rckrdmrd/trading-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8f0235c096
trading-platform/docs/02-definicion-modulos/OQI-001-fundamentos-auth/requerimientos/RNF-AUTH-001-no-funcionales.md
Adrian Flores Cortes 8f0235c096 [TASK-2026-02-06-ANALISIS-INTEGRAL-DOCUMENTACION] docs: Complete 6-phase documentation analysis 
- FASE-0: Diagnostic audit of 500+ files, 33 findings cataloged (7P0/8P1/12P2/6P3)
- FASE-1: Resolved 7 P0 critical conflicts (ports, paths, dedup OQI-010/ADR-002, orphan schemas)
- FASE-2: Resolved 8 P1 issues (traces, README/CLAUDE.md, DEPENDENCY-GRAPH v2.0, DDL drift, stack versions, DoR/DoD)
- FASE-3: Resolved 12 P2 issues (archived tasks indexed, RNFs created, OQI-010 US/RF/ET, AGENTS v2.0)
- FASE-4: Purged 3 obsolete docs to _archive/, fixed MODELO-NEGOCIO.md broken ref
- FASE-5: Cross-layer validation (DDL→OQI 66%, OQI→BE 72%, BE→FE 78%, Inventories 95%)
- FASE-6: INFORME-FINAL, SA-INDEX (18 subagents), METADATA COMPLETED

27/33 findings resolved (82%), 6 P3 deferred to backlog.
18 new files created, 40+ modified, 4 archived.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 10:57:03 -06:00

36 lines
950 B
Markdown
Raw Blame History

---
id: RNF-AUTH-001
title: "Requerimientos No Funcionales - Autenticacion"
type: "Non-Functional Requirement"
epic: OQI-001
version: "1.0.0"
created_date: "2026-02-06"
---
# RNF-AUTH-001: Requerimientos No Funcionales - Autenticacion
## Seguridad
- Passwords hasheados con bcrypt (cost factor >= 12)
- JWT access tokens expiran en 15 minutos
- Refresh tokens expiran en 7 dias
- Rate limiting: 5 intentos login / 15 min, 3 registros / hora
- 2FA TOTP con backup codes (10 codes, single use)
- OAuth tokens encriptados en reposo
## Rendimiento
- Login response < 500ms (p95)
- Token refresh < 200ms (p95)
- OAuth callback < 2s (incluye exchange con provider)
## Disponibilidad
- Auth service: 99.9% uptime
- Graceful degradation: si Redis falla, fallback a DB sessions
## Escalabilidad
- Soportar 1000 logins concurrentes
- Session storage horizontal via Redis cluster
## Compliance
- OWASP Top 10 mitigado
- Audit log de todos los auth events
Reference in New Issue View Git Blame Copy Permalink