Sprint Review + Planning

Nov 4 - Nov 18, 2013

Executive Summary

Overall Status

Sprint status is good. The Product team had pointed and prioritized the following themes and tasks for Sprint 119 comprising 16 points. The team also did add a few support tickets into the sprint, bringing the story points for the sprint to be 19.5 points. The team completed 15.5 points.

Some of the tickets that were not completed will be moved to the backlog.

Note - Going forward from the next sprint we will not be using 0.5's as a valid point value. This may result in a slight difference(increase) in velocity for the sprints to come.

Burndown

Sprint Themes and related tickets for Sprint 119:

Testing improvements
- Fix CI (JVM CRASH ISSUE) issue discovered as part of the nightly run(CONN-686)
Support community with Release 4.2 deployments and questions
- Update Forgerock's clientsdk.jar to the latest version (CONN-693)
- Patient Discovery response ns6:controlActProcess/ns6:code/@code value from the default MPI adapter is incorrect(CONN-690)
  - Fixed value to be 'PRPA_TE201306UV02'. instead of 'PRPA_TE201306UV'.
- Correct name for patient correlation in universal client(CONN-694)
  - Universal Client displays the organization name instead of the HCID.
- Research related to issues encountered during large payload testing in CMS Environment(CONN-697)
  - Tested the case where a gateway and adapter are on separate VMs and communicating over secured and unsecured adapter interfaces. In all of these cases we see that the whole file is transferred between VMs. We attempted this test with random 1Gb files
  - Tried using file provided by client , encoded and decoded and always got exact matching inputs and output on the initiating/responding side (at the adapter).
- Secured services content type header missing semicolon(CONN-699)
Security scan analysis
- Address SQL Injection Fortify scan results(CONN-683)
- Address SQL Injection Hibernate Fortify scan results(CONN-679)
  - Researched this issue, but do not consider it a vulnerability. Will follow-up further with stakeholders.
- Address Path manipulation scan results(CONN-675)
  - Research work complete. New ticket created for addressing these. (CONN-701, CONN-702)
    - Need to follow-up further with stakeholders.on CONN-702 (added to backlog)
    - CONN-701 will added to the next sprint.
- Address Privacy violation Fortify scan results(CONN-674)
Direct enhancements
- Research tasks(CONN-656, CONN-687)
  - Set up two Direct RI instances on test servers
  - Understood default RI behavior as well as the various code files that would need to be looked at for CONNECT integration.
  - Also learnt that the SOAP edge in the Direct RI has not been enhanced to include the MDN delivery notifications.
  - Goal for now would be to leverage the RI capabilities to make sure that the delivery notifications work fine for SMTP edge. Requirements page on wiki need updates to reflect that.
- Created design approach draft utilizing research results(CONN-637)
Install and test HIEOS with CONNECT codebase(CONN-668)
- Successfully able to install Registry and Repository adapters and make the adapters Apache CXF compatible.
- Testing remains to be done to validate the use cases for query and retrieve along with 2way SSL (will be moved to next sprint)

Prioritized JIRA Planning Board of Committed User Stories for Sprint 119

(https://issues.connectopensource.org/secure/RapidBoard.jspa?rapidView=1&view=planning&versions=visible)

Related Files

Sprint 119 code tag
Sprint 119 review presentation - Notes about the work completed in s119. (Also includes work planned for s120)