Content
View differences
Updated by Oliver Günther over 2 years ago
# User Problem
## User
_What persona, persona segment, or customer type experiences the problem most acutely?_
* Customer
* Project administrators
* Project managers
* Compliance operators
## Problem
_What problem or job does the user have?_
* All files uploaded into OpenProject are required to be scanned for viruses for compliance reasons
## Pain
_What is the primary workaround that users perform that we could remove or replace? Why is it painful?_
* Manual integration of a webhook and calls to the API to remove attachments after they were uploaded
* This is not 100% secure as the webhook and handling is asynchronous. This means the file is already present and visible on the system
# Business Case
##
## Solution
* Initial iteration: Integration of clamav/clamd running as a daemon on a local or remote server
* Scanning of uploaded files after before they are uploaded, saved or rather, before they are accessible to other users (e.g., introduction of a state/enum to mark attachments as ready/blocked/etc.)
* Block downloading of attachments that are not yet scanned, but allow access to original author for seamless editing
* Notifications to uploaders if their files have been removed
* Notifications for administrators when files were scanned and removed or quarantined
* Admin UI for notifications of which attachments were being scanned and blocked
## Out of Scope for the MVC
_What should NOT be in the minimal viable change, and can be considered for future iterations? Why? Please order them by importance._
* Integration with an ICAP service
* Admin UI for notifications of which attachments were being scanned and blocked
## Differentiation
_What do you believe will differentiate us from the current experience or competitive experiences?_
* It does not differentiate us. It is a legal / compliance requirement for larger institutions
## Next iteration
_What is the next solution that would allow us to release meaningful customer value quickly?_
* Integration to an ICAP service, a standard protocol for content scanning and filtering
# Launch and Growth
## Measures
_How will you know you solved the problem? Please list measurable, quantitative indicators (preferred) or qualitative ways you plan on assessing the solution?_
* We fulfill all MUST and SHOULD requirements of the [BSI OPS1.1.4 measures for virus protection.](https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/IT-GS-Kompendium_Einzel_PDFs_2023/04_OPS_Betrieb/OPS_1_1_4_Schutz_vor_Schadprogrammen_Edition_2023.pdf?__blob=publicationFile&v=3#download=1)
## Messaging
_If you were to write a press release, how would you describe the value to customers?_
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><tbody><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Headline</p></th><td class="op-uc-table--cell"><p class="op-uc-p">OpenProject integrates virus scanning for all uploaded files</p></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">First Paragraph</p></th><td class="op-uc-table--cell"><p class="op-uc-p"></p></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Customer Quote</p></th><td class="op-uc-table--cell"><p class="op-uc-p"></p></td></tr></tbody></table></figure>
## Go to market
_How are you planning on getting this into users' hands?_
## User
_What persona, persona segment, or customer type experiences the problem most acutely?_
* Customer
* Project administrators
* Project managers
* Compliance operators
## Problem
_What problem or job does the user have?_
* All files uploaded into OpenProject are required to be scanned for viruses for compliance reasons
## Pain
_What is the primary workaround that users perform that we could remove or replace? Why is it painful?_
* Manual integration of a webhook and calls to the API to remove attachments after they were uploaded
* This is not 100% secure as the webhook and handling is asynchronous. This means the file is already present and visible on the system
# Business Case
##
## Solution
* Initial iteration: Integration of clamav/clamd running as a daemon on a local or remote server
* Scanning of uploaded files after
* Block downloading of attachments that are not yet scanned, but allow access to original author for seamless editing
* Notifications to uploaders if their files have been removed
* Notifications for administrators when files were scanned and removed or quarantined
* Admin UI for notifications of which attachments were being scanned and blocked
## Out of Scope for the MVC
_What should NOT be in the minimal viable change, and can be considered for future iterations? Why? Please order them by importance._
* Integration with an ICAP service
* Admin UI for notifications of which attachments were being scanned and blocked
## Differentiation
_What do you believe will differentiate us from the current experience or competitive experiences?_
* It does not differentiate us. It is a legal / compliance requirement for larger institutions
## Next iteration
_What is the next solution that would allow us to release meaningful customer value quickly?_
* Integration to an ICAP service, a standard protocol for content scanning and filtering
# Launch and Growth
## Measures
_How will you know you solved the problem? Please list measurable, quantitative indicators (preferred) or qualitative ways you plan on assessing the solution?_
* We fulfill all MUST and SHOULD requirements of the [BSI OPS1.1.4 measures for virus protection.](https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/IT-GS-Kompendium_Einzel_PDFs_2023/04_OPS_Betrieb/OPS_1_1_4_Schutz_vor_Schadprogrammen_Edition_2023.pdf?__blob=publicationFile&v=3#download=1)
## Messaging
_If you were to write a press release, how would you describe the value to customers?_
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><tbody><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Headline</p></th><td class="op-uc-table--cell"><p class="op-uc-p">OpenProject integrates virus scanning for all uploaded files</p></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">First Paragraph</p></th><td class="op-uc-table--cell"><p class="op-uc-p"></p></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Customer Quote</p></th><td class="op-uc-table--cell"><p class="op-uc-p"></p></td></tr></tbody></table></figure>
## Go to market
_How are you planning on getting this into users' hands?_