Software Requirements Specification



Similar documents
Software Requirements Specification

This course provides students with the knowledge and skills to develop ASP.NET MVC 4 web applications.

Electronic Ticket and Check-in System for Indico Conferences

Software Requirements Specification For Real Estate Web Site

The Learn-Verified Full Stack Web Development Program

Criteria for web application security check. Version

Developing ASP.NET MVC 4 Web Applications MOC 20486

Mobile Maker. Software Requirements Specification

A Monitored Student Testing Application Using Cloud Computing

JVA-122. Secure Java Web Development

Developing ASP.NET MVC 4 Web Applications

Kentico CMS security facts

WEB DEVELOPMENT IMMERSIVE GA.CO/WDI

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

WEB AND APPLICATION DEVELOPMENT ENGINEER

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Michigan State University. Team Meijer. Tablet-Based Point-of-Sale System. Project Plan. Fall 2011

Improving Web Vulnerability Scanning. Daniel Zulla

How is it helping? PragmatiQa XOData : Overview with an Example. P a g e Doc Version : 1.3

Dashlane Security Whitepaper

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Traitware Authentication Service Integration Document

Developing ASP.NET MVC 4 Web Applications Course 20486A; 5 Days, Instructor-led

Programming in HTML5 with JavaScript and CSS3

Learning Web App Development

Team: May15-17 Advisor: Dr. Mitra. Lighthouse Project Plan Client: Workiva Version 2.1

Upgrade to Microsoft Web Applications

BeBanjo Infrastructure and Security Overview

General principles and architecture of Adlib and Adlib API. Petra Otten Manager Customer Support

Multi Factor Authentication API

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

NoSQL replacement for SQLite (for Beatstream) Antti-Jussi Kovalainen Seminar OHJ-1860: NoSQL databases

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

Smartphone Enterprise Application Integration

Front-End Performance Testing and Optimization

Priority: Medium Channel to Actor: Graphical User Interface (GUI) Usage Frequency: Weekly Secondary Actors: Database, Brisk Application

Avaya Inventory Management System

Building native mobile apps for Digital Factory

SaaS-Based Employee Benefits Enrollment System

Secure Web Development Teaching Modules 1. Security Testing. 1.1 Security Practices for Software Verification

Thick Client Application Security

CS 188/219. Scalable Internet Services Andrew Mutz October 8, 2015

Rails Cookbook. Rob Orsini. O'REILLY 8 Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo

Architecture Workshop

Building Internet of Things Apps with Cloudant DBaaS. Andy Ellicott, Cloudant John David Chibuk, Kiwi Wearables

Offerte del 13 giugno 2014

AWS Account Management Guidance

Put a Firewall in Your JVM Securing Java Applications!

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Check list for web developers

A Model of the Operation of The Model-View- Controller Pattern in a Rails-Based Web Server

The Security Behind Sticky Password

Troubleshooting BlackBerry Enterprise Service 10 version Instructor Manual

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

/ 1. Online Banking User Guide SouthStateBank.com / (800)

December P Xerox App Studio 3.0 Information Assurance Disclosure

JavaScript Programming

Framework as a master tool in modern web development

Mobile Testing in a Fast Paced World

What about MongoDB? can req.body.input 0; var date = new Date(); do {curdate = new Date();} while(curdate-date<10000)

Web Testing. Main Concepts of Web Testing. Software Quality Assurance Telerik Software Academy

Application Design and Development

Security Testing with Selenium

Modern Web Development From Angle Brackets to Web Sockets

Smartphone Application Development using HTML5-based Cross- Platform Framework

CrashPlan Security SECURITY CONTEXT TECHNOLOGY

Some Issues on Ajax Invocation

Enterpise Mobility Lexicon & Terminology

Big Data Visualization with JReport

Repeater. BrowserStack Local. browserstack.com 1. BrowserStack Local makes a REST call using the user s access key to browserstack.

ORACLE MOBILE APPLICATION FRAMEWORK DATA SHEET

MarkLogic Server. Reference Application Architecture Guide. MarkLogic 8 February, Copyright 2015 MarkLogic Corporation. All rights reserved.

How To Manage Security On A Networked Computer System

Mobile development with Apache OFBiz. Ean Schuessler, Brainfood

Stock Trader System. Architecture Description

/ 1. Online Banking User Guide SouthStateBank.com / (800)

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Sisense. Product Highlights.

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Design and Functional Specification

THE OPEN UNIVERSITY OF TANZANIA

DreamFactory & Modus Create Case Study

Security vulnerabilities in new web applications. Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant

Budget Event Management Design Document

The full setup includes the server itself, the server control panel, Firebird Database Server, and three sample applications with source code.

