RingBase. Software Requirements Specification. Feb 11, 2014. Chandra Krintz CS 189A. Wednesday 6PM. Date Feb 11, 2013 Mentor Colin Kelley

Similar documents
Software Requirements Specification

Workday Mobile Security FAQ

Software Requirements Specification

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Attack and Penetration Testing 101

A Model of the Operation of The Model-View- Controller Pattern in a Rails-Based Web Server

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

SaaS-Based Employee Benefits Enrollment System

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

BASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS

Where every interaction matters.

Gateway Apps - Security Summary SECURITY SUMMARY

Mobile Maker. Software Requirements Specification

BeBanjo Infrastructure and Security Overview

elearning for Secure Application Development

Building a CloudStack UI for the Enterprise

Avaya Inventory Management System

System Administration Training Guide. S100 Installation and Site Management

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Developing ASP.NET MVC 4 Web Applications MOC 20486

The Great Office 365 Adventure

Login with Amazon. Getting Started Guide for Websites. Version 1.0

GOA365: The Great Office 365 Adventure

DreamFactory & Modus Create Case Study

Guidelines for Web applications protection with dedicated Web Application Firewall

tibbr Now, the Information Finds You.

Traitware Authentication Service Integration Document

JVA-122. Secure Java Web Development

Sisense. Product Highlights.

This course provides students with the knowledge and skills to develop ASP.NET MVC 4 web applications.

Web Application Security

Architecture Workshop

(WAPT) Web Application Penetration Testing

SERENA SOFTWARE Serena Service Manager Security

Use Cases for Argonaut Project. Version 1.1

Web Applications: Overview and Architecture

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith

The Learn-Verified Full Stack Web Development Program

70-487: Developing Windows Azure and Web Services

Offerte del 13 giugno 2014

Acronym Full Name Description. RoR Ruby on Rails Web application framework

Onegini Token server / Web API Platform

Vodafone Secure Device Manager Administration User Guide

Hack Proof Your Webapps

Security Testing with Selenium

EOP ASSIST: A Software Application for K 12 Schools and School Districts Installation Manual

Mobile Admin Security

Developing ASP.NET MVC 4 Web Applications

WSO2 Message Broker. Scalable persistent Messaging System

Server Software Installation Guide

Developer Tutorial Version 1. 0 February 2015

MOBILE APPLICATION FOR EVENT UPDATES SATYA SAGAR VANTEDDU. B.Tech., Jawaharlal Technological University, 2011 A REPORT

Framework as a master tool in modern web development

05.0 Application Development

Criteria for web application security check. Version

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Oracle Communications WebRTC Session Controller: Basic Admin. Student Guide

Security features of ZK Framework

ISL Online Integration Manual

CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities

Personal Profile. Experience. Professional Experience

Ruby on Rails Secure Coding Recommendations

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

StuccoMedia is hiring!

isupplier PORTAL ACCESS SYSTEM REQUIREMENTS

Web Application Vulnerability Testing with Nessus

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Excellence Doesn t Need a Certificate. Be an. Believe in You AMIGOSEC Consulting Private Limited

Manual. Netumo NETUMO HELP MANUAL Copyright Netumo 2014 All Rights Reserved

You need to be assigned and logged in to the system by the Records Management Service in order to use it.

Implementing Microsoft Office Communications Server 2007 With Coyote Point Systems Equalizer Load Balancing

Realtime

LBSEC.

In a browser window, enter the Canvas registration URL: silverlakemustangs.instructure.com

Cloud Security:Threats & Mitgations

Flexible Identity Federation

Living Requirements Document: Sniffit

Comodo Mobile Device Manager Software Version 1.0

Check list for web developers

Magento Security and Vulnerabilities. Roman Stepanov

Acunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.

HTML5. Eoin Keary CTO BCC Risk Advisory.

Acquia Introduction December 9th, 2009

NUTECH COMPUTER TRAINING INSTITUTE 1682 E. GUDE DRIVE #102, ROCKVILLE, MD 20850

Customer Bank Account Management System Technical Specification Document

Casper Suite. Security Overview

DOCUMENT REFERENCE: SQ EN. SAMKNOWS TEST METHODOLOGY Web-based Broadband Performance White Paper. July 2015

Net 2. NetApp Electronic Library. User Guide for Net 2 Client Version 6.0a

Understanding Evolution's Architecture A Technical Overview

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

Hack Yourself First. Troy troyhunt.com

CS 188/219. Scalable Internet Services Andrew Mutz October 8, 2015

Building a Scalable News Feed Web Service in Clojure

Sitefinity Security and Best Practices

How To Write A Web Server In Javascript

Cyber Security Workshop Ethical Web Hacking

1. INTERFACE ENHANCEMENTS 2. REPORTING ENHANCEMENTS

Developing ASP.NET MVC 4 Web Applications Course 20486A; 5 Days, Instructor-led

Transcription:

