: https://confluence.catena-x.net/display/PL/2024-02-13+Daily+E2E+Test+-+Release+24.03 @DirkBTSI please confirm

[DirkBTSI]

INT test performed/documented. E2E test performed/documented. One (1) high defect - solved in meantime. TM approved @kelaja : please approve for "E2E Integration Test passed"

[OSchlienz]

Data Sovereignty requirements unchanged for 24.03; @vialkoje could you please approve?

[OSchlienz]

MIW is part of E2E journey Portal/MIW/EDC. For R24.03 no additional business logic was added in regarding the summary credential, certificates and data sovereignty (use case framework credentials), BO from previous releases still valid.

[RolaH1t]

DataSov & Docu pending expert approval Container Scans TRG in work QG approval postponed

[RoKrish14]

Discussed with @borisrizov-zf Container Scans: Approved

[carslen]

MIW version 0.3.0 has already been Q-Gated in release 23.12. Won't check again for release 24.03.

[OSchlienz]

Documentation for @vialkoje

• Interface documentation
• Architecture Documents Arc42
• Administrators Guide
• End-User manual

@vialkoje could you please give your expert approval regarding Data Sovereignty and Documentation? Thanks!

[vialkoje]

Documentation links perfectly provided. Documentation is existing and looking consistent. Expert Approval granted for documentation.

Data sovereignty requirements unchanged for 24.03 - Expert Approval granted Please consider the Quality Gate requirements for the 24.05 release. Thank you !

[RolaH1t]

all pre-conditions fulfilled QG-approval granted Congrats

[RolaH1t]

final conclusion: TRG 5.07 violated (postgresql DB version 14.x) but successfully tested. this is covered in overall release note 24.03 QG closed with these conditions.