Requirement Specification
| Document | Requirement Specification |
| Specification name | |
| Author: | Team Issues |
| Version: | 1.1 |
| Date: | 20.02.2023 |
Introduction
This is a project within Future Factory implementation, where six students from Jamk are joining together and developing a working tool, Skill Collector for our customer, Lippa-program.
Short description of service/solution
The tool is meant to be used as a collector of skills for various companies. The information we gather with this tool will be used by teachers at Jamk when designing and updating courses.
Business requirements / goals?
| ReqID | Description |
|---|---|
| BUSINESS-REQ-0001 | The site needs to be on par with JAMK's standards(colors etc.) |
| BUSINESS-REQ-0002 | Skill Collector has to be easy to use |
| BUSINESS-REQ-0003 | The length of the survey shouldn't be too long |
Stakeholder map
Stakeholders and profiles
| Stakeholde/profile | Info / Link to description | Motivation? |
|---|---|---|
| Lippa-program | Customer | info here |
| Marko "NarsuMan" Rintamäki | Admin user | info here |
| User | User | info here |
Customer story's as background information
Customer need
| ReqID | Description |
|---|---|
| CUSTOMER-REQ-0001 | As a end user I would like to see "progress bar" over my my selections |
| CUSTOMER-REQ-0002 | As a end user, I want to be able to have search functionality to find skills |
| CUSTOMER-REQ-0003 | As a end user, I must be able to cancel my choices when filling in the survey |
| CUSTOMER-REQ-0004 | As a end user, I want to see how many selections I have to make in the survey |
| CUSTOMER-REQ-0005 | As a end user, I would like to use search tool to find specific skill description or more info about skill |
| CUSTOMER-REQ-0006 | As a end user, I would like to propose a new skills/definitions by using the Feedback-dialog |
| CUSTOMER-REQ-0007 | As a end user I can select five (5) the most important skills |
| CUSTOMER-REQ-0008 | As a end user I can select five (5) important skills |
| CUSTOMER-REQ-0009 | As a end user I can select five (5) valuable skills |
| CUSTOMER-REQ-0010 | As a end user I can select five (5) future skills |
| CUSTOMER-REQ-0011 | As a end user I can select one (1) the most important soft skill |
| CUSTOMER-REQ-0012 | As a end user I can select one (1) the important soft skill |
| CUSTOMER-REQ-0013 | As a end user I can select one (1) the valuable important soft skill |
Customer Journey paths in Service/solution
Customer journey path as PlantUML Statemachine -diagram
Preliminary User Storys
| User Story ID | Description / link to issue |
|---|---|
| US101 | As a service producer, I want to publish the service using Docker technology, because it makes production easier, #43 |
| US102 | As a service developer, I want to receive the end user's feedback in the form of an Issue, because it is clearer to process further, #44 |
| US103 | As a service producer, I want to help the end user through a separate support portal without burdening the development team with extra questions, #45 |
| US105 | The service can be set up by running the docker-compose up command, #47 |
| US106 | As a developer, I want to start a development environment quickly using containers, #48 |
| US107 | As a tester, I like to use Docker containers because it makes it easier to set up a test environment, #49 |
| US108 | As a service producer, I want to receive feedback from end users, based on which the product can be developed better, #50 |
| US109 | As a user of the service, I hope that the service is reliable and that it uses a secure HTTPS connection, because I don't dare to use HTTP services nowadays, #51 |
| US110 | As the administrator of the service, I want the logs to be in a machine-readable format so that various searches and parsing can be done on them, #52 |
| US111 | As the producer of the service, I want a report on what kind of known vulnerabilities exist in the current implementation-related libraries or modules, because I need to prepare for the future, #53 |
| US112 | The service provider must find a data protection description information page on our service, because GDPR requires it, #54 |
| US113 | As a system administrator, I want the production database to be able to take a backup from the command line if necessary, #55 |
| US114 | As a service producer, I want to use labranet's gitlab registry to share containers, #56 |
| US115 | As a service producer, I want to monitor the usage rate of the service using the Google Analytics service, as it has been used before, #57 |
| US116 | As the producer of the service, I want to publish a "release note" description of the service, where you can find the changes and existing faults, #58 |
| US119 | As a service producer, I want to know what browsers our customers use, because it clarifies the development of features to serve the end customer better, #61 |
| US120 | As a data protection officer, I want to know how I can find the actions taken by a selected person in the log, #62 |
| US121 | As a tester, I can use a pre-defined backup file as a basis for tests if necessary, #63 |