API Architecture. for the Data Interoperability at OSU initiative

MEAN/Full Stack Web Development - Training Course Package

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

Enterprise Application Security Workshop Series

Dasharatham Bitla (Dash)

Advantage of Jquery: T his file is downloaded from

Web Design Technology

STeP-IN SUMMIT June 2014 at Bangalore, Hyderabad, Pune - INDIA. Mobile Performance Testing

Transcription:

Software Requirements Specification Version 1.1 March 7, 2013 Prepared by Group Name: The Constructors Alex Hamstra 4506291 alexhamstra@gmail.com Jared Roesch 4826574 roeschinc@gmail.com Kyle Jorgensen 4165916 kylewjorgensen@gmail.com Ben McCurdy 4336822 bpmccurdy@gmail.com Brittany Berin 4298345 brittany.berin@gmail.com Instructor: Course: Lab Section: Teaching Assistant: Chandra Krintz CS 189A Friday, 12 PM Stratos Dimopoulos Date: February 12th, 2013 Mentor: Colin Kelley 1

Table of Contents 1 Overall Description 1.1 Product Perspective 1.2 Product Functionality 1.3 Users and Characteristics 1.4 Operating Environment 1.5 Design and Implementation Constraints 2 Specific Requirements 2.1 External Interface Requirements 2.1.1 User Interfaces 2.1.2 Hardware Interfaces 2.1.3 Software Interfaces 2.1.4 Communications Interfaces 3 User Stories 2

Revision History Version Primary Author(s) Description of Version Date Completed 1.0 The Constructors Initial version of our SRS, with more of a focus on our goals for our first prototype. 1.1 The Constructors Updates based on feedback from Chandra. Some updated diagrams, more description about the scope of the project. 2/12/13 3/7/13 1 Overall Description 1.1 Product Perspective Today s online ticketing systems are inefficient and often create technical difficulties that make it nearly impossible for customers to buy the tickets they need. Seating arrangements can be unclear, their websites strain under high traffic, and tickets in the cart can be lost between page loads. QwikStubs addresses these weaknesses, and serves as an open-source alternative to other universally accepted ticketing systems. What sets our product apart from its competitors is its sleek, hassle-free interface that delivers information to its customers in real-time. In Figure 1, You can see the basic interaction between users and our system from a customers perspective. 3

Figure 1. User Perspectives 4

1.2 Product Functionality QwikStubs provides the following services for its two types of targeted users: Both a fan and a promoter can: Log into QwikStubs using their Facebook or Google account using OAuth, or if they prefer simply by personal email address. Enter the billing information to be used for future purchases from the QwikStubs website. Edit their account information as changes arise. Browse for a show using the artist name, venue, or date A promoter can: Enter an upcoming event (Venue, Name, Artist Involved, etc) Set the ticket prices Set the ticket sales start date and time Set the seating chart for the event Publish the show for fans to see Create a new venue A fan can: See the seating plan for the show with the varying ticket price levels See a live countdown to the start of ticket sales Once a ticket sale begins, a fan can: Choose which seats to place on reserve Keep reserved seats in their cart for a maximum of five minutes (after which the seats will become available for another fan to purchase) Receive an electronic version of the tickets that were successfully purchased View which seats are taken and open in real-time as they are purchased by other fans. Once a ticket sale begins, a promoter can: View which seats are taken and open in real-time as they are purchased by fans utilizing QwikStubs. See visualizations of the ticket transaction data. After the sales period is completed and the event has begun, a fan can: Use a QR code or some other form of bar code on a mobile device to scan in a ticket at the Venue entrance. 5

Figure 2. QwikStubs Class Diagram 1.3 Users and Characteristics QwikStubs is targeted at three basic types of users -- the casual fan, the die-hard fan, and the venue promoter. Casual Fan - a user who occasionally likes to buy tickets to events or browse events at their leisure. These types of users should be easy to satisfy, and the service should be easy for them to use. Die-Hard Fan - a user who will purchase tickets as soon as they go on sale. They will constantly monitor the site to view ticket sale statuses and will most likely be the user who begins purchases as soon as an event s countdown hits zero. The real-time aspects of the QwikStubs interface will be necessary to satisfy these users. Venue Promoter - a user who represents a specific venue and/or vendor who wants to sell tickets. This user utilizes QwikStubs to more efficiently sell tickets to their events. Ease of use will be an important factor to satisfy these users. 1.4 Operating Environment We want to leave some room in adapting our environment as we go so that we have an optimal production environment. Right now our operating environment will be: Amazon AWS EC2 6

Running Ubuntu 12.10/OS X 10.8.2 Ruby 1.9+ Rails 3.2+ Ngnix 1.2+ MongoDB 2.2+ Refer to the blue text in Figure 5 below. 1.5 Design and Implementation Constraints Running a deployment of our app should be relatively straightforward, we can horizontally scale our hardware as needed thanks to AWS, and therefore, hardware is not really a concern. Our inter-process interfaces will all be over HTTP, and use JSON to communicate. We will use Rails, EventMachine on top of MongoDB to implement the backend, and will use Javascript in the frontend to render and manipulate the UI. We have a daemon running in parallel to our web interface, which allows us to express asynchronous parallel operations, that can occur while a request is being made. Since we have already formalized our use of Rails, almost all code will be written in Ruby, allowing us to express concise code. All of the components will talk exclusively over HTTP, using JSON as our serialization and data exchange format. We will rely on Rails built in security features to guard against web vulnerabilities such XSS(Cross Site Scripting). Thankfully because of MongoDB we are immune to certain classes of web exploits like SQL injection. For the security features we do have control over, such as password storage, we use password hashing with randomized salts, one of the most secure ways to store passwords. We use BCrypt as our salting and hashing library. It is an expensive hash function, making dictionary attacks much more difficult, as computing the hash takes much more time than something like SHA1. Our design is focused around strongly modeling our interfaces, and keeping the concerns separated, so that we have a very modular architecture, that allows modifying the design as our experiences dictate. Our coding standards are going to follow typical Ruby and Rails conventions, and enforce a style guide to keep the code base consistent and easy to read. As an open source project, we hope to host a demo version, but leave the software open and free to host, so that anyone can use it to run ticket sales. 7