RingBase Software Requirements Specification Feb 11, 2014 Group Name: RingBase Instructor Course Lab Section Teaching Assistant Chandra Krintz CS 189A Wednesday 6PM Geoffrey Douglas Date Feb 11, 2013 Mentor Colin Kelley Andrew Berls 4719696 andrew.berls@gmail.com Pete Cruz 5226196 petesta@live.com Alex Wood 4960381 awood314@gmail.com Shervin Shaikh 5074901 shervinater@gmail.com Nivedh Mudaliar 4875266 nivedh.mudaliar@gmail.co m 1

Table of Contents 1. Overall Description 1.1 Product Perspective 1.2 Product Functionality 1.3 Users and Characteristics 1.4 Operating Environment 1.5 Design and Implementation Constraints 2. Specific Requirements 2.1 External Interface Requirements 2.2 Hardware Interfaces 2.3 Software Interfaces 2.4 Communications Interfaces 2.4 Non Functional Requirements 3. User Stories 2

1. Overall Description 1.1 Product Perspective http://yuml.me/edit/02f3c231 1.2 Product Functionality The software will enable a business to set up an ad hoc call center for its employees. It will track basic information about each employee, such as their name, email, phone number, and gravatar. It will contain a dashboard where a manager can see incoming calls (caller ID, city, state, name). Agents can claim a call (either through their telephone or WebRTC) and once accepted that agent sees a shared view for adding notes about the call & dollar amounts. The platform will update in real time for all viewers so there is no need to refresh the page. Agents can pass calls around, either back into the pool or directly to another agent. The software will keep and display a call log of calls and their notes over time. Database Schema 3

1.3 Users and Characteristics RingBase targets three types of users: Agents, Managers, and Customers. Agent is an employee who is overseeing the incoming calls through a dashboard and either answers the call or forwards the call to another suitable agent. Manager is an employee but also has an additional role of overseeing all agents and has access to statistics such as individual/aggregate agent performance and sale numbers from each call. They are able to access all of the data generated by all employees. Customer makes a call that is then displayed on the agents dashboard and interacts with an agent over the line. 4

1.4 Operating Environment Our operating environment will consist of the following: Amazon EC2 virtualized on demand servers Ubuntu 12.04 server OS Ruby 2.1.0 dynamic server side language Rails 4.0.0 MVC web application framework nginx 1.2 High performance HTTP server / reverse proxy Unicorn 4.6.0 Rack application server for Rails PostgreSQL Relational database Apache Cassandra Distributed NoSQL database, for storing call data EventMachine / Goliath Asynchronous framework and server for socket broker WebSockets Protocol/API for long lasting browser connections AMQP/RabbitMQ Pub/Sub messaging protocol for communication between socket broker and external Invoca API AngularJS 1.2 Javascript MVC Framework 1.5 Design and Implementation Constraints Our platform will consist of several services running concurrently on virtualized Amazon EC2 instances. This gives us the ability to scale infrastructure up and down on demand, using a variety of available instance sizes. The app requires a rich frontend experience, with real time updates based on data from the server, and views shared between multiple people for adding notes, etc. The frontend will utilize the Angular MVC framework to provide unified code structure and modularity. Our backend includes a minimal Rails application, which handles the basics of authentication (using bcrypt for password hashing), protection against XSS/CSRF, and page serving. Most of the platform s functionality will be part of a separate broker service, which will be an independent server running EventMachine/Goliath and acting as a broker between Invoca s real time telephony API and our clients (managed over WebSockets). The only communication layer between the Rails app and the Goliath broker is a shared PostgreSQL database. 5

This architecture enables a clean separation of concerns into separate services/servers. The majority of our backend code will be written in Ruby, while frontend functionality will be implemented in JavaScript (CoffeeScript). The uniformity will allow for code that can be understood by all members of the team as well as shared coding standards. 2. Specific Requirements 2.1 External Interface Requirements The platform will consist of responsive pages that update in real time, showing tge manager incoming calls and agents have claimed them. There will be a common input view with a textarea for allows agents to enter notes and annotations as well as an input to enter in dollar amounts (positive number) for their call. This view will have buttons that allow agents to pass their phone call back into the pool and a selector where they can choose a specific agent to pass their call onto. There will also be a view that allows users to view the call log and note history. 2.2 Hardware Interfaces As the platform is a web application, there are no specialized hardware interfaces. Users will interact with the app through their browsers (Chrome, Firefox, Android Browser, Android Chrome, ios Safari), although once a call is accepted it may be forwarded to their physical telephone (all devices landline, cell phone, etc). 6

