Create a Project README

This commit is contained in:
Colin Murphy 2022-08-05 14:44:47 -04:00 committed by GitHub
parent 1d2ddc660a
commit dbfe8995df
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -0,0 +1,39 @@
# Background
CISA and 18F are partnering to build a new .gov registrar.
# Goals for 18F Build (as of 08/04/2022)
**Primary Goal:** Replicate the necessary core functionality in a new system
**Secondary Goal:** Reduce the CISA admin burden while maintaining high security standards
Deprioritized for later:
* Make getting a .gov domain as easy as getting a .com or .us
* Help more government entities set up and maintain their .gov site and infrastructure
* Build awareness and credibility of .gov domains
# Milestones
_To be prioritized and posted_
# Considerations and Tradeoffs
## Success for 18F is...
* A new system that
* Can respond to user needs for all long term goals
* Can reduce the number of actors or decisions in a successful flow
* Upholds a security review process for getting a .gov domain
* Meets code and accessibility standards + open source policy
* Lays the foundation for a “a simple and secure registration process that works to ensure that domains are registered and maintained only by authorized individuals (Dotgov Act)”
* Supporting 1-2 registrant and admin flows with limited improvement and automation, based on value and complexity
* Has or is ready for an ATO
* Coordinating and navigating with procurement processes (RFPs and current vendor agreement)
## Risks
* App may be supported by a combination of manual work and automation, not fully automated
* Scope creep we build a system that cant be ATOd prior to June or Nov 2023
* We build out a narrow slice of the system, which may be insufficient for all registrant and administrative use cases
* We wouldnt be intentionally and directly focused on or prioritizing improving the registrant / admin experience
## Example User Stories (to be prioritized)
* As a potential registrant, I want to learn what I should know about .gov so I can build support inside my organization to get a .gov domain.
* As a registrant, I need the registrar to have strong user authentication so that sensitive domain- or account-impacting actions take place post-authentication.
* As a program lead, I need to ensure that issued domains are from authentic, eligible organizations and requested by someone with authority so that domains are only given to bona fide US-based government organizations.
* As a program lead, I need to run queries on .gov data to ensure alignment with program, agency, and Congressional reporting requirements.
* As a program lead, I want to be able to send messages to individuals, groups, or all registrants so they are aware of important information: status emails (system downtime, etc.) to updates to status of an application. (PENDING, APPROVED, etc.).