24.05 SSI Credential Issuer - Release Checks

[evegufy]

[!IMPORTANT]
Follow the guidance on how to use the templates.

Release Info

Please provide information on what you want to be included in the Eclipse Tractus-X release. If you are not owner of this issue, please provide the information as comment to the issue. Make sure to assign this issue to expert(s) for their approval, as soon as you have finished preparation. Multiple assignees allowed; they will un-assign themselves once review completed.

Version to be included in Eclipse Tractus-X release: 1.0.0 [RELEASED]

Leading product repository: https://github.com/eclipse-tractusx/ssi-credential-issuer

For the QG Review the latest available Release Candidate (RC) version is to be checked, the RC versions will be kept up to date in the following: 1.0.0-rc.4

Compliance Verifications

This issue tracks all checks, that need to be performed for a product release in Eclipse Tractus-X.

• [x] Interoperability checks performed
• [x] Data Sovereignty checks performed

General Checks

• [x] Tractus-X Release Guidelines(TRGs) fulfilled https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/123

[!NOTE] Note: most criteria for documentation and security are now covered in TRGs

Security Checks

• [x] Thread Modelling Analysis passed https://github.com/eclipse-tractusx/sig-release/issues/673#issuecomment-2122518523

Test Results

• [x] E2E Integration Test passed
• [x] User Journey approved

Helpful Links

• Eclipse Tractus-X openAPI specs on SwaggerHub

[evegufy]

Reviewing Committer: TBD

[evegufy]

Reviewing Committer: TBD

Reviewing Committer is @FaGru3n, thanks for taking it over! as discussed, just let me know in the next couple of days in case it may not be possible anyway.

[ThomasObermeyer]

Review of issuer component done. It s orchestrating the communication between portal and wallet. The interfaces have been defined by a joint specification process .

Approved @kelaja

[pablosec]

Security assessment performed on 2024-05-15 by @szymonkowalczykzf and me.

Threat modeling/risk assessment will be finalized next week, no major risks to be expected. Will update here, as soon as threat modeling has passed.

[FaGru3n]

Reviewing Committer: TBD

Reviewing Committer is @FaGru3n, thanks for taking it over! as discussed, just let me know in the next couple of days in case it may not be possible anyway.

just finished the big points today but not the full qg-check list... legal checks and some remaining security checks are on our list, informed my team but guess for the remaining task of legal stuff, every committer can jump in here... will be back on 27. May... many thanks for your trust. updated the issue at least IMHO no breaking points but small hints

[cbrugg]

INT Tests need to be documented. Testmanagement Approval cannot be given at this time.

[RolaH1t]

QG review 17-May data sov pending TRGs in progress / no blocker Thread modelling discussed 15-May; approval outstanding regression tests in progress user journey approval expected cw21 by @jjeroch

[vialkoje]

no contract offers used in this interaction. therefore criteria not applicable. Expert approval granted.

[RolaH1t]

@evegufy data sov considered ok

[pablosec]

Security assessment performed on 2024-05-15 by @szymonkowalczykzf and me.

Threat modeling passed: eclipse-tractusx/ssi-credential-issuer#139

[cbrugg]

INT Tests are documented. However it was discussed that the Issuer Component would be implicitly tested through the Portal. As the Portal is still not fully done with tests or maybe even still actively developing at this point, please clarify in how far all necessary tests were performed. Thank You!

[jjeroch]

Tests are finished (all credential related tests from portal) and user journey approved with this comment. The Issuer Component works as expected/designed

[cbrugg]

Thank you for your efforts! TM approval can be given then.

[FaGru3n]

Thx for your effort @evegufy , guess last remaining step for QG the following enablement for the workflow https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/136 after we have now an official release

[RolaH1t]

... and the 2 checkboxes on top of this issue shall be checked, so we can formally approve QG ;-)

[evegufy]

Version to included in R24.05: 1.0.0 [RELEASED]

[RolaH1t]

Congrats: Quality Gate fully approved with all necessary pre-requisites fulfilled! Thanks for all your efforts, Roland