Back to Forum

user story feedback

Last post 05:28 pm July 19, 2020 by Katharina Kluge
5 replies
Katharina Kluge
12:07 pm July 17, 2020

User Story: "As a PO, I want to have an authentification on the poll creation page, so I can login to my account."

I see 2 errors: 

* As a USER not PO, typically the product owner is not a typical type of user

* Login to my account is a goal not a good reason to get the functionality. Reason could: ... so that I have access to my user data etc.

Do you agree? What else do you suggest?

Tony Divel
12:13 pm July 17, 2020

From a user point of view...authentication may be valuable to help protect their data and ensure it's them logging it. I'd argue a Product Owner could also care about this to protect the data of the consumers so their could be multiple players here. 

I think the important thing to note is that one of biggest values of user stories are the conversations that happen with them. The classic user story format helps the team stay user / customer focused and describes value which is can often take a backseat in software development. 

 

Ian Mitchell
01:50 pm July 17, 2020

In my experience users never want to be authenticated. They already know who they are. There is typically some other product stakeholder who wants users to be authenticated, perhaps to avoid liability.

Daniel Wilhite
05:15 pm July 17, 2020

As a PO, I want to have an authentification on the poll creation page, so I can login to my account."

How about 

As a PO, I want users to authenticate on the poll creation page, so that we can ensure privacy of their data and provide traceability to the origins of the creator.

As @Ian Mitchell and @Tony Divel mentioned, authentication is usually for protection of the data which is actually a concern for the company acquiring the data. So in the case, the story could be focused more on the company representative than on the actual user themselves.  By providing this as a company, you are in reality providing considerable value to the end user.  

I would also add in the acceptance criteria something along the lines of "the authentication process must not be a severe burden on the end user" to represent the users concerns.  No one wants to go through a 18 step authentication in order to answer a poll. 

Simon Mayer
07:45 pm July 17, 2020

What is the current definition of "Done"? Specifically, are there safeguards against unauthenticated access to user data?

Is it sufficient to express the user story, from the perspective of the user and their needs, and allow the Development Team to worry about security?

If not, does this tell us anything about the level of confidence in the Development Team's ability to deliver a "Done" increment?

Katharina Kluge
05:28 pm July 19, 2020

Thank you so much. 

By posting on our forums you are agreeing to our Terms of Use.

Please note that the first and last name from your Scrum.org member profile will be displayed next to any topic or comment you post on the forums. For privacy concerns, we cannot allow you to post email addresses. All user-submitted content on our Forums may be subject to deletion if it is found to be in violation of our Terms of Use. Scrum.org does not endorse user-submitted content or the content of links to any third-party websites.

Terms of Use

Scrum.org may, at its discretion, remove any post that it deems unsuitable for these forums. Unsuitable post content includes, but is not limited to, Scrum.org Professional-level assessment questions and answers, profanity, insults, racism or sexually explicit content. Using our forum as a platform for the marketing and solicitation of products or services is also prohibited. Forum members who post content deemed unsuitable by Scrum.org may have their access revoked at any time, without warning. Scrum.org may, but is not obliged to, monitor submissions.