Feature: Business continuity In order to operate during outages of NCR ID in the cloud, the WAN or LAN network, as a retailer, I want to continue to sign in in my associates with as up-to-date as possible account info, i.e. credentials, permissions (role/location based) and profile claims like date-of-birth, for a configurable duration of time that depends on my store resources and other factors --- We need to get the 'latest' version of an account 'locally' so we can be accurate when the cloud service is down or unreachable To analyze what we mean by 'latest' version or 'local' accounts we need to look at the types of clients we have and that each get their own type of Edge ID: a) 'thick clients' runs its own instance of Edge ID, at this time only at 'lanes' b) 'floating clients' are thin and run inside cluster, not bound to a node, and must access the store instance c) 'external clients' are thin and run outside of the cluster, but inside the LAN, and must access the external instance We don't have 'thick external' cause Edge ID can't be deployed out of the cluster. We created dedicated instances of each type of client: a) http://touchpoint.edge-iam for thick clients, deployed on the thick client b) http://store.edge-iam for floating clients, deployed at this point on the control plane c) https://iam.store.corp.ncr.com for external clients supported with http://external.edge-iam for those with in-cluster BFF, deployed also on control plane From there we differentiate 3 locations where accounts can live: a) 'cloud' or 'latest' version which is the SoR for us and as such we consider it 'latest' for a more holistic view however, the cloud could not actually be SoR, but gets its data through sync or federation, what we in store consider 'latest' might not be the actual latest b) 'store' version, i.e. the version of the account we keep in a 'central' location in the store and is effectivly SoR for the thick clients c) 'local' version, i.e. the one we have on thick clients like POS, SCO, tablet or mobile @happy Scenario: Sign-in during WAN or device service outage on any type of client Given the device service is not available And the associate used device login in the store before the outage And the associate has a refresh token that is not expired When the associate signs in using device login Then they are signed in with the latest account info And their store account is not updated @happy Scenario: Sign-in during LAN outage on a thick client Given the device service is not available And the store accounts are not available And the associate cloud account has not changed since their last local sign-in And the associate has a refresh token that is not expired And the associate uses a device that has synced with store since their last cloud sign-in When they sign-in on an edge app using the device login Then they are signed in with the version of the profile available on the device @happy Scenario: Sign-in during store accounts outage Given the device service is available And the store accounts are not available And the associate account has not changed since last login And the associate uses a device that has been synced with store accounts When they sign-in on an edge app using the device login Then they are signed in with a cloud account that matches their store account And their store account is not updated And downstream services get the accurate account info @sad Scenario: Sign-in during LAN outage on a floating or external client Given the device service is not available When the associate tries to sign in Then they are unable to as they cannot reach any Edge ID server @sad Scenario: Associate did not login within the refresh expiration time Given the device service is not available And the refresh expiration is set to 3 days And the associate did not use device login in the last 3 days When they try to sign-in Then they will not be able to And they will be informed that they should reach out to their manager And their manager can print a emergency barcode for them @risky Scenario: Permissions revoked after last login Scenario: Thick client did not sync since permissions revoked Scenario: Profile changed after last login Scenario: Thick client did not sync since profile changed Then we have a potential security issue cause they still have permissions that were revoked or permissions granted based on a profile claim like date of birth @sad Scenario: Permissions granted after last login Scenario: Thick client did not sync since permissions granted Then its annoying that the person can't do certain things or still needs manager approval, but at least its more restrictive.. @bad Scenario: Associate never used device login before device service outage Given the device service is not available And the associate never used device login before the outage When they try to sign-in Then they will not be able to @bad Scenario: Thick client did not sync after first ever sign-in of associate Given the device service is not available And the associate uses a device that is not synced with store accounts When they try to sign-in Then they will not be able to # todo: scenarios where the store accounts / control plane is down # todo: scenarios where redis is down or anything else that prevents us from runnning