Skip to content

V2 requirements #2853

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
elarlang opened this issue Apr 3, 2025 · 1 comment
Closed

V2 requirements #2853

elarlang opened this issue Apr 3, 2025 · 1 comment
Labels
6) PR awaiting review V2 (prev V11) _5.0 - rc1

Comments

@elarlang
Copy link
Collaborator

elarlang commented Apr 3, 2025

I'll propose the list here. If there is no immediate agreement on changes, I'll spin off those into separate issues.

2.1.3 Verify that expectations for business logic limits and validations are documented including both per-user and also globally across the application.

commas, both + also (one is not needed)

2.2.1 commas

2.2.2 Verify that the application is designed to enforce input validation at a trusted service layer. While client-side validation improves usability, it must not be relied upon as a security control.

To be clear, that the use client-side validation is encouraged (and not to be interpreted as disallowed):

While client-side validation is encouraged to be used to improve usability, it must not be relied upon as a security control.

2.3.1 Verify that the application will only process business logic flows for the same user in sequential step order and without skipping steps.

in the expected sequential step order?

2.3.4 commas

2.3.4 Verify that high-value business logic flows are restricted with multi-user approval to prevent unauthorized or accidental actions. This could include but is not limited to large monetary transfers, contract approvals, access to critical nuclear facility operations, healthcare record modifications, access to classified information, or safety overrides in manufacturing.

  • "access to critical nuclear facility operations" - really? :) A bit niche to be worth mentioning here.
  • "healthcare record modifications" - it may depend on the change, but in general I don't think it belongs to the list
  • "or safety overrides in manufacturing" - feels a bit niche as well

Seems to be originating from #1576

2.4.2 Verify that business logic processes require realistic human timing, preventing excessively rapid transaction submissions.

The "logic process" is not the best description here. Maybe "using business logic flows" or something on that direction?
@elarlang elarlang added 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V2 (prev V11) _5.0 - rc1 labels Apr 3, 2025
tghosth added a commit that referenced this issue Apr 3, 2025
@tghosth
Tweak req wording to resolve #2853
ac2b8b4
@tghosth tghosth added 6) PR awaiting review and removed 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet labels Apr 3, 2025
tghosth added a commit that referenced this issue Apr 3, 2025
@tghosth
Tweak req wording to resolve #2853
Loading
Loading status checks…
965db95
@tghosth tghosth mentioned this issue Apr 3, 2025
Merged
@tghosth
Copy link
Collaborator

tghosth commented Apr 3, 2025

Opened #2865

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
6) PR awaiting review V2 (prev V11) _5.0 - rc1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tghosth @elarlang