Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add user stories #118

Merged
merged 18 commits into from
Jul 25, 2024
Merged

Add user stories #118

merged 18 commits into from
Jul 25, 2024

Conversation

bigludo7
Copy link
Collaborator

@bigludo7 bigludo7 commented Jul 5, 2024

What type of PR is this?

  • documentation

What this PR does / why we need it:

Document user stories as it is a mandatory piece to target stable maturity level.

Which issue(s) this PR fixes:

Fixes #117

Special notes for reviewers:

Changelog input

 release-note
- Add user stories

Additional documentation

This section can be blank.

docs

Add user stories
@bigludo7 bigludo7 requested a review from AxelNennker July 10, 2024 12:58

| **Item** | **Details** |
| ---- | ------- |
| ***Summary*** | As an enterprise application developer, I want to verify the phone number associated with the line from which the call was made, so that I can ensure that I avoid identity theft fraud. |
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To align with SMS OTP definition:
As an enterprise application developer, I want to verify the phone number associated with the line from which the call was made, so I can get a proof of possession of the phone number.

| ---- | ------- |
| ***Summary*** | As an enterprise application developer, I want to verify the phone number associated with the line from which the call was made, so that I can ensure that I avoid identity theft fraud. |
| ***Roles, Actors and Scope*** | **Roles:** Customer:User, Customer:BusinessManager, Customer:Administrator<br> **Actors:** Application service providers, hyperscalers, application developers, end users. <br> **Scope:** <br> - Verifies if the specified phone number (plain text or hashed format) matches the one that the user is currently using. |
| ***Pre-conditions*** |The preconditions are listed below:<br><ol><li>The Customer:BusinessManager and Customer:Administrator have been onboarded to the CSP's API platform.</li><li>The Customer:BusinessManager has successfully subscribed to the Number Verification product from the product catalog.</li><li>The Customer:Administrator has onboarded the Customer:User to the platform.</li><li>The Customer:user performs an authorization request to CSP</li><li>The means to get the access token are known to the Customer:User to ensure secure access of the API.|
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The means to get the access token are known to the Customer:User to ensure secure access of the API.
--> Access token generation initiated by Customer:User is based on network authentication to ensure secure access of the API

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have reworked the sentence and add one step.

| ***Summary*** | As an enterprise application developer, I want to verify the phone number associated with the line from which the call was made, so that I can ensure that I avoid identity theft fraud. |
| ***Roles, Actors and Scope*** | **Roles:** Customer:User, Customer:BusinessManager, Customer:Administrator<br> **Actors:** Application service providers, hyperscalers, application developers, end users. <br> **Scope:** <br> - Verifies if the specified phone number (plain text or hashed format) matches the one that the user is currently using. |
| ***Pre-conditions*** |The preconditions are listed below:<br><ol><li>The Customer:BusinessManager and Customer:Administrator have been onboarded to the CSP's API platform.</li><li>The Customer:BusinessManager has successfully subscribed to the Number Verification product from the product catalog.</li><li>The Customer:Administrator has onboarded the Customer:User to the platform.</li><li>The Customer:user performs an authorization request to CSP</li><li>The means to get the access token are known to the Customer:User to ensure secure access of the API.|
| ***Activities/Steps*** | **Starts when:** The customer application makes a POST verify via the number verification API providing in the request the phone number keyed by the user on the application. This input could be hashed or plain.<br>**Ends when:** The Number verification server answers if the phone number provided corresponds to the one of the line from which the request was triggered. |
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the phone number keyed by the user on the application
--> the phone number provided by the end user in the application

| ---- | ------- |
| ***Summary*** | As an enterprise application developer, I want to retrieve the phone number associated with the line from which the call was made, so that I can ensure that I obtain the correct phone number and avoid identity theft fraud. |
| ***Roles, Actors and Scope*** | **Roles:** Customer:User, Customer:BusinessManager, Customer:Administrator<br> **Actors:** Application service providers, hyperscalers, application developers, end users. <br> **Scope:** <br>-Returns the phone number associated with the access token so API clients can get the number and verify it themselves. |
| ***Pre-conditions*** |The preconditions are listed below:<br><ol><li>The Customer:BusinessManager and Customer:Administrator have been onboarded to the CSP's API platform.</li><li>The Customer:BusinessManager has successfully subscribed to the Number Verification product from the product catalog.</li><li>The Customer:Administrator has onboarded the Customer:User to the platform.</li><li>The Customer:user performs an authorization request to CSP</li><li>The means to get the access token are known to the Customer:User to ensure secure access of the API.|
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The means to get the access token are known to the Customer:User to ensure secure access of the API.
--> Access token generation initiated by Customer:User is based on network authentication to ensure secure access of the API

@bigludo7
Copy link
Collaborator Author

Thanks @jgarciahospital - I've took into consideration your comment.

Copy link
Collaborator

@fernandopradocabrillo fernandopradocabrillo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Collaborator

@AxelNennker AxelNennker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please explain CSP once introducing that term.

Must this text mention network authentication? The customer does not care about the technical means, I think.

Copy link
Collaborator

@AxelNennker AxelNennker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would not use the word "line" if we can avoid it.

@bigludo7
Copy link
Collaborator Author

I would not use the word "line" if we can avoid it.

Fixed !

@bigludo7
Copy link
Collaborator Author

Please explain CSP once introducing that term.

Must this text mention network authentication? The customer does not care about the technical means, I think.

Thanks @AxelNennker for the review.

Added CSP in actor.
I tend to think it makes sense to keep this as we have limitation over Wifi so it provides some indication to the scope of usage to the reader.

@bigludo7 bigludo7 merged commit f69b247 into camaraproject:main Jul 25, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Missing User stories
4 participants