user story feedback
User Story: "As a PO, I want to have an authentification on the poll creation page, so I can login to my account."
I see 2 errors:
* As a USER not PO, typically the product owner is not a typical type of user
* Login to my account is a goal not a good reason to get the functionality. Reason could: ... so that I have access to my user data etc.
Do you agree? What else do you suggest?
From a user point of view...authentication may be valuable to help protect their data and ensure it's them logging it. I'd argue a Product Owner could also care about this to protect the data of the consumers so their could be multiple players here.
I think the important thing to note is that one of biggest values of user stories are the conversations that happen with them. The classic user story format helps the team stay user / customer focused and describes value which is can often take a backseat in software development.
In my experience users never want to be authenticated. They already know who they are. There is typically some other product stakeholder who wants users to be authenticated, perhaps to avoid liability.
As a PO, I want to have an authentification on the poll creation page, so I can login to my account."
As a PO, I want users to authenticate on the poll creation page, so that we can ensure privacy of their data and provide traceability to the origins of the creator.
As @Ian Mitchell and @Tony Divel mentioned, authentication is usually for protection of the data which is actually a concern for the company acquiring the data. So in the case, the story could be focused more on the company representative than on the actual user themselves. By providing this as a company, you are in reality providing considerable value to the end user.
I would also add in the acceptance criteria something along the lines of "the authentication process must not be a severe burden on the end user" to represent the users concerns. No one wants to go through a 18 step authentication in order to answer a poll.
What is the current definition of "Done"? Specifically, are there safeguards against unauthenticated access to user data?
Is it sufficient to express the user story, from the perspective of the user and their needs, and allow the Development Team to worry about security?
If not, does this tell us anything about the level of confidence in the Development Team's ability to deliver a "Done" increment?
Thank you so much.