Requirement Specification
|
|
Document |
Requirement Specification |
Specification name |
Specification for Tukko |
Author: |
Ilari Jussinmäki, Eetu Ihanus, Minna Tapojärvi, Anni Mäki-Ventelä, Annemari Paulov-Halttunen |
Version: |
1.0 |
Date: |
19.2.2024 |
Introduction
We have been given an assignment from Combitech Finland to further develope a product called Tukko Traffic Visualizer which was created during Wimma Lab 2023 by Team IoTitude. A set of requested features have been selected by our team and we are trying to deliver these solutions for our customer to the best of our abilities.
Client
Our requirement specifications are free to read for any interested party that is involved with the project. However the subscriber for this documentation is Combitech.
About the author and project team
The author (Ilari) has been named with the role "general" so his goal is to fulfill any kind of tasks that emerge during the project and to balance the workload overall. In the team we also have Leader Eetu, Annemari in Security, Anni in Operations, and Minna in Testing. There is no specific member holding the role of developer, but our plan is to solve the assigment between the other existing roles.
Short description of service/solution
The service currently offers public traffic data that is visualized on a map. There are several tools included in this service that the user can freely make use of. Our team is assigned to continue the development of this product and our goal is to introduce even more features, such as user accounts with secure authentication, improved dark mode and color contrast, exporting data to CSV format and an option for Swedish language. In addition to these we also have some more plans related to security and testing.
The user of the service can be really anyone who is curious about traffic data and wants to optimize their travelling plans, but it can also be handy for professional users that benefit from the data in their work.
Business requirements
ReqID |
Description |
BUSINESS-REQ-0001 |
Team Good Name should manage to deliver the decided features within the project schedule |
BUSINESS-REQ-0002 |
The features should be sufficiently documented and confirmed to work |
Stakeholder map
Stakeholders and profiles
Stakeholder/profile |
Info / Link to description |
Motivation? |
Good Name |
Stake holder group-1 |
Is developing the Tukko Traffic Visualizer |
Combitech Oy |
Stake holder group-2 |
Is the customer and subscriber of the product |
Reima |
Product Owner |
Handles communication between the customer and the project team |
Scrum Masters |
Scrum Masters (Combitech Oy) |
Are representing the customer and communicating with the product owner |
Narsu |
Scrum Master / Team Coach |
Provides help and information for the teams |
Peer Coaches |
Peer Student Coaches / Tribe leaders |
Provide assistance and lead the tribes |
Mentors |
Mentors |
Give in-depth help with various areas |
End User |
End user of the product |
Uses the final product for their benefit |
Customer story's as background information
Customer story
User is thinking of going on a trip. They are wondering if the road is busy and when is a good time to leave, so that they arrive in time. By using Tukko they can figure out when to leave
Customer need
ReqID |
Description |
CUSTOMER-REQ-0001 |
As a user of Tukko I would like to use Tukko to decide to see if there is high traffic on the road |
CUSTOMER-REQ-0002 |
As a user of Tukko I would like to sign in to my own profile |
Customer Journey paths in Service/solution
Customer journey path as PlantUML Statemachine -diagram
Preliminary User Stories
User Story ID |
Description / link to issue |
US002 |
As a user, I want to be able to create an account and securely authenticate myself to the web app, #81 |
US003 |
As a data analyst, I want to export data to csv from the database, #85 |
US004 |
As a customer, I want secure authentication mechanisms, such as password hashing and session management, to protect user accounts, #82 |
US018 |
As a developer, I want to enforce secure coding practices, such as input validation and output encoding, to prevent common security vulnerabilities like cross-site scripting (XSS) attacks, #87 |
US038 |
As a developer, I want to have automated tests for both frontend and backend code to ensure the reliability and correctness of the web app, #89 |
US039 |
As a developer, I want to set up continuous integration (CI) and continuous deployment (CD) pipelines to automate the testing and deployment processes, #90 |
US040 |
As a tester, I want to implement Robot Framework and browser libraries, #91 |
US045 |
As a user, I want the dark mode colors to not pop out as much, #83 |
US046 |
As a user with color blindness, I want the web app to have sufficient color contrast between text and background elements, so that I can easily read and understand the content, #84 |
US056 |
As a security specialist, I want to harden all the containers, #88 |
US058 |
As a Swedish person, I want to use the user interface in my native language, Swedish, #86 |
US060 |
As a product owner, I want the testing to include exploratory testing, #92 |
US069 |
As a user, I want to be able to register a user account and login to Tukko appliction with it, #95 |
US070 |
As a developer, I want to implement a React user registration and login component, #96 |
US071 |
As a developer, I want to utilize ready-made and established components and instructions when implementing new modules, #97 |
Selected Use Cases of service/solution
Preliminary MockUp-prototype layouts for solution/service
Dark colors
Contrast
System requirements
RequirementsID |
Description |
SYSTEM-HW-REQ-0001 |
Frontend server has to have atleast 4VCPUs |
SYSTEM-HW-REQ-0002 |
Backend server has to have atleast 4VCPUs |
SYSTEM-HW-REQ-0003 |
Frontend server memory capacity has to be atleast 2Gb |
SYSTEM-HW-REQ-0004 |
Backend server memory capacity has to be atleast 2Gb Frontend |
Service primay features and functionalities
**eg. Priorization of essential features / functions **
- P1 = Mandatory
- P2 = Required
- P3 = Nice to have
Functional requirements of the service
ReqID |
Description |
Affected feature |
FUNC-REQ-C0001 |
The user must be able to register a user account and login to Tukko appliction with it |
FEA102 Securely authenticate user accounts |
FUNC-REQ-C0002 |
The user must to be able to create an account and securely authenticate himself to the web app |
FEA102 Securely authenticate user accounts |
FUNC-REQ-C0003 |
The customer must have secure authentication mechanisms, such as password hashing and session management, to protect user accounts |
FEA102 Securely authenticate user accounts |
FUNC-REQ-C0004 |
The dark mode colors must not pop out as much |
FEA106 Improve dark mode colors |
FUNC-REQ-C0005 |
The product owner must have the testing include exploratory testing |
FEA516 Manual testing |
FUNC-REQ-C0006 |
The user with color blindness must be able to use the web with sufficient color contrast between text and background elements, so that he can easily read and understand the content |
FEA110 Enhance color contrast for color blindness |
FUNC-REQ-C0007 |
A Swedish person must be able to use the user interface in his native language, Swedish |
FEA304 Localization for Swedish |
Software / service non-functional requirements
[Non-Functional Requirements] (https://en.wikipedia.org/wiki/Non-functional_requirement)
Performance, usability, security, conformance, accessability and maintainability are the most important features here and they should be carefully noted.