2.3 Software Interfaces Web UI (HTML/SCSS, CoffeeScript) Ruby on Rails (MVC architecture) JSON (data serialization) PostgreSQL Apache Cassandra EventMachine / Goliath (async server) AMQP (messaging protocol) 7

2.4 Communications Interfaces Communication between client browsers and our servers will happen over HTTP, and leverage the WebSockets API for persistent connections and information transfer in real time (using JSON as a serialization format). Backend services (such as our messaging broker and Invoca s API) will communicate using the AMQP protocol, using a system such as RabbitMQ. JSON will also be used on the backend for serializing data. 2.5 Non Functional Requirements Safety & Security Data integrity and security is of paramount importance. As our platform is a hosted offering, our database will store valuable business data for many different clients, and any leakage of data between clients or unauthorized external access would have very negative consequences. Fortunately, Ruby on Rails provides built in protection against many common web security vulnerabilities such as cross site request forgery (CSRF), cross site scripting (XSS), and SQL injection attacks. Combined with rigorous access checking in our application code and a robust test suite, we can have a high degree of confidence in the security of our application s data and business rules. To enable users to log in to the platform, we store password data hashed/salted with the BCrypt library, which is also included as part of Rails. BCrypt hashing is an expensive operation, making brute force or dictionary attacks infeasible. Performance Most interactions on our platform are required to happen in real time, and so it is crucial that our servers be able to handle load and rapidly handle requests. Jakob Nielsen of the Nielsen Norman user experience research group observes that 100ms is the limit for a user to feel that an event has occurred instantaneously, and that 1 second is the limit for noticing a delay and being interrupted. Thus, we will strive to respond to all requests within 100 300ms, with 1 second being the maximum time tolerated. To accomplish this, we will seek to finely tune SQL queries and long running operations, utilize caching techniques, and so on. 8

Software Quality Our platform consists of many different services and components working together, and it s important for us to have a shared coding standard to maximize readability and make it easy for any developer to understand any section of code. Rails prescribes some defaults regarding coding and naming conventions, and we will use published style guides for Ruby, CoffeeScript, etc. as a standard when writing code. 9

3. User Stories Manager head of the travel agency Agent an employee at the travel agency Customer one who calls the travel agency to arrange itinerary/flight plans Travel Agency MVP: As a manager/agent, I can log in and log out (EASY) Acceptance: I can visit a page, enter my credentials into a form and be taken to the main dashboard As a manager, I can create an organization (EASY) Acceptance: I can visit a page, enter my organization name, and be taken to the newly created organization dashboard As a manager with an organization, I can send an email to agents prompting them to create an account (MEDIUM) Acceptance: I can visit a page, enter my agents emails, and have them receive an email with a link to join As an manager/agent, I can see incoming call information such as caller ID, city, state, and name (HARD) Acceptance: When a call comes in to my organization, I see an entry added to a list displaying the relevant call fields As an agent, I can claim a call on the platform and have it directed to my telephone (HARD) Acceptance: I can click a button on an incoming call and receive the call on my physical phone As a manager I can create an account (EASY) Acceptance: I can visit a page, enter my information into a form and be redirected to my newly created platform account As an agent, I can browse a history of completed calls and see their notes (MEDIUM) Acceptance: I can see a table or list of calls that let me drill down to see their notes and information As an agent receiving an invitation from a manager, I can create an account (EASY) Acceptance: I can click link from an invitation email and enter my information to create my platform account As an agent, I can be notified as soon as a call comes in (MEDIUM) Acceptance: I see an obvious visual notification as soon as a call comes in As an agent, I can see a shared view for adding notes and payout information when I m on a call (MEDIUM) Acceptance: After accepting a call, I m taken to a view where I can see relevant information for the call as well as a form for me to enter notes 10

As an agent, I can edit shared notes for a call in real time (HARD) Acceptance: I can enter notes into a form, which all other agents viewing the call see update in real time As an agent, I can transfer my call to another agent in the organization (HARD) Acceptance: When on a call, I can click a button that will prompt me to choose an agent and select one to transfer the actual call As an agent who receives a call transfer, I can see any notes on the call from the previous agent (MEDIUM) Acceptance: After a call is transferred to me, I can see the same shared notes view that the other agent saw 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information