Sprint 147 Progress Summary
December 15th - December 29th
Executive Summary
Overall Summary
Sprint status is excellent. The Product Team had prioritized the following themes and tasks for Sprint 147. Themes for the sprint included Partner and Community support
+ Forum discussions
+ Support for the Federal Agencies Implementations (VA, CMS, DoD, SSA)
+ Community support
+ Post 4.4 Release - Refactoring and Cleanup Tasks
– Backlog Grooming and JIRA Cleanup
– Refactoring and Technical User Stories
– Process Improvements
+ eHealth Exchange Certification Review/Remaining Issues
– WS-Addressing Must Understand Attribute
– Removing Semantic Text Values
– Purpose of Use and Role Declarations
– Review of EHEX Certification Manual Checklists
+ Validation of Auditing Design against EHEX Checklist
+ Functional and Security Testing Improvements
The team completed 28 points during this holiday impacted sprint. The continued focus this sprint was on reviewing and addressing any compliance issues related to the eHealth Exchange manual checklists. These reviews were conducted based on the checklists provided off of the Healtheway website. The team pulled in several tickets related to Functional and Security Testing Improvements as more was learned working with the latest security scan rule packs and utilizing additional scanning tools.. Supporting our federal partners and their implementation efforts as well as the open source community continues to be a top priority.
Burndown:
Sprint Themes and related tickets for Sprint 147:
Partner and Community support
Post 4.4 Release - Refactoring and Cleanup Tasks
Support for NwHIN eHealth Exchange Certification Review/Remaining Issues
Validation of Auditing Design against EHEX Checklist
Functional and Security Testing Improvements
Other tasks post release
- Continuing to work on the team generated Technical Stories
- Continued backlog grooming and prioritization
- Beginning preparation for the Change Control Board
JIRA Planning Board of Committed User Stories for Sprint 147:
Completed Issues
Key | Summary | Issue Type | Priority | Status | Story Points (28) |
---|---|---|---|---|---|
FHAC-3 | Review CONNECT generated PD request and response against the manual eHex Participant testing checklists | Task | Major | CLOSED | 5 |
FHAC-7 * | Research and follow-up on the PurposeOfUse and Role scoping issue discovered as part of NIST DS testing | Task | Major | CLOSED | 1 |
FHAC-8 * | Set "mustUnderstand" attribute on the WS-Addressing Action element in the SOAP response message | Story | Major | CLOSED | 0 |
FHAC-9 * | CONNECT is removing SemanticsText value for MatchCriterionList elements - MatchAlgorithm and MinimumDegreeMatch | Story | Major | CLOSED | 2 |
FHAC-11 | Review CONNECT generated audit messages against PD initiator and responder manual checklists from HealtheWay | Task | Major | CLOSED | 3 |
FHAC-12 * | Review CONNECT generated audit messages against QD initiator and responder manual checklists from HealtheWay | Task | Major | CLOSED | 2 |
FHAC-13 * | Review CONNECT generated audit messages against RD initiator and responder manual checklists from HealtheWay | Task | Major | CLOSED | 2 |
FHAC-15 | Research Set "mustUnderstand" attribute on the WS-Addressing Action element in the SOAP response message | Task | Minor | CLOSED | 2 |
FHAC-16 * | As a CONNECT developer, I would like the CONNECT internal dependencies (WebServices and CommonTypes) to have snapshot releases | Technical Story | Major | CLOSED | 0 |
FHAC-17 | Research Snapshot creation and how it would apply to Common Types and WebServices | Task | Major | CLOSED | 2 |
FHAC-18 | Apply Snapshot plan to Connect Webservices and CommonTypes | Task | Major | CLOSED | 2 |
FHAC-19 | Follow-up with SCQC on Fortify next steps | Task | Major | CLOSED | 1 |
FHAC-20 * | CI - Add OWASP Dependency Check to nightly jenkins build | Task | Major | CLOSED | 2 |
FHAC-23 * | Follow-up on timestamp expiration issue reported by CMS/OFM (CONN-1580) | Task | Major | CLOSED | 0 |
FHAC-24 * | CONNECT Nightly build -- Bimodal Regression test ValidateSAMLResourceURIAttributeTest failing | Task | Minor | CLOSED | 1 |
FHAC-28 * | Mitigate "Setting Manipulation" Fortify Finding | Task | Major | CLOSED | 1 |
FHAC-29 * | Update ValidateWSA-ActionSoapMustUnderstandTest regression suite test | Task | Minor | CLOSED | 1 |
FHAC-34 * | Mitigate "System Information Leak: Internal" Fortify Findings | Task | Minor | CLOSED | 1 |
Issues Not Completed
Key | Summary | Issue Type | Priority | Status | Story Points (2) |
---|---|---|---|---|---|
FHAC-14 | Determine whether EHEX Cert contributions are needed in the main Gateway code | Task | Major | IN PROGRESS | 1 |
FHAC-33 * | Document CONNECT Development Process in Wiki | Task | Minor | IN PROGRESS | 1 |