ReqID |
Requirement |
Description |
PERF-REQ-0000 |
Response Time |
The gateway service should respond to requests within a specified time frame under normal load conditions |
PERF-REQ-0001 |
Throughput |
The gateway service should be able to handle a certain number of requests per second without degradation of performance |
PERF-REQ-0002 |
Scalability |
The gateway service should be able to scale up to handle increased load, either by adding more resources (vertical scaling) or by distributing the load across multiple instances (horizontal scaling) |
PERF-REQ-0003 |
Availability |
The gateway service should be available for use a certain percentage of the time, often expressed as a "five nines" (99.999%) availability requirement |
PERF-REQ-0004 |
Resilience |
The gateway service should be able to recover quickly from failures and continue to function |
Security Requirements
ReqID |
Description |
SEC-REQ-001 |
All communication between devices and servers must be encrypted to prevent interception |
SEC-REQ-002 |
There must be at least MD5 level encryption in password |
SEC-REQ-003 |
Software updates must ensure the safety and that the product is up to date |
SEC-REQ-004 |
Software must be updated during the whole life cycle |
SEC-REQ-005 |
The user must know who handles his collected information, what is collected and why |
SEC-REQ-006 |
Safe transfer and storage of data must be guaranteed, the product must have appropriate data transfer, identification and encryption methods as well as key management practices |
SEC-REQ-007 |
The security of the network service and interfaces must be in order, the product's network services must be implemented in compliance with safe practices. Unnecessary services should be deactivated. There is a description of the product's online services and ecosystem interfaces |
SEC-REQ-008 |
There must be safe default settings, the default settings of the product or service must be set in such a way that they are primarily designed to protect the user |
SEC-REQ-009 |
The requirements for the information security mark are based on the ETSI EN 303 645 standard. The information security mark product takes into account the entire ecosystem of the program |
SEC-REQ-010 |
The GDPR privacy notice must be readable by the user |
SEC-REQ-011 |
Every event in the service must be recorded in the user log so that they can be reviewed later |
Accessability Requirements
ReqID |
Description |
ACC-REQ-0000 |
All functionality must be operable through a keyboard interface and the content must be repeated correctly on different terminals. |
ACC-REQ-0002 |
Provide text alternatives for any non-text content. |
ACC-REQ-0003 |
Provide alternatives for time-based media, such as captions for videos. |
ACC-REQ-0004 |
Content must be presented in ways that can be perceived by all users, including those with disabilities. |
ACC-REQ-0005 |
The service must be implemented technically flawlessly, i.e. the source code of the digital service is flawless and logical. The HTML standard and WCAG guidelines have been followed, and the service works well with different end devices and assistive technologies, such as voice control and screen readers |
ACC-REQ-0006 |
The content of the service must be easy to use, i.e. the digital service must be easy to understand, the navigation must be clear and the desired page, function or content must be found effortlessly. It should be effortless to perform the desired function in the service |
ACC-REQ-0007 |
The user interface must be understandable, i.e. the use of language must be clear and understandable and also plain language. The text should be easy to read. Link texts should also be descriptive and understandable. |
ACC-REQ-0008 |
When designing the service, the design for everyone principle (Universal Design) must be taken into account |
ACC-REQ-0009 |
Online content must be usable with various assistive technologies |
ACC-REQ-0010 |
In general, WCAG must be used as a basis for service planning |
Quality Assurance
Preliminary Tests
Deployment Diagram
Standards and sources
- General Data Protection Regulation (GDPR): This regulation protects privacy and gives individuals control over their personal data.
- ePrivacy Directive: This directive complements the GDPR and provides rules on confidentiality of communications and tracking technologies such as cookies.
- Directive on the legal protection of computer programs ('Software Directive'): This directive protects computer programs by means of copyright.
- Directive on the enforcement of intellectual property right ('IPRED'): This directive enforces intellectual property rights.
- Directive on the legal protection of databases ('Database Directive'): This directive protects databases.
- EU Cybersecurity Act: This act ensures safer hardware and software.
- Digital contract rules: These rules make it easier for consumers and businesses to buy and sell digital content, digital services, goods, and 'smart goods' in the EU.