2 Specific Requirements 2.1 External Interface Requirements 2.1.1 User Interfaces The following user interfaces will be present in the QwikStubs system: All of the resources in our program, such as users, promoters, venues, and events will have typical Create Read Update Delete (CRUD) interfaces. The following are all of the pages with which a user might interact: User Login The User Login page will allow QwikStubs users to login to the system using their unique email and password combinations, their facebook account, or google account. This is shown in Figure 3. Figure 3. QwikStubs Tentative Login Page User Registration The User Registration Page allows users to create an account with QwikStubs by either logging in with their facebook or google accounts, or providing the site with a name, email address, password, and password confirmation. This is shown in Figure 4. 8

Figure 4. QwikStubs Tentative Registration Page User Account Information The User Account Information Page will be where users can view and edit their personal account information and will also be the area of the application where the user can enter in their billing information for future ticket purchases. Event Browsing or Searching This page will be where users can see upcoming events in an organized layout. Event Creation The Event Creation Page will be utilized by verified promoter users and will be where they enter in the details of an event. Venue Creation Venue creation will be done by promoters. Figure 5. Creating a new Venue Ticket Selection/Ticket Purchase/Venue Seat Monitoring (Updated in real-time) This page will present all the information regarding the seats for an event. From the fan s perspective, this will be a view of the specific sections and seats within a venue, and colors will distinguish which seats are are available. Once the purchasing period is over, 9

the event manager will be able to see which seats fill up when fans arrive and enter the venue. 2.1.2 Hardware Interfaces We have almost no hardware interfaces, since it will all be handled in a standard web browser. The only hardware interface will be for the scanning of QR codes to accept tickets at a venue. All that is necessary is a device that has a camera to scan the QR code on the screen of another mobile device. Any smartphone or tablet will most likely satisfy this requirement. 2.1.3 Software Interfaces Figure 6. QwikStubs Implementation Diagram Web browser UI(HTML, CSS, JavaScript, CoffeeScript) Rails (Model, View, Controller) EventMachine(an interface from events -> actions) HTTP routes JSON data transfer AJAX (passing requests over AJAX) MongoDB (through queries) rqrcode - a Ruby library for generating QR codes 10

Our software interfaces are all loosely coupled and the components mostly use our communication interface to interact. Our Rails web service provides its interface as HTTP routes. Our EventMachine daemon waits for events and triggers the appropriate handler. MongoDB provides an interface in terms of queries. The browsers communicate over HTTP, and retrieve all content with it, and makes back channel requests over websockets and AJAX. 2.1.4 Communications Interfaces Our communication interfaces are incredibly simple, since we are taking the approach used by most modern companies on the web. We will use HTTP, and HTTPS for serving all content to users in the browser. We will use HTTPS for interactions with sensitive information, like purchasing, and logging in. All of our services will either talk programmatically or by sending JSON messages over HTTP. There is little to no overhead in using HTTP instead of a raw TCP socket, as well as HTTP enabling the easy definition of interfaces. Our communication will be relatively limited, it will occur between the Rails app, and EventMachine. Both the application and daemon will also talk back and forth with the browser using JSON over websockets. 3 User Stories Stories for the initial prototype Implementation Difficulty [ Easy ] - can be done in 1 day - can be done in 1 or 2 days - can be done in 3 to 5 days [ Hardx2 ] - can be done in a week or more crossed out = stories completed by version 1.1 As a user I can login and logout. As a promoter I can browse my event listings. As a fan I can reserve selected seats. As a user I can register. As a fan I can select seats. As a promoter I can create and edit events. 11

As a user I can add and remove users to/from promoters I manage. As a fan I can buy reserved seats. As a fan I can print tickets [ Hardx2 ] As a promoter I can create and edit seating for venues. As a promoter I can create and edit venues. As a user I can change or add email addresses. [ Easy ] A user can be a fan. [ Hardx2 ] (new) A fan can use a QR code, which will be scanned at As a fan I can browse events. As a fan I can search for events As a fan I can add billing information [ Hardx2 ] As a fan I can see event seating availability in real time. [ Easy ] As a promoter I can attach a venue to an event. As a user I can create and edit promoters. Create seed data for a testing environment (partially complete) [ Hardx2 ] (new) A Promoter can see visualizations of ticket 12

a Venue, to be accepted as a ticket sales data 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information