Hi Indunil, I noticed that there is already added epic [1] for challenge question and the two user stories added are in 'Design review completed' and 'implementation' started state. EE team members have already derived user scenarios and almost completed adding test cases into TestLink [2].
Is there a possibility that already created user stories getting redundant? It would be greate if you can let us know the user stories that would get changed in earliest possible so that we can stop progressing on them and move on to the other stories. [1]. https://redmine.wso2.com/issues/5483 [2]. https://testlink.wso2.com/linkto.php?tprojectPrefix=IAM&item=testsuite&id=65913 Cheers Sewmini Sewmini Jayaweera *Software Engineer - QA Team* Mobile: +94 (0) 773 381 250 sewm...@wso2.com On Wed, Jan 18, 2017 at 5:37 PM, Nuwan Dias <nuw...@wso2.com> wrote: > > > On Wed, Jan 18, 2017 at 5:10 PM, Indunil Upeksha Rathnayake < > indu...@wso2.com> wrote: > >> Hi, >> >> Currently we are working on implementing C5 user portal in IS. Appreciate >> your suggestions/ideas for the following concerns regarding challenge >> questions. >> >> *1) Is it necessary to include challenge questions in IS 6.0.0 as a >> recovery option?* >> Seems like secret questions are neither secure nor reliable enough to be >> used as a account recovery mechanism. And also most of the vendors has >> completely removed support for security questions including google. In C5, >> security question sets will be some what strengthen the recovery and makes >> it hard to guess the questions. But seems like need to consider whether it >> need to be implemented or not. >> > > I personally have never used a security question to recover any of the > accounts of which I forgot passwords. Its always a recovery through email > or mobile. Therefore I don't see this as a valuable feature. > >> >> *2) Is it necessary to include security questions in user self sign-up >> page? If needed, following way is appropriate?* >> As we have planned, in C5, admin can create several security question >> sets and can configure the minimum number of questions that need to be >> answered by a user. So that in self sign up UI when populating security >> questions to a user, >> >> - security questions need to be categorized according to the security >> question sets >> - all the sets need to be populated for the user >> - user can select any number of security questions from different >> sets not from a same set >> - need to validate whether the user has answered for the minimum >> number of questions >> >> When an answer to a question is personal, the question itself is probably > personal too. Therefore I don't think an admin can decide on what questions > to be asked from you. Its unlikely you'll remember an answer to a question > which is not very relevant to you. If we're doing this (I'm negative on > implementing the feature itself too :)), I think we should let the user > decide his own questions and answers. > > >> Appreciate your ideas on this. >> >> Thanks and Regards >> -- >> Indunil Upeksha Rathnayake >> Software Engineer | WSO2 Inc >> Email indu...@wso2.com >> Mobile 0772182255 >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Nuwan Dias > > Software Architect - WSO2, Inc. http://wso2.com > email : nuw...@wso2.com > Phone : +94 777 775 729 <+94%2077%20777%205729> > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