| US122 | As the administrator of the service, I want the various logs to be collected at the internet border of the service, #64 |
| US123 | As a service producer, I want to visualize the active usage time and user numbers of the current customer base during the week, because it clarifies the understanding of the service's popularity, #65 |
| US124 | As a service administrator, I want the service to be served behind a reverse proxy, so the real servers are hidden in the internal network, #66 |
| US125 | As a service producer, I would like to save a week's worth of usage logs on a separate server, because those who break into the service are not allowed to destroy the logs, #67 |
| US126 | As a system administrator, I require that the database backup is verified on another machine or separate from the production server in date-tar.gz format, #68 |
| US127 | As a service provider, I would like to collect a usage log related to the use of the service, based on which possible abuses can be determined, #69 |
| US128 | As the administrator of the service, I hope that the format of the user log is visually interpretable, but it contains the attributes presented above, #70 |
| US129 | As a service provider, we must be able to save active events in the service for at least the last week so that they can be viewed quickly (max 5 min), #71 |
| US130 | User ID, time, performed function, possible status are saved in the usage log, #72 |
| US131 | As a service administrator, I want to be able to search and visualize the collected usage log, #73 |
| US132 | As a data protection officer, I would like to check, if necessary, the actions taken by an individual in the user log at a certain point in time (default 1h), #74 |
| US133 | As a software developer, I want to know what information about the customer is stored so that we can make a GDPR description, #75 |
| US134 | For the customer, I hope to have a training video available, which I can use to inform users about the features of the application, #76 |
| US135 | As a customer, we require the use of HTTPS connections in the service, #77 |
| US136 | As a customer, I would like to receive a summary of the product handover in the form of a Release Note, which explains the final failure situation and the level of information security, #78 |
| US137 | In charge of security, I hope to get a report on the security level of the software implementation, aka "npm audit", #79 |
| US142 | As a service provider, I would like to collect a usage log related to the use of the service, on the basis of which possible abuses can be determined, #85 |
| US143 | As the administrator of the service, I hope that the format of the user log is visually interpretable, but it contains the previously defined attributes, #86 |
| US146 | As a service administrator, I want to be able to search and visualize the collected usage log, #89 |
| US301 | As a end user I would like to see "progress bar" over my my selections, #120 |
| US302 | As a end user, I want to be able to have search functionality to find skills, #121 |
| US303 | As a end user, I must be able to cancel my choices when filling in the survey, #122 |
| US304 | As a product owner, I want service to have limited amount of "tokens" that end user has available filling, #123 |
| US305 | As a end user, I want to see how many selections I have to make in the survey, #124 |
| US306 | As a end user, I want to receive the CSV file via email which shows the data I filled in to the survey, #125 |
| US307 | As a adminuser, I would like to set end user specific hash value using cli tool or UI, #126 |
| US308 | As a product owner, I want the ability to choose max 20 skills (5+5+5+5) from SFIA-Skills, #127 |
| US309 | As a adminuser, I would like to able "CRUD" end user specific hash value using command line tool or Admin UI, #128 |
| US310 | As a adminuser, I would like use Admin UI for configuration of service, #129 |
| US311 | As a adminuser, I would like use Command Line tool/script for configuration of service, #130 |
| US312 | As a end user, I would like to use search tool to find specific skill description or more info about skill, #131 |
| US313 | As a end user, I would like to propose a new skills/definitions by using the Feedback-dialog, #132 |
| US314 | As a adminuser, I would like to be able export latest results from skill collector database in CSV Format, #133 |
| US315 | As a adminuser, I would like to be able check latest results in database using Admin UI/CLI, #134 |
| US316 | As a end user I can select five (5) the most important skills, #135 |
| US317 | As a end user I can select five (5) important skills, #136 |
| US318 | As a end user I can select five (5) valuable skills, #137 |
| US319 | As a end user I can select five (5) future skills, #138 |
| US320 | As a end user I can select one (1) the most important soft skill, #139 |
| US321 | As a end user I can select one (1) the important soft skill, #140 |
| US322 | As a end user I can select one (1) the valuable important soft skill, #141 |
Selected Use Cases of service/solution
| Use Case | Domain |
|---|---|
| Use Case 1 - User logins with hashcode | Login using hashcode |
| Use Case 2 - User reads GDPR statement and continues | Continue |
