December 15th - December 29th
Executive Summary
Overall Summary
Sprint status is excellent. The Product Team had prioritized the following themes and tasks for Sprint 147. Themes for the sprint included Partner and Community support
+ Forum discussions
+ Support for the Federal Agencies Implementations (VA, CMS, DoD, SSA)
+ Community support
+ Post 4.4 Release - Refactoring and Cleanup Tasks
– Backlog Grooming and JIRA Cleanup
– Refactoring and Technical User Stories
– Process Improvements
+ eHealth Exchange Certification Review/Remaining Issues
– WS-Addressing Must Understand Attribute
– Removing Semantic Text Values
– Purpose of Use and Role Declarations
– Review of EHEX Certification Manual Checklists
+ Validation of Auditing Design against EHEX Checklist
+ Functional and Security Testing Improvements
The team completed 28 points during this holiday impacted sprint. The continued focus this sprint was on reviewing and addressing any compliance issues related to the eHealth Exchange manual checklists. These reviews were conducted based on the checklists provided off of the Healtheway website. The team pulled in several tickets related to Functional and Security Testing Improvements as more was learned working with the latest security scan rule packs and utilizing additional scanning tools.. Supporting our federal partners and their implementation efforts as well as the open source community continues to be a top priority.
Burndown:
Sprint Themes and related tickets for Sprint 147:
Partner and Community support
Post 4.4 Release - Refactoring and Cleanup Tasks
Support for NwHIN eHealth Exchange Certification Review/Remaining Issues
–Set the "mustUnderstand" attribute on the WS-Addressing Action element in the SOAP response (CONN-1506 & CONN-1428)
•Added supporting tests to regression suite for future compliance
–The first resolution to address the Semantic Text removal was only applied to the parameter list in QueryByParameter, still required to be applied for the MatchCriterionList elements in the PD request schema
•Parameters MatchAlgorithm & MinimumDegreeMatch
–Researched and addressed the PurposeOfUse and Role scoping issue discovered as part of NIST DS testing
•Due to the delay in receiving official guidance from Spec factory, set the prefix to be configurable with the default that it is turned off
System Administration Module or Admin GUI (Feature complete)
System Administration Module or Admin GUI documentation
- Requirements wiki page - https://connectopensource.atlassian.net/wiki/x/NQHs
- Design approach - https://connectopensource.atlassian.net/wiki/x/igDs
- Testing artifacts -
Direct enhancements (Feature complete)
Direct documentation
- Requirements wiki page - https://connectopensource.atlassian.net/wiki/x/lwGD
- Design approach - https://connectopensource.atlassian.net/wiki/x/KwGD
- Testing artifacts -https://connectopensource.atlassian.net/wiki/x/EAB3AQ
Other tasks post release
- Updated Regression suite with some minor updates for better consolidation and understanding. (CONN-1538)
- Generated and saved CONNECT messages for all supported releases for future reference (CONN-1567)
- Updated GitHub branching to prepare for next development/release (CONN-1568)
- Prepared for sprint 0 for next release.(CONN-1553). Completed closing all internal tickets(tasks or chores) in external facing JIRA and cataloged what should be created in new internal JIRA. Also, began review of potential user stories from release planning.
- JIRA Planning Board of Committed User Stories for Sprint 146:
JIRA Planning Board of Committed User Stories for Sprint 147:
Completed Issues
Key | Summary | Issue Type | Priority | Status | Story Points (28) |
---|---|---|---|---|---|
FHAC-3 | Review CONNECT generated PD request and response against the manual eHex Participant testing checklists | Task | Major | CLOSED | 5 |
FHAC-7 * | Research and follow-up on the PurposeOfUse and Role scoping issue discovered as part of NIST DS testing | Task | Major | CLOSED | 1 |
FHAC-8 * | Set "mustUnderstand" attribute on the WS-Addressing Action element in the SOAP response message | Story | Major | CLOSED | 0 |
FHAC-9 * | CONNECT is removing SemanticsText value for MatchCriterionList elements - MatchAlgorithm and MinimumDegreeMatch | Story | Major | CLOSED | 2 |
FHAC-11 | Review CONNECT generated audit messages against PD initiator and responder manual checklists from HealtheWay | Task | Major | CLOSED | 3 |
FHAC-12 * | Review CONNECT generated audit messages against QD initiator and responder manual checklists from HealtheWay | Task | Major | CLOSED | 2 |
FHAC-13 * | Review CONNECT generated audit messages against RD initiator and responder manual checklists from HealtheWay | Task | Major | CLOSED | 2 |
FHAC-15 | Research Set "mustUnderstand" attribute on the WS-Addressing Action element in the SOAP response message | Task | Minor | CLOSED | 2 |
FHAC-16 * | As a CONNECT developer, I would like the CONNECT internal dependencies (WebServices and CommonTypes) to have snapshot releases | Technical Story | Major | CLOSED | 0 |
FHAC-17 | Research Snapshot creation and how it would apply to Common Types and WebServices | Task | Major | CLOSED | 2 |
FHAC-18 | Apply Snapshot plan to Connect Webservices and CommonTypes | Task | Major | CLOSED | 2 |
FHAC-19 | Follow-up with SCQC on Fortify next steps | Task | Major | CLOSED | 1 |
FHAC-20 * | CI - Add OWASP Dependency Check to nightly jenkins build | Task | Major | CLOSED | 2 |
FHAC-23 * | Follow-up on timestamp expiration issue reported by CMS/OFM (CONN-1580) | Task | Major | CLOSED | 0 |
FHAC-24 * | CONNECT Nightly build -- Bimodal Regression test ValidateSAMLResourceURIAttributeTest failing | Task | Minor | CLOSED | 1 |
FHAC-28 * | Mitigate "Setting Manipulation" Fortify Finding | Task | Major | CLOSED | 1 |
FHAC-29 * | Update ValidateWSA-ActionSoapMustUnderstandTest regression suite test | Task | Minor | CLOSED | 1 |
FHAC-34 * | Mitigate "System Information Leak: Internal" Fortify Findings | Task | Minor | CLOSED | 1 |
Issues Not Completed
Key | Summary | Issue Type | Priority | Status | Story Points (2) |
---|---|---|---|---|---|
FHAC-14 | Determine whether EHEX Cert contributions are needed in the main Gateway code | Task | Major | IN PROGRESS | 1 |
FHAC-33 * | Document CONNECT Development Process in Wiki | Task | Minor | IN PROGRESS | 1 |