Handover Checklist
This is the list of what should be handed over (checked by SaFi side after handed over), and also it is a good agenda for the handover meeting:
- Jira - how is the work managed, how to work with it
- Confluence - how is documentation structured, brief overview
- 3rd parties - what, for what, where it is documented
- Contact persons/channels - for 3rd parties, product, …
- Credentials - where are they, haw are they managed
- Dev level test - what is covered, what not, where to put focus, where to be careful
- Bugs/VAPT findings - which are there for SaFi to pick up
- Planed development for MVP (not business features) - what we were planning to do till the end of January (NFRs, tests, tech debt…)
- Ownership handover
reference: Squad Stakeholders
tech leadership [who shall be the person from SaFi’s side if it is already clear]
Requirements Enrico Benedict Quiñones (Unlicensed)
Technical Analysis/Design Enrico Benedict Quiñones (Unlicensed) Ivan Dev (Unlicensed)
cancelation of VL meetings and let SaFi create their own invites
VIDA: cancelled / handed over
scrum meetings: in progress (see action item at the bottom)
- For developers (workshop, and maybe they already know)
FE (handover to DK team)
common FE handover on 28 November (Monday) 8:30-9:30 CET
IAM specific FE handover at 30 November (Wednesday) 8:30-10:00 CET
VIDA plugin
New device onboarding journey design
Session management
Alert Anti fraud and monitoring
Login and Tracing
Leftover tasks
2nd BE handover session at 29 November (Tuesday) 8:30-10:30 CET
Back-office (OKTA custom token solution)
S2S
current istio based solution
new infra change proposal
Jira
[describe briefly if you have any specifics how is the work in Jira organized]
Board: https://safibank.atlassian.net/jira/software/c/projects/SM/boards/35
How we work for definition of Done
We create tickets for the user story (type: Story) and add all other tickets via the “depends on“ link type. One important dependency is the “Technical analysis“ ticket (type: Technical story) which covers the technical analysis and the design for the user story.
Hygiene filters for IAM for ticket health
Confluence
[If necessary, describe specifics]
Solution Blueprint - high level: IAM Domain
IAM Domain pages - more details: Domain: IAM
All the user stories (except very small ones) have the technical assessment with sequence diagrams.
3rd parties
[what, for what, where it is documented]
VIDA
email list: both Rix and Ivan are on the list
weekly sync (Wednesday, 11am CET): both Rix and Ivan are invited, meeting handed over
Sambit Kumar Dash <sambit.dash@vida.id> - PM(?) (UTC+05:30 - IST)
Srinath Venkataramani <srinath@vida.id> - Tech lead(?) (UTC+05:30 - IST)
Gints Osis <Gints.osis@vida.id> - developer (UTC+2 - EET)
OKTA
Contact Ion Mudreac
Contacts
[Describe important persons and communication channels (e.g. with 3rd party in Lark)]
Lark
Product: IAM
- Rix is on the channel
Slack@SaFiBank
squad-iam
- Rix, Ivan are on the channel
Credentials
[Where are they stored, how are they managed…]
All credentials (VIDA, OKTA, Ably) are stored in Hashicorp Vault:
We do not have any other access to VIDA systems.
Rix is already an admin in OKTA (https://safibank-admin.okta.com/admin/dashboard)
For Ably, the contact is Andre Laksmana (Unlicensed) (FE lead @ DK) or DevOps.
Dev level test
[Describe briefly what is covered, what not, where to put focus, where to be careful]
Current line coverage is >80% (https://sonarqube.safibank.online/projects?search=iam ) so almost everything is covered:
Enrico Benedict Quiñones (Unlicensed) was the delegate in the test workshops by Slavo and also attended the “Workshop - Standard of SaFi Automation Test“ on 18 November. His assignment in the IAM was improving the test coverage ( SM-7125 - IAM: Test coverage In Progress )
VIDA planned a new service release which will allow an arbitrary public key to be registered with them that allows signature generation without a mobile phone (and without the requirement of storing the private key in secure store). Note that this is for developers / testers only, not needed for production. (More details here: https://safibank.atlassian.net/wiki/spaces/ITArch/pages/72221116/VIDA+PKI#Planned-features)
Bugs/VAPT findings
[Which are there for SaFi to pick up]
Contact is User b6b4a.
Key | Summary | T | Assignee | P | Status | Resolution |
---|---|---|---|---|---|---|
SM-7444 | SaFi-2022-21 SaFi Mobile Lack of Logout Functionality | Ivan Dev | Done | Done | ||
SM-7195 | SaFi-2022-14 SaFi Mobile Weak SSL / TLS Cipher Suites Supported | James Karlo | Done | Done | ||
SM-6658 | SaFi-2022-4 SaFi Mobile Application Crashes When Enabling Biometric ID Log In | Aleksa Đurđulov | Done | Done |
Planed development for MVP
[What did you planned to deliver which is not business feature.]
Risky items from the current sprint
Hopefully many of these items can be finished in a best effort basis.
VAPT: SM-7444 - SaFi-2022-21 SaFi Mobile Lack of Logout Functionality Done
Needs design for the login / logout flow.
SM-6489 - [FE] Prepare for VIDA security turn on Done
Depends on SM-7624 - Update VIDA iOS SDK in the app Done and we need to agree on a time for VIDA to do the DB migration.
SM-5784 - Implement credential state update To Do
We may not need this at all…
SM-5786 - Slacker integration To Do
Are the audit logs enough?
SM-5514 - Devise a way to list makers for a given checker To Do
This is nice-to-have only.
SM-6344 - Implement the PoC version of the "Authorizer" approach In Progress
We’ll see how much time Tadeas will have next week…
Other tickets
Assuming all the above tickets will be finished in the current sprint, the following items are for MVP but not yet finished and also not business features:
Features that are emerging from WIP: IT Regulatory Checklist (IT RM, BSP MORB 148) (contanct person: User b6b4a)
SM-7294 - Create component tests for audit logging in IAM Manager To Do
SM-5785 - [NFR] Implement idempotency for IAM services In Progress
SM-7382 - [NFR] Input sanitization - IAM squad To Do
SM-7400 - [NFR] Data privacy - endpoint exposure - IAM squad To Do
Other NFRs that does not yet have a ticket…
Action Items
- Invite Rix to
Product: IAM
Lark channel - Migrate ownership of scrum meetings
- Decide whether separate meetings are needed for future features
- Sync with back-office team about the custom token solution SM-7839 - Utilize IAM's bank user group support Cancelled