| Use Case 3 - User selects skills | Selects skills |
| Use Case 4 - User selects softskills | Selects softskills |
| Use Case 5 - User submits chosen skills | Submit skills |
| Use Case 6 - User gives feedback | Give feedback |
Preliminary MockUp-prototype layouts for solution/service
System requirements
| RequirementsID | Description |
|---|---|
| SYSTEM-HW-REQ-0000 | Operating System: Ubuntu Server version 18.04 or higher is required to run the web application. |
| SYSTEM-HW-REQ-0001 | CPU: The server should have at least 2 vCPUs (virtual CPUs) to ensure adequate processing power for the application. |
| SYSTEM-HW-REQ-0002 | Memory: The server should have at least 4GB of RAM to ensure adequate memory for the application. |
| SYSTEM-HW-REQ-0003 | Storage: The server should have at least 20GB of storage for the application and associated data. |
| SYSTEM-HW-REQ-0005 | Web Server: The web application requires a web server such as Apache or Nginx to serve the web pages. |
| SYSTEM-HW-REQ-0006 | Database: The web application requires a database server such as MySQL or PostgreSQL to store and manage application data. |
| SYSTEM-HW-REQ-0007 | Application Server: The web application requires an application server such as Node.js or Ruby on Rails to run the application code. |
| SYSTEM-HW-REQ-0008 | Network: The server should have a reliable and high-speed internet connection to ensure quick response times and minimal downtime. |
| SYSTEM-HW-REQ-0009 | Security: The server should have security measures in place such as firewalls and intrusion detection systems to protect against unauthorized access. |
| SYSTEM-HW-REQ-0010 | Backups: Regular backups of the application and associated data should be performed to ensure that data can be restored in case of data loss or corruption. |
Constraints and standards that affect on service design
| ReqId | Description |
|---|---|
| CONSTRAINT-REQ-S00000 | Accessibility standards: Web applications need to comply with accessibility standards such as WCAG 2.1 to ensure that all users, including those with disabilities, can access the application and use it effectively. |
| CONSTRAINT-REQ-S00002 | Performance constraints: Web applications need to perform well under high traffic loads, with minimal latency, and quick response times. This can be achieved by optimizing server configurations, database schemas, and front-end performance. |
| CONSTRAINT-REQ-S00003 | Security constraints: Web applications need to be designed with security in mind, using encryption, authentication, and authorization mechanisms to ensure that user data is secure. |
| CONSTRAINT-REQ-S00004 | Compliance standards: Web applications need to comply with legal and regulatory standards such as GDPR, HIPAA, or PCI DSS, depending on the type of data that is being processed. |
| CONSTRAINT-REQ-S00005 | Infrastructure constraints: Web applications need to be designed to work within the constraints of the underlying infrastructure, including cloud service providers or on-premises hardware. |
| CONSTRAINT-REQ-S00006 | Compatibility constraints: Web applications need to be compatible with a wide range of devices, web browsers, and operating systems to ensure that users can access the application from any device they choose. |
| CONSTRAINT-REQ-S00007 | User experience constraints: Web applications need to be designed with a focus on user experience, ensuring that users can navigate the application easily, find what they need quickly, and complete their tasks with minimal friction. |
| CONSTRAINT-REQ-S00008 | Development constraints: Web applications need to be designed with development constraints in mind, such as the available programming languages, frameworks, and libraries that are used to build the application. |
Service primary features and functionalities
Priorization of essential features
- P1 = Mandatory
- P3 = Required
- P5 = Nice to have
Functional requirements of the service
| ReqID | Description | Affected feature |
|---|---|---|
| FUNC-REQ-C0001 | User can search different skills | Feature 28 - Skill Search |
| FUNC-REQ-C0002 | User is informed about all information that is collected | Feature 4 - GDPR-info |
| FUNC-REQ-C0003 | User recieves information about previous selections | Feature 21 - Skill Selection View |
| FUNC-REQ-C0004 | User can choose soft skills by importance | Feature 29 - Softskill Selection View |
| FUNC-REQ-C0005 | User can give feedback | Feature 3 - Customer Feedback |
| FUNC-REQ-C0006 | Customer can view and analyze the collected data | Feature 2 - Service Analytics |
| FUNC-REQ-C0007 | Backup process runs on a regular basis | Feature 1 - Backup System |
| FUNC-REQ-C0008 | Saved data from the database can be exported in .csv format | Feature 22 - Skill Data Importer |
| FUNC-REQ-C0009 | Automated tests that verify any modification or update in a software without affecting the overall working functionality of the service | Feature 7 - Service Regression Test Automatized |
| FUNC-REQ-C0010 | User can view the information of certain skill | Feature 20 - Skill Info View |
| FUNC-REQ-C0011 | The domain name should clearly identify the website or network resource it represents, making it easy for users to find and access the site. | Feature 11 - Service Domain Name |
Software / service non-functional requirements
Performance Requirements
| ReqID | Description |
|---|---|
| PERF-REQ-0000 | Scalability: The application should be able to handle a growing number of users and data as the application gains popularity and users add more skills. |
| PERF-REQ-0001 | Page load time: The web application should load quickly, ideally in under 3 seconds, to ensure a good user experience and minimize bounce rates. |
| PERF-REQ-0002 | Accuracy: The application should accurately collect and record the skills entered by users, without introducing errors or duplicates. |
| PERF-REQ-0003 | Availability: The application should be available to users at all times, with minimal downtime or maintenance. |
| PERF-REQ-0004 | Performance optimization: The application should be optimized for fast load times, efficient data storage and retrieval, and minimal resource usage. |
| PERF-REQ-0005 | Concurrent user handling: The web application should be able to handle a large number of concurrent users, without affecting the website's speed and responsiveness. |
| PERF-REQ-0006 | Server response time: The web application should have a fast server response time to ensure that users can interact with the application without delay. |
| PERF-REQ-0007 | Database performance: The database should be optimized for quick and efficient data retrieval, even as the amount of data stored in it grows. |
| PERF-REQ-0008 | Scalability: The web application should be able to scale up as user traffic grows, without affecting performance or availability. |
| PERF-REQ-0009 | Browser compatibility: The web application should be compatible with all major web browsers to ensure that users can access the application from any device. |
| PERF-REQ-0010 | Usability: The web application should have a user-friendly interface that is easy to navigate, reducing the likelihood of user errors and increasing user satisfaction. |
Security Requirements
| ReqID | Description |
|---|---|
| SEC-REQ-0001 | The password must use at least MD5-level encryption, as required by the XY112 standard |
| SEC-REQ-0002 | User authentication must be enforced for all system access |
| SEC-REQ-0003 | Access control policies must be enforced to ensure that users only have access to data and resources necessary for their roles |
| SEC-REQ-0004 | User sessions must be properly managed to prevent session hijacking |
| SEC-REQ-0005 | Input validation must be implemented to prevent injection attacks, such as SQL injection and cross-site scripting |
| SEC-REQ-0006 | Error messages should be designed to avoid exposing sensitive information |
| SEC-REQ-0007 | Audit logging must be implemented to monitor system activity and detect any unauthorized access or activities |
| SEC-REQ-0008 | Sensitive data, such as passwords and personal information, must be encrypted both in storage and during transmission |
| SEC-REQ-0009 | The system must be designed to prevent the disclosure of confidential data to unauthorized users |
| SEC-REQ-0010 | Data backups must be regularly performed to prevent data loss in case of a disaster |
| SEC-REQ-0011 | The system must be regularly patched and updated to address security vulnerabilities |
| SEC-REQ-0012 | The system must be monitored for suspicious activities and security incidents |
| SEC-REQ-0013 | The system must be tested for security vulnerabilities, including penetration testing |
| SEC-REQ-0014 | The system must have a plan in place for incident response and disaster recovery |
| SEC-REQ-0015 | The system must comply with applicable laws and regulations, such as GDPR |
| SEC-REQ-0016 | Third-party libraries and frameworks must be regularly updated to address security vulnerabilities |
| SEC-REQ-0017 | The service must not store any sensitive data in clear text |
| SEC-REQ-0018 | The service must implement secure coding practices, such as input validation and output encoding, to prevent injection attacks and other vulnerabilities |
| SEC-REQ-0019 | The service must implement secure communications protocols, such as HTTPS |
| SEC-REQ-0020 | The service must have a secure logging process that logs all events and errors |
| SEC-REQ-0021 | The service must have a process for monitoring and identifying unauthorized access or use |
| SEC-REQ-0022 | The service must have a secure coding and testing environment, such as a separate test environment or sandbox |
Availability Requirements
| ReqID | Description |
|---|---|
| USAB-REQ-0000 | High-contrast mode: The web application should provide a high-contrast mode to ensure that users with visual |
| USAB-REQ-0001 | Text resizing: The web application should allow users to resize the text without breaking the layout or functionality of the application. |
| USAB-REQ-0002 | Ensure that all images have alternative text for screen readers. |
| USAB-REQ-0003 | Page load time: The web application should be optimized to load quickly, with a goal of under 3 seconds for the initial page load. This is important to ensure that users do not become frustrated and abandon the site. |
| USAB-REQ-0004 | Error handling: The web application should handle errors gracefully, with clear and informative error messages displayed to the user. This can help prevent users from becoming confused or frustrated when encountering errors. |
| USAB-REQ-0005 | Compatibility: The web application should be compatible with all major browsers and operating systems, to ensure that users can access the site regardless of their preferred technology. |
| USAB-REQ-0006 | Accessibility compliance: The web application should meet accessibility standards such as WCAG 2.0 or 2.1, to ensure that users with disabilities can access the site. This includes providing alternative text for non-text content, using descriptive links, and providing keyboard accessibility. |
Quality Assurance
- Link to Master Test Plan
Preliminary Acceptance Tests
| AcceptanceTestId | Description | Feature |
|---|---|---|
| ACCTEST001 - Acceptance Test 1 | Verify that the customer feedback works | Feature 3 - Customer Feedback |
| ACCTEST002 - Acceptance Test 2 | Verify GDPR-info is correct and shows after login | Feature 4 - GDPR-info |
| ACCTEST003 - Acceptance Test 3 | Verify skill info view works | Feature 20 - Skill Info View |
| ACCTEST004 - Acceptance Test 4 | Verify skill selection view works | Feature 21 - Skill Selection View |
| ACCTEST005 - Acceptance Test 5 | Verify skill search works | Feature 28 - Skill Search |
Software architecture, placement view, database description, and integrations
High-level design
We will use the PERN tech stack (Postgres, Express, React and Node.js). Here is a high-level architecture diagram of the project:
Breakdown of the data flow:
-
The user's browser sends an HTTP request to the React frontend.
-
The React frontend sends an HTTP request to the Express server, requesting the SFIA skill data.
-
The Express server receives the request and sends an API request to the Node.js backend.
-
The Node.js backend receives the API request, and queries the PostgreSQL database to retrieve the SFIA skill data.
-
The PostgreSQL database sends the skill data back to the Node.js backend.
-
The Node.js backend sends the skill data to the Express server in response to the API request.
-
The Express server sends the skill data to the React frontend.
-
The React frontend receives the skill data, and uses it to render the relevant parts of the user interface.
Database design
The Postgres database will consist of three tables: users (which stores the user hashes), skills (which contains both SFIA and soft skills, along with their descriptions and whether they are a SFIA skill or a soft skill) and user_skills (which is an intersection table, storing the relationships between users and the skills they have selected. Each row in this table represents a single selection made by a user).
Here is a preliminary ER diagram of the database:
Backend design
-
API layer: The API layer will define endpoints for adding and removing skills to specific categories, such as "important" and "nice to have". For example, endpoints like /api/skills/important and /api/skills/nice-to-have.
-
Routing: The routing layer will handle the new endpoints for adding and removing skills to specific categories. It will also handle any additional query parameters or request payloads required for these operations.
-
Controller layer: The controller layer will contain the business logic for adding and removing skills to specific categories. It will verify that the requested skill exists and that the category is valid. It will also update the appropriate category in the user's record.
-
Data access layer: The data access layer will provide methods for querying and updating the user's record in the database. It will handle any concurrency issues that may arise from multiple users updating the same record.
-
Database: The database will store the user's record, including their selected skills and their associated categories. Additional tables or columns may be added to the SFIA skills database to support this functionality (database may be created seperately)
-
Security: The back-end will implement security measures to prevent unauthorized access to the user's record. It will also ensure that the user is only able to add or remove skills to their own record.
-
Middleware: The back-end may use middleware to handle the new endpoints and any additional query parameters or request payloads. It may also use middleware to handle authentication and authorization for the new endpoints.
Standards and sources
As part of the requirements definition, it is essential to identify important sources that are useful or relevant to the whole. Standards and pre-distributed guidelines are useful sources and as needed clarify the meaning of the requirements.
| ID | Linkki | |
|---|---|---|
| JHS 165 ICT | http://www.jhs-suositukset.fi/c/document_library/get_file?uuid=b8118ad7-8ee4-459a-a12b-f56655e4ab9d&groupId=14 | Vaatimusmäärittely |
| SO 9241-11 | https://fi.wikipedia.org/wiki/K%C3%A4ytett%C3%A4vyys | Käytettävyys |
| ISO9001 | https://www.sfs.fi/julkaisut_ja_palvelut/tuotteet_valokeilassa/iso_9000_laadunhallinta/iso_9001_2015 | - |
| - | - | - |