Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IAL2 verification for non-gov users #349

Open
45 tasks
r-bartlett-gsa opened this issue Jan 7, 2025 · 2 comments
Open
45 tasks

IAL2 verification for non-gov users #349

r-bartlett-gsa opened this issue Jan 7, 2025 · 2 comments

Comments

@r-bartlett-gsa
Copy link
Member

r-bartlett-gsa commented Jan 7, 2025

User Story

As a security officer, in order to ensure the security of sensitive information and privacy of users on Challenge.gov, I would like Challenge.gov to verify user digital identities using facial matching comparison identity verification service provided by Login.gov and comply with NIST 800-63 IAL2 compliance.

Acceptance Criteria:

  • Users with non .gov or .mil accounts have an option to verify at IAL2 level (see screenshot below)
    • Login.gov verification banner is displayed on the following pages:
      • The dashboard page for challenge manager and evaluator roles
      • Challenges list and detail pages for challenge managers
      • Submission evaluation page for evaluator roles
  • When the user clicks on Login.gov verification banner, the user is sent to login.gov to complete identity verification with facial matching comparison
  • If the user is successfully verified, the user gains access to submission and public solvers data (same as gov user)
  • If the user is not verified, the user is sent to failure to proof page, Failure to Proof Page #346
    • The user continues to have IAL1 level access on challenge.gov

Definition of Done

Doing (dev team)

  • Code complete
  • Code is organized appropriately
  • Any known trade offs are documented in the associated GH issue
  • Code is documented, modules, shared functions, etc.
  • Automated testing has been added or updated in response to changes in this PR
  • The feature is smoke tested to confirm it meets requirements
  • Database changes have been peer reviewed for index changes and performance bottlenecks
  • PR that changes or adds UI
    • include a screenshot of the WAVE report for the altered pages
    • Confirm changes were validated for mobile responsiveness
  • PR approved / Peer reviewed
  • Security scans passed
  • Automate accessibility tests passed
  • Build process and deployment is automated and repeatable
  • Feature toggles if appropriate
  • Deploy to staging
  • Move card to testing column in the board

Staging

  • Accessibility tested (Marni)
    • Keyboard navigation
    • Focus confirmed
    • Color contrast compliance
    • Screen reader testing
  • Usability testing: mobile and desktop (Tracy or Marni)
  • Cross browser testing - UI rendering is performant on below listed devices/browsers (Tracy or Marni)
    • Windows/Chrome
    • Windows/Edge
    • Mac/Chrome
    • Mac/Safari
    • iOS/Safari
  • AC review (Renata)
  • Deploy to production (production-like environment for eval capability) (dev team)
  • Move to production column in the board

Production

  • User and security documentation has been reviewed for necessary updates (Renata/Tracy/Dev team)
  • PO / PM approved (Jarah or Renata)
  • AC is met and it works as expected (Jarah or Renata)
  • Move to done column in the board (Jarah or Renata)
@r-bartlett-gsa
Copy link
Member Author

Image

@stepchud
Copy link
Contributor

stepchud commented Jan 9, 2025

how frequently do the users need to perform IAL2? is it every time they login after they verify the first time?can we assume they are always verified if they pass the IAL2 verification once? or does login.gov have their own rules and cadence for reverification